Unlike open source software, this means that no-one outside of LastPass can inspect the code it uses to check for any vulnerabilities. There’s also the fact that LastPass’s code is ‘closed source’. The history of breaches and vulnerabilities was bad enough, but the fact that the bad guys have now managed to get hold of encrypted password vaults is the straw that broke the camel’s back.
It’s simply impossible recommend that you continue to use it. That includes accounts for any online shopping sites which store your payment details, such as Amazon, and don’t forget about PayPal and others. It’s a lot of hassle and takes a lot of time to change hundreds (even dozens) of passwords, but it is obviously worth doing this for any bank or other accounts to do with your finances in order to mitigate the risk. This means your only option is to change the passwords for accounts within the vault so that if the hackers do ever manage to decrypt your vault, the passwords they get won’t work any more. The problem is that if the hackers already have a copy of your vault, which is encrypted with your old password, then changing your LastPass master password now won’t make any difference because it will only change the encryption of the version that LastPass stores, not the copy the bad guys have. Other than when signing into your vault from a LastPass client, LastPass will never ask you for your master password.” In order to protect yourself against social engineering or phishing attacks, it is important to know that LastPass will never call, email, or text you and ask you to click on a link to verify your personal information.
The threat actor may also target customers with phishing attacks, credential stuffing, or other brute force attacks against online accounts associated with your LastPass vault. We routinely test the latest password cracking technologies against our algorithms to keep pace with and improve upon our cryptographic controls. “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices. If you use a strong password, you should be ok – says LastPass – because generally available software would take “millions of years” to crack it.
0 kommentar(er)
