![]() The company’s browser extension and apps have been also been found to have security vulnerabilities on several occasions, including last March, when the Android app was criticised by a security researcher for containing third-party trackers. Nonetheless, LastPass implemented additional verification checks against users that did not have multi-factor authentication enabled. ![]() “Could this be just some kind of weird glitch? It could.”Ī similar incident occurred in 2015 when LastPass told users that its team had “detected and blocked” suspicious activity that resulted in the compromise of “account email addresses, password reminders, server per user salts, and authentication hashes”.Īgain, the attack did not affect encrypted vault data. “We’re trying to look at what is the worst possible case and how we can mitigate any risks coming out of that,” Siegrist said. ![]() Speaking to PC World after the incident, the company’s then-CEO Joe Siegrist stated that the attacker had not taken “a lot of data”, but nonetheless had extracted “enough to cover people’s usernames and passwords”. LastPass advised all users to change their master passwords following a “network traffic anomaly” that suggested an outsider was pulling data from the company’s systems. The company’s first publicly announced security issue was in 2011. Even so, it appears that no LastPass user’s vault data or master password has ever been compromised. LastPass has been hit by security issues before. Some security advocates, who baulk at the notion of storing their most precious personal information on the cloud (which is, after all, simply “someone else’s hard drive”), might eschew LastPass in favour of open-source password management software, such as KeePass or Bitwarden.įor most consumers, however, LastPass is probably secure enough-on paper. In order to allow users to sync their passwords across devices, encrypted passwords are stored on LastPass’ servers and decrypted at the device level. The company also states that it protects user data using password key derivation standard PBKDF2, cryptographic hash algorithm SHA-256 and salted hashes. LastPass vaults are encrypted via the widely-used AES-256 standard. The software can also autofill password fields via its browser extensions and mobile apps. As with most password managers, LastPass users only need to remember one “master password” to access their vault. LastPass users can store their passwords and other information in a “vault”. However, after GoTo was itself acquired by a private equity firm last year, LastPass announced it would be going solo. The company was acquired by Boston-based software firm LogMeIn (now GoTo) in 2015. In terms of its user base, LastPass occupies a relatively comfortable position at the top of the password manager market, above rivals such as 1Password (which boasts 15 million users) and Dashlane (which reports over 10 million users). The company offers both consumer and business products and reportedly turned over $200 million last year. LastPass has users all over the world-an estimated 33 million of them, in fact. ![]()
0 Comments
Leave a Reply. |