NZ Herald
  • Home
  • Latest news
  • Herald NOW
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Herald NOW
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Politics
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Herald NOW
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / Business

Explained: The LastPass hack, and if we can still trust password managers

Chris Keall
By Chris Keall
Technology Editor/Senior Business Writer·NZ Herald·
24 Jan, 2023 04:00 PM5 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌

Subscriber benefit

The ability to gift paywall-free articles is a subscriber only benefit. See more offers by clicking the button below.

Already a subscriber?  Sign in here
Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Photo / 123rf
Photo / 123rf

Photo / 123rf

Using a password manager has been one of security experts’ top tips for keeping yourself safe from hackers.

We’re always being told to use a different - and complex - password for every online service we access.

No one can remember 70 different passwords, of course.

That’s where a password manager comes in: a piece of software, protected by a master password, that stores your usernames and passwords in a virtual vault. It can automatically generate passwords for different websites, then auto-fills them. Problem solved.

But it all seemed to go to heck last month when the maker of one of the most popular password managers, LastPass, said hackers had gained access to its cloud-based system and stolen copies of the usernames and passwords used by all 33 million of its customers - and that included the usernames and passwords both for its own vault, and log-ins for every online bank, healthcare provider and other service stored in that vault.

Make it your business to know

Start your day with the latest business headlines straight to your inbox.
Please email me competitions, offers and other updates. You can stop these at any time.
By signing up for this newsletter, you agree to NZME’s Terms of Use and Privacy Policy.
Advertisement
Advertise with NZME.

LastPass played down the attack, noting that passwords, usernames and form-fill data was encrypted. The online intruders had that data, but they couldn’t read it.

But some LastPass users will still be vulnerable to having their data stolen, says Jordan Heersping, an incident response manager for the Government’s Computer Emergency Response Team (Cert NZ).

Heersping notes the hackers did get a lot of unencrypted LastPass data, including people’s LastPass username, their email address (which is used as a username by many sites), billing address, telephone numbers and, crucially, a list of website addresses from each person’s vault and whether someone used weak or vulnerable passwords.

Advertisement
Advertise with NZME.

That means the hackers would take the list of websites a person visited, use their email as the username, then try common weak passwords - or run the person’s password through dark web databases compiled after other hacks, to see if they could match it up with previously-stolen passwords.

Response lacking

Heersping says LastPass could have been more on the front foot with some of its communication about its data breach. The firm’s chief executive, Karim Toubba, told the New York Times it was users’ responsibility to “practice good password hygiene”. He stopped short of telling people to change all their passwords.

Discover more

Opinion

Chris Keall: Ardern’s mixed legacy with The Christchurch Call and social media

19 Jan 09:00 PM
Business

Microsoft introduces unlimited leave - how it’s worked out for others here

18 Jan 04:38 AM

“Many security experts disagreed with Mr Toubba’s optimistic spin and said every LastPass user should change all of his or her passwords,” the Times said.

The paper quoted Sinan Eren, an executive with security firm Barracuda, who said: “I would consider all those managed passwords compromised.”

Heersping agrees. “It’s better to spend a few hours changing all your passwords than putting your bank account and other data at risk,” he said.

Two tips for strong passwords

Yes, you can still trust password managers, Heersping says. He uses one himself. But the proviso is that it should be coupled with good password hygiene.

That means two things:

  • Always use passwords that are long (at least 15 characters), strong (at least one number, and one special character) and unique.
  • If it’s an option, use two-factor authentication (2FA), which typically involves a confirmation code being sent to your smartphone each time your log on, or more practically, each time there’s a log-in from a new device.

Sing us a song, you’re the piano man

A couple of years back, security expert Colin James - then with Vodafone - told the Herald that a “pass phrase” was a good alternative to a password.

Advertisement
Advertise with NZME.

If a site supports it, then the longer the password or pass phrase the better.

James’ top tip was to use different lines from a favourite song as your password - or pass phrase - for different websites (many sites support spaces, for natural language - though remember to throw in some numbers too, such as “3″ for “E”.)

This lyrical approach is a great way to remember long, complex passwords for different websites without shelling out for a password manager.

Cert NZ’s Heersping gives this tip his stamp of approval, saying it’s a great way to generate passwords of 30 characters or more.

What’s the best password manager?

Cert NZ does have an online guide to choosing a password manager, which tells you the features to look for, but it doesn’t recommend any specific brand.

You’re probably already using a password manager, because Google, Microsoft and Apple’s browsers all have them built in, as does security software from the likes of Norton.

Read More

  • Kiwis scammed out of $35 million this year as parasitic cyber criminals up their game
  • Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves

If you’re after a dedicated password manager - which can have advantages in terms of exporting a list of passwords, attaching secure notes or sharing passwords with family or a set of work colleagues - a Wall Street Journal round-up said the best free password manager is the open-source Bitwarden, which it called full-featured in its basic form (there’s also a US$1 ($1.54) per month version, which offers frills including a security report identifying weak passwords and emergency access - that is, an approved second person who can access your passwords if you’re incapacitated).

The easiest to use is 1Password, the Journal said, which is priced from US$2.99 ($4.60)per month, with no free tier. 1Password was also the WSJ’s overall pick.

Honourable mention went to Dashlane, which is priced from US$2 ($3.08) per month.

The New York Times-owned Wirecutter also named 1Password as “the best password manager”, saying it bettered 40 other apps. So did Wired and the Times itself. Wirecutter said 1Password was the easiest to use and had the best family-sharing options.

Wirecutter also gave Bitwarden the nod as the best free password manager: “It does everything you’ll need and doesn’t cost anything”.

Subscriber benefit

The ability to gift paywall-free articles is a subscriber only benefit. See more offers by clicking the button below.

Already a subscriber?  Sign in here
Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Latest from Business

Premium
Shares

Market close: Tourism Holdings drops as NZ sharemarket ends week on high

04 Jul 06:17 AM
Premium
Business|personal finance

Surge in new vehicle sales: Industry insiders explain three factors behind spike

04 Jul 05:00 AM
Construction

'A substantial breach': Builder's work under scrutiny after installing leaky gazebo

04 Jul 04:00 AM

Audi offers a sporty spin on city driving with the A3 Sportback and S3 Sportback

sponsored
Advertisement
Advertise with NZME.
Recommended for you
Royal NZ Air Force establishes first dedicated space unit
New Zealand

Royal NZ Air Force establishes first dedicated space unit

04 Jul 06:24 AM
All Blacks captain says inexperienced French team will ‘fire everything at us’
All Blacks

All Blacks captain says inexperienced French team will ‘fire everything at us’

04 Jul 06:23 AM
The search for answers after ferry tragedy between Java and Bali
World

The search for answers after ferry tragedy between Java and Bali

04 Jul 06:15 AM
The nearly fatal gas exposure case that rocked Greymouth
New Zealand

The nearly fatal gas exposure case that rocked Greymouth

04 Jul 06:03 AM
'It's all safe mum': Murder accused allegedly took $85k hidden in mother's dressing gown
Crime

'It's all safe mum': Murder accused allegedly took $85k hidden in mother's dressing gown

04 Jul 06:00 AM

Latest from Business

Premium
Market close: Tourism Holdings drops as NZ sharemarket ends week on high

Market close: Tourism Holdings drops as NZ sharemarket ends week on high

04 Jul 06:17 AM

The NZ sharemarket bounced back as large-cap stocks balanced gains and losses.

Premium
Surge in new vehicle sales: Industry insiders explain three factors behind spike

Surge in new vehicle sales: Industry insiders explain three factors behind spike

04 Jul 05:00 AM
'A substantial breach': Builder's work under scrutiny after installing leaky gazebo

'A substantial breach': Builder's work under scrutiny after installing leaky gazebo

04 Jul 04:00 AM
Foodstuffs to open $73m Pt Chevalier store early after Vic Park fire

Foodstuffs to open $73m Pt Chevalier store early after Vic Park fire

04 Jul 03:55 AM
Gold demand soars amid global turmoil
sponsored

Gold demand soars amid global turmoil

NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven Car Guide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP
search by queryly Advanced Search