LastPass master passwords compromised

Started by lesmond, Dec 30, 2021, 07:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


QuoteNews broke yesterday that many LastPass users were reporting their master passwords being compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. LastPass apparently indicated it's credential stuffing related to fairly common bot-related activity using data obtained from third-party breaches. However, users receiving these warnings have stated that their passwords are unique to LastPass and not used elsewhere, and some have even changed their master passwords only to receive another alert. Others have reported issues trying to delete or disable their accounts. An obvious recommendation is that all LastPass users should enable multi-factor authentication immediately if they haven't already. Are you affected?


The only person who got all his work done by Friday was Robinson Crusoe


I think the time when passwords alone could secure information is long gone. I've never used LastPass I do like that they did bring awareness that you shouldn't use one password for all sites.

I use KeePass I have been meaning to order a YubiKey to secure my password file, if you are really paranoid you could use 3 pieces of information in KeePass. A password, key file (burnt onto read only media), and a challenge response device like YubiKey.
It is a lot of steps but if the cracker ever got your password file they would need all 3 bits of information to open it.