Password Manager LastPass Suffers Outage


Early in the morning of August 12, 2014, one of the data centers used by password manager LastPass went down, causing connection errors for an undisclosed number of LastPass users for several hours.

In a blog post at the time, the company explained, "Our team immediately took action to migrate LastPass to run entirely on a different data center. As a result, many users experienced connection errors with the LastPass service, and has been intermittently unavailable throughout the morning."

Early that afternoon, LastPass added in an update, "Though one of our data centers remains completely down, the service is generally stable and should be available to the majority of users (with the exception of login favicons."

And later that afternoon, the company stated, "Most users should now be able to connect to LastPass browser extensions and without errors, though favicons still may not sync. We continue to closely monitor the situation."

While the service does offer offline access, many users have it disabled for security reasons.

Several LastPass users were unimpressed by the company's response -- one commenter wrote, "Great. So I can't do any work as I can't log into the various sites. Makes me reconsider using [an] online password manager at all."

Another commenter wrote, "This is a personal disaster. I've been a paying subscriber for several years and my life is stored in 64 character passwords in LastPass. This event will cause me to replace this once-trusted provider with another solution."

Another asked, "How is this not globally load balanced across multiple geographically dispersed data centers? Has LastPass just been winging it all this time getting lucky they didn't have their SPOF data center go down? Please say it ain't so."

7 Elements CEO David Stubley told Infosecurity that the outage clearly demonstrates the risks of counting on any single vendor for a mission-critical service.

"Organizations using any third party supplier should consider the impact should a supplier fail or in the case of using the cloud should the organization be unable to connect to the Internet," Stubley said.

While LastPass is one of the most popular and user-friendly password management solutions available, several competing products such as KeePass and 1Password don't store data in the cloud, avoiding this issue altogether.

In a recent article, eSecurity Planet examined three tools for enforcing password policies, including password policy tools, cloud-based single sign-on tools and enterprise password management solutions. And in an earlier article, eSecurity Planet looked at the five best password managers available at the time.