Hackers just stole LastPass data, but your passwords are safe Hackers dug deep in the massive LastPass security breach If you use this free password manager, your passwords might be at risk Google wants you to ditch LastPass and finally switch to Chrome ![]() That way, one breach won’t lead to all your other accounts being compromised. Whether you use a password manager or not, you can protect yourself by using strong, unique passwords that are not used on multiple sites. It goes to show that not even the most popular services are immune to hacking attacks and security breaches. Once that’s complete, the company recommends users update all of the passwords that had been stored in LastPass with fresh replacements. Right now, Intego advises LastPass users to immediately begin migrating their accounts to another password manager. LastPass itself claims it has over 33 million users - if the claims about its lax security are correct, that’s a huge number of people whose accounts, passwords and credit card data are all now potentially vulnerable. It’s a remarkable statement to make given LastPass’ popularity. Rival password manager 1Password has added its opinion into the mix, claiming that it would cost a hacker $100 or less to crack the master passwords protecting many LastPass vaults, such is the weakness of LastPass’ hashing methods.Īll of that has led Intego to state that, “given what we now know about LastPass - both how the company operates and its technology - we do not recommend using LastPass as a password manager.” How to keep your passwords safe According to security researcher Wladimir Palant, for example, LastPass’s statements were “full of omissions, half-truths, and outright lies.” One of Palant’s allegations is that LastPass’ implementation of a password-strengthening algorithm is not considered strong enough based on industry standards, making users’ vaults far too easy to hack into. However, Intego maintains that third-party analyses of the breach suggest a more troubling scenario. Questionable practices Ash Edmonds/Unsplash From now on, you will need to use the Authy app when you login.Finally, in December, LastPass admitted the data accessed by the hackers was used to trick a company employee into handing over keys to some customer credentials, which were then used to access and decrypt customer data. Now your Lastpass account is secured with Authy 2FA. You will see that #2FA setup is complete. Now you will be prompted to open your two-factor authentication app on your trusted device and enter the 2FA code for LastPass. Return to the LastPass screen showing the Google Authenticator set-up and click “Update.” You will once again need to enter your LastPass password. If you desire you can also change the logo or the nickname you give the account right on the Authy app. Once the QR code is captured, Authy will display your LastPass account with the appropriate icon. You’ll be prompted to hold your phone up to your computer to ‘Scan QRCode’ and capture the QR code provided by LastPass. Click ‘Add Account’ at the bottom of the screen. To capture the QR code, launch Authy on your device. Keep this window open as you reach for your phone. The next screen will show you the QR code. You will have to re-enter your LastPass password to view it. Then, select to view the “Barcode,” or QR code. On the next page, select YES next to “Enable” and choose if you want the 2FA service to be available to you when you are offline. This is a good example of how other sites will prompt you to use Google Authenticator for two-factor authentication, but remember that you can always substitute the Authy 2FA app instead. If you are an Authy user, click the ‘edit’ or ‘pencil’ image to the right of Google Authenticator. This will present you with multiple 2FA tools to choose from. ![]() In the next window, Click “Multifactor Options” in the top Navigation. When logged into your Lastpassaccount, click on the “Down” arrow to the right of your account icon (or the generic image if you haven’t added an image yet.). Then click “Account Settings.” Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, cloud-backups, and easier account recovery should you change or lose your phone or device. Read more information on the features of Authy here. Important: If any sites prompt you to use Google Authenticator for two-factor authentication, note that you can always substitute the Authy 2FA app instead. ![]() Install Authy on your device by searching for it in your device’s app store. It enables you to have a single mobile app for all your 2FA accounts and you can sync them across multiple devices, even accessing them on the desktop. The best way to manage all your 2FA accounts is to use the Authy app. How to enable 2FA for LastPass Install Authy
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |