Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
how to find out if your password has been stolen

LostPass attack reveals LastPass 2FA phishing weakness

Posted on January 19, 2016January 24, 2016 By Davey Winder

LastPass has been back in the news courtesy of yet another weakness, but just how serious is the LostPass attack?

Nothing has been compromised, apart from maybe the good name of LastPass as every potential weak spot that is shown to be exploitable whittles away at user trust in the product. A security researcher has shown how the LostPass attack could bypass LastPass logins even with 2FA enabled. Passwords suck. Consumer and small business password vaults and management tools make them a lot less sucky. Until your password manager gets compromised and then we move firmly into ‘elephants through a straw’ sucking territory. LastPass is probably the best known and largest of the password managers out there. Recently acquired by LogMeIn for $125 million, leading to no small amount of user hostility in the usual social media circles, LastPass knows all about the compromise risk.

Click here to read complete article

Phishing Tags:LastPass, Malware, Password, Phishing, Threat

Post navigation

Previous Post: Reducing the security software attack surface
Next Post: Bridging the Linux security perception gap

Related Articles

Reddit Confirms It Was Hacked—Recommends Users Set Up 2FA Breach
No, Dropbox ‘Hacker’ Hasn’t Stolen Passwords Or Data Of 700 Million Users Breach
Cyber Space: Researchers Reveal Security Surprise In SMACS 0723 Galaxy Cluster Image News
Apple iPhone Security? There’s No Place Like Chrome, Google Says News
WhatsApp Warning As Free Beer For Father’s Day Scam Goes Viral Cybercrime
pile of road signs with the word 'scam' on them Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know News

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government hack Hackers Hacking healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Threatscape Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2023 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy