I’ve been encouraging people to use password vault tools like LastPass for years. These browser plugins are great for keeping track of dozens of strong passwords (the hard-to-hack kind that nobody can remember) across all the websites you log in to.
However, LastPass recently announced they had discovered and blocked suspicious activity on their servers; “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
Now, this could be bad, bad news IF users’ master passwords had been accessed in plain text form. However, LastPass uses some pretty robust encryption (that’s what that business about salts and hashes in the quote is about). They don’t keep your master password in plain text anywhere. In other words, even with the information that may have been compromised, thieves would have an awfully hard time using any of the information.
Still, the company is encouraging users to change their master passwords as soon as possible. This will make it impossible for the hackers to log in using the information they took, even if they managed to un-encrypt it (the chances of which are near zero).
I also encourage you to make your master password a strong password. You may have to write it down and keep it somewhere safe, but encrypted or not, a brute-force attack will plow through “password1” in well under a second. A strong master password can be irritating to type in, but it’s worth the trouble.