It is indeed hard to understand why LastPass would not consider website URLs sensitive fields and it makes you wonder what the other unencrypted data is. These questions were raised because the security notice says: “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.” Security researchers are worried about the fact that LastPass stores website URLs unencrypted. So, it comes as a surprise that the initial breach was able to lead to further compromises. Usually, these passwords are stored in an encrypted database and locked behind a master password.Īs a keeper of that many passwords, LastPass is juicy prey for threat actors. A password manager is a software application designed to store and manage online credentials. LastPass offers a password manager which is reportedly used by more than 33 million people and 100,000 businesses around the world. The instructions to enable MFA can be found on the LastPass support pages. If you haven’t done so already, we would advise that you enable multi-factor authentication (MFA) on your LastPass accounts so that threat actors won't be able to access your account even if your password was compromised. In case of a leaked or stolen password, threat actors can use credential stuffing techniques to unlock other accounts.Īccording to LastPass, if you followed these guidelines, it would take millions of years to guess your master password using generally-available password-cracking technology. This is always true, but it completely defeats the security advantage of using a password manager.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |