Computer hackers never take a break. There is always someone out there searching for your online information because in today’s world there is so much they can do with it. That is why so much attention is paid to making sure this information is protected. Infoworld.com discusses how the password management company, LastPass, and the company in charge of a large list hacked information known as PwnedList, have teamed up to fight internet identity thefts from happening. I think this is a great idea because these two companies are able to come together and do what they do best. Working together, they can protect passwords and notify users when information may have been compromised, so when there are possible username/password hacks, it can be put to an end immediately.
What this company PwnedList does is it finds compromised log-in IDs and passwords that have been posted in public areas and notify the user that their info is out there. Then you can go into the website and type in your username and password that you are concerned about. They will notify you if it appears on their list, if it is then that means hackers may be able to find out your information. So many people do their banking online, pay their bills online, and have their credit card information sent to them through email or hooked up through their Amazon.com account. Many people fail to catch the fact that their log-in information was compromised, so the service LastPass and PwnedList can save people a lot of financial troubles.
Many people have concerns as to whether or not they can trust PwnedList with their information. Who is to say that if you go there and type in your username and password, they might just add it to their list and call it compromised even when it wasn’t? This was a big concern and to fix this, PwnedList enables user to enter their information using SHA-512 encryption. This is a security measure so that once you enter your information they won’t be able to find out what it was. Once you type in your information, you find out if it was on the list without ever directly giving them access to your information. They also do not store compromised passwords in their database, so if they are hacked companies who use this will still be safe. This way, there is very low risk, but a very high reward for possibly finding out that your accounts have been compromised.
This system through PwnedList and LastPass is being enacted with many corporate accounts that companies use to protect private company information. They can pay to first check their domain and usernames with the PwnedList system, then as the PwnedList system is updated, if any of their credentials become compromised they will be notified. The list of compromised usernames have grown from 5 million last November to 24 million as of now, it is clear that more and more usernames are in trouble. If a company can protect their information from leaking, it could prove financially beneficial to subscribe to the LastPass system. While the cost may reach into the five-figures for companies, to have all of their information secure would be worth it.