1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[SECURITY ALERT] Lastpass Nailed

Discussion in 'Bits & Bytes' started by Biker, Jun 16, 2015.

  1. Biker

    Biker Administrator Staff Member

    Received via email:

    Their forums are full of rage at the moment from the clueless. I'd be very interested to know what the attack vector was. I have a sneaky hunch it was not a direct server attack, but a compromised password from someone within the company.
     
  2. ethics

    ethics Pomp-Dumpster Staff Member

    Probably. I am not worried though. Just change your master password.
     
  3. Biker

    Biker Administrator Staff Member

    Yep. Changed the email address on it as well (which is something I've needed to do for ages anyway).
     
  4. dsl987

    dsl987 Member

    Thanks for the heads up, will change mine as well
     
  5. SixofNine

    SixofNine Jedi Sage Staff Member

    I also have two-factor authentication set up on my LastPass account.
     
    ethics likes this.
  6. ethics

    ethics Pomp-Dumpster Staff Member

    Don't you have Yubico? If so, you have 0 to worry about.
     
  7. Biker

    Biker Administrator Staff Member

    Yubico only secures your machine and sites that support Yubico. Does nothing to prevent someone from getting into the servers where your stuff is stored and cracking the passwords obtained from there.
     
  8. ethics

    ethics Pomp-Dumpster Staff Member

    I don't think you realize how lastpass works.
     
  9. Sir Joseph

    Sir Joseph Registered User

    That's why I was wary of it and use KeePass with a keyfile stored in DropBox. I'm already too invested in it to switch, even though I would prefer a fully web based solution.
     
  10. ethics

    ethics Pomp-Dumpster Staff Member

    According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.
     
  11. Allene

    Allene Registered User

    Thanks. I need to do that.
     
  12. dsl987

    dsl987 Member

    Right now just running Lastpass
     
    ethics likes this.

Share This Page