Tuesday, April 13, 2010

Atlassian's security breach

Yesterday, there was a notice of a security breach at Atlassian resulting in the theft of some passwords. There were a number of things that combined to cause this problem and we are promised more details. I applaud Atlassian for having the guts to be open about the whole thing. I must say I thought it was a phishing attempt from the get-go.


The best thing for you to do in a case like this, whether you were affected or not, is to re-evaluate how you manage your passwords online. If you fall into any of these categories, you were likely running around changing passwords like mad:

  • You have one password for all websites
  • You have one password for all business websites and another for all social websites
  • You have one password for X class of websites, another for Y, another for Z, and so on

There is one more step you can take: LastPass

LastPass is quite literally the last password you will ever choose to remember. It uses a single passphrase + client-side encryption to store your passwords and can generate random secure passwords for all the sites you use. That means that you can potentially have a different password for every website you use without having to remember each one.

Is it ultimately secure? No, nothing ever is. But because of the techniques used, even if all their database was belong to some h4ckrz, it should be very difficult to break the encryption.

However, it does mean that the "last" password you use must be incredibly secure. Really secure. Unguessable by brute force or even by your closest relations.

So if you were caught in yesterday's email bomb, you may want to consider it. I do wish LastPass was Open Source so that the security could be verified, but you can verify most of the client side stuff yourself.

Disclaimer: I'm a random dude on the Internet so do your own research :)

About this blog

We strongly believe that tracking your time properly is the first step to deterministic software development. If you feel that you have been guessing or you can't be bothered to remember to log time, Worklog Assistant might be for you!

Give it a try!

Please download a free 30-day trial today by clicking on the link below: Download