LastPass had a fine idea. Like other security companies, such as 1Password and RoboForm, they’d enable users stuck with dozens, if not hundreds, of passwords to use one master password to rule them all.
OK, so that is putting all your password power in one ring and that, as Sauron found out in The Lord of the Rings can be a mistake. But, if you guard that one password with a lot of encryption—or keep it surrounded by orcs and a balrog—it should be fine. Right? Right??
Alas, a while back, LastPass’ system administrators noticed something odd going on on one of their servers. They were afraid that hackers might have cracked their system and be on their way to grab master passwords.
That wouldn’t do, so they shut down the one suspect server. That was a good idea. They then let everyone know that there had been a possible security breech by a blog message. That wasn’t such a bright idea. So, they decided on what sounded like a great idea: Now that the one server was off-line they would have everyone reset their passwords. Whoops.