The attacker though already has all the email addresses associated with Lastpass accounts, and this combined with the URL information is a disaster waiting to happen. Not encypting URLs, which 1Password and Bitwarden, was a majot failure by Lastpass because the hacker can use this information for targeted attacks even though though the hacker may be unable to decrypt the vaults. The two main reasons I left LastPass are that they were not transparent about the breach and also that they do not enctypt URLs.
#Lastpass security breach reddit password#
Hacks and Breaches seem to come a lot more often now and it could happen to another Password Manager so I just see it that we need to be as pro-active regarding our own security as we possibly can.
This does not mean I am done with LP but I shall remain cautious and careful. I also have left the Last Pass Authenticator Disabled & I use YubiKey for my Default 2FA. As for Last Pass I am still subscribed but do not have anything of importance left there. However, from what I understand from some, even with that, I could have had info lifted from the Last Pass Vault. I had already had my Last Pass at 600000 iterations, I had 2FA with YubiKey and a strong Master Password. I exported all my Last Pass to Bit Warden, changed my passwords on my financial sites and whatever sites I considered important and did not want to be compromised. I took cover to protect myself early on after finding out about the Breach.
0 kommentar(er)
