Trying to prevent an immediate spike in heart attacks, Toubba cautioned it would be, “extremely difficult” to brute force guess master passwords for customers who use the company’s default settings and best practices. For those users, it could take attackers “millions of years” to crack those codes using “generally-available password-cracking technology,” according to the CEO. LastPass says it should not have access to users’ master passwords.
That comforting reassurance doesn’t necessarily apply though for users with weaker master passwords. In those cases, LastPass advised users to go in and change the passwords of all the websites they have stored which could mean a grueling, laborious day of frantically resetting account information awaits. And while it may be true strong master passwords could prove challenging to guess, even the strongest passwords could be at risk if they were used onof previously hacked passwords just sitting on dark web markets. Affected LastPass customers may also find themselves awash in annoying phishing attempts trying to trick them into unwittingly handing over their keys to the kingdom.
, could use information conveyed through the sites a user visits to craft more convincing phishing campaigns.For a company whose primary service revolves around collecting and protecting passwords in one secure place, this is just about as bad as it gets. LastPass firstthe recent attacks in a blog post late last month. At the time, the company cryptically said that the attacker was able to access “certain elements” of “customers’ information,” without providing more detail.
The evergreen answer to 'why don't you use a password manager?'
Because it's always a great idea to put all your passwords in one central repository controlled by someone who isn't you!
Of course they did.
So they got the safe, but not the key? If you used a strong password and have 2FA on, you will be fine. But that doesn't make for a panic inducing headline that drives people to the site so you can sell ads, now does it?
How many times does LastPass have to have security breaches before people stop using them?
What if there was a way to do away with passwords altogether? Enforced by an enormous network of computers with 18 billion dollars of economic security?