LastPass Is Unsafe, LastPass Is Safe Again. Should You Use LastPass?
Last week, a famous security researcher took to Twitter to vaguely yet ominously warn everyone that was using LastPass, a popular password manager.
This may or may not have been the same bug that a different researcher noticed last week, in which he figured out that he could exploit LastPass’s autofill functionality1 to get other people’s passwords.
You’ll be forgiven for perhaps having missed the brouhaha over either of these issues because LastPass rolled out fixes within 24 hours. But the entire episode raised two big questions.
First, is it appropriate to take to Twitter or another public channel to warn people of a security flaw, or is it irresponsible fear-mongering that may lead to further compromise of the software? It depends on what information the tweet contained.
Ryan O’Leary, vice president of the Threat Research Center for WhiteHat Security, based in Santa Clara, Calif., said,
“Responsible disclosure is a tricky thing,” but ultimately agreed with Ormandy’s actions.
“Tavis did not disclose how he was able to remotely compromise accounts, which would have had immediate, devastating implications,” O’Leary told SearchSecurity. “Instead, he made it known to users that there is a critical flaw and he would report the findings immediately to LastPass to fix. This was so users would know of the issue, and to potentially stop using the service and change their passwords immediately.”
The second question that arises is, of course, whether LastPass—or any password manager—can be considered truly safe to use.
The answer is that they are not truly safe because nothing really is, but they are safer than the alternative, which is reusing your passwords or using weak passwords, or both. The key is to keep abreast of how often the service you used is compromised and to be vigilant about applying updates and changing your master password when there is a hack. If you start to see news that multiple vulnerabilities exist, and the company isn’t fixing them promptly, then it may be time to consider switching password managers, but that doesn’t seem to have been the case in this instance.
So–you can probably continue to use LastPass, you should definitely change your LastPass password, and you should absolutely turn on two-factor authentication. In a world where everything is ultimately hackable at some level, that is likely as safe as you can be.
-
In which LastPass—and any other password manager—automatically fills in your password on websites you visit. It’s often viewed as one of the main advantages of using a password manager. ↩
LastPass Is Unsafe, LastPass Is Safe Again. Should You Use LastPass? was originally published on Lawyerist.com.
Source: https://lawyerist.com/122818/lastpass-unsafe-lastpass-safe-use-lastpass/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).