The post notes that anomalies in server traffic led the company to suspect its database has been accessed and take appropriate precautions, although it cannot be sure at this point in time. It also points out that the data accessed alone should not be enough to expose an affected user’s stored passwords. To get those, an attacker would also need the user’s master password, which is only really a risk if that password is easy  to guess using a brute force attack. Users with strong, non-dictionary-based master passwords should be relatively safe, although as some users don’t use particularly strong mater passwords, the company has elected to force all of its users to change their master passwords. In addition, the company will be validating users changing their passwords by either checking that the user is visiting from a previously-used IP block, or by validating against their email address.

As a result of the potential breach, LastPass is also beefing up the encryption it uses:

We’re also taking this as an opportunity to roll out something we’ve been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We’ll be rolling out a second implementation of it with the client too.

This potential breach is a reminder that storing your passwords with a third party like LastPass or competitor 1Password is risky. Their data is obviously a very attractive target for hackers, despite their encryption and robust security arrangements. But you have to weigh that risk against the convenience they offer: Using a password management tool makes it much easier to have a strong, unique password on every service you use. That’s much more secure than using the same password everywhere, which makes large security breaches, such as the recent PlayStation Network hack  or last year’s Gawker hack, so damaging, as attackers can gain access to wide range of different services with a single password. However, if you’re concerned about storing your passwords in a cloud service, you could always elect use a desktop password management tool like that stores your passwords in a local database like KeePassX instead; the downside is not being able to retrieve passwords everywhere. Whatever password management tool you choose, ensure you pick out a strong master password that’s not going to be easy to crack via a brute force attack.

Photo courtesy Flickr user subcircle

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• The Future of Work Platforms: An Overview
• Connected Consumer Q1: The Over-the-Top vs. Pay TV Battle Heats Up

So why is email such a hassle?

• It’s more than 30 years old. Email has come a long way, but its underlying protocols haven’t changed much since the 1970s.
• It’s really three different systems. Sending (SMTP) and receiving (POP or IMAP) are totally separate functions, and are often handled on different servers. That’s why I often hear comments like “I can receive, but I can’t send” from clients.
• It’s being used for a lot of things it was never designed to do, like send images and attachments, highly formatted messages, signatures and calendar entries.
• It’s been overrun by spam, and even well-designed spam filters aren’t perfect, and cause unwanted side effects, like messages that get misidentified as spam, or just go away.
• Email software is too complex. These programs that were originally built for offline use; that is, they were set up so that users could read and write messages without being connected to the internet. Sending and receiving would happen in batches. That made sense when internet connections were slow, expensive and charged by the minute. Now that most people have always-on connections like cable or DSL, that process is less necessary. Desktop email client software is a pain to set up and use; as someone who helps many people with email, Outlook is the bane of my existence.
• Many of us connect to the Internet in more than one place — at work, at home, and on cell phones. It can be very frustrating to realize that we’ve left the message we needed to reply to at the office.
• Many of us have more than one email address. I try to keep my work and personal email separate, plus I have a series of email addresses that I use when registering on websites that might try to send spam. And I have several email addresses that were given to me, such as the ones that are automatically created when signing up for instant-messaging services like Yahoo, AIM and Windows Live/MSN.

What can be done to overcome these problems? Here are some tips that might help you and your clients and friends be more productive.

• Get your email on the web. Dump your desktop email software, and switch to Gmail/Google Apps or another online provider like Yahoo. If your Internet connection is unreliable, Google Gears lets you work offline.
• Create a master inbox. If you have multiple email accounts, you can set up forwarding to receive and send email from one place.
• Use IMAP. If you need mobile access to your email, set up your phone software to use IMAP, not POP. By using IMAP, your messages will sync automatically in all of the places you check your mail.
• Use social networks. It seems like all of my friends under 30 don’t do email anymore, but they’re on Facebook a lot.
• Use instant messaging. For short, simple conversations, IM can be very efficient. In a few seconds, you can schedule a meeting or a lunch date. It’s much faster than email or phone conversations.
• Use file-sharing services for sending large documents. There are lots of such services, and new ones are popping up all the time, including Fluxiom and FileShareHQ. And Dropbox and the new Opera Unite service allow you to share files directly from your computer.
• Organize your electronic communications. Celine wrote about this recently, and I’ve talked about it, too.

Oh, and one more:

• Remember your passwords. This is obvious to you and me, but I’ve heard “I didn’t know I had a password” way too often. Online services like LastPass, or programs like 1Password, SplashID, or the free KeePass (Windows and phones; also available for Mac and Linux) can be lifesavers.

How do you keep email simple?

Image by stock.xchng user chris27.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Communications, Platforms, Privacy Ruled NewNet in Q4
• The Near-Term Evolution of Social Commerce
• A 2011 NewNet Forecast