“We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.
We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.
We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.
Regards,
The LastPass Team”
They are pretty much confident about their encryption algorithms in protecting their users. However, they recommend the users to update their master passwords.
Besides updating the master password, there are certain things that you better know about, to ensure more security of your LastPass account.
- LastPass, as they claim, implements very good encrypting algorithms to secure their users accounts. They have intelligently designed cyber attack response system which raised the alarms this time.
- LastPass don’t have access to users’ master password. They use numerous rounds of complexity to their hash algorithms making them difficult to be hacked.
- The guess attacks will not crack LastPass’s algorithms. The unique string inclusions in encrypting the algorithms helps them keep these kind of attacks go ineffective in the beginning itself.
- Though the attacker guesses your weak master password, you data vault will not be exposed to him. He then will be asked to complete email verification(because login from a new IP address or location triggers the security breach alarms and activates the counter measure instructions).
- Do not use your master password for any other website.
- Enable multifactor authentication for your LastPass account for added security features. To enable so, go to your LastPass vault > Account Settings > Multifactor Options.
- Never disclose your master password even to LastPass team.
- Check LastPass security updates on their blog. Emails might be misleading.
Google Smart lock is the best password manager. Available for both android and PC(chrome)
ReplyDeleteOh..I will surely get my hands on it today! Thank you for sharing :)
ReplyDeleteHi Sasidhar
ReplyDeleteI have known Lastpass even though I have not used. It seems to store passwords. However no solution is solid proof so I am not surprised at this info. They will definitely have to keep improving the system and this hack is good for them. It will make them tighten their security.
Hi Ikechi,
ReplyDeleteThe impressive thing about LastPass is that they don't have an access to our master passwords. We only have that control to access it. Also, the location and IP based login intelligent algorithm tightens the security.
Thanks for sharing your response by the way. Have a great weekend :)
Post a Comment