5/28/2023 0 Comments Lastpass two factor authentication![]() The protection and individual control that two-factor (or multi-factor authentication) provides users is a step in the right direction to making companies and individuals more accountable for their own information security. With this particular hack, Siegrist has said that while they would require that "all users who are logging in from a new device or IP address first verify their account by email," those with multi-factor authentication would not be required to do so. This security practice ensures that even when hackers steal passwords, they cannot access your accounts because they do not have access to the one-time password via your smart device. Although 2FA is largely known as a good security practice within the info sec industry, this is not as common in other industries.Īs Joe Siegrist, CEO from LastPass, said in the recent announcement, LastPass has always encouraged users to use multi-factor authentication (MFA). Whether password managers are, in fact, a greater risk or greater benefit to keeping your data secure, the only conclusive result from this hack is the importance of two-factor authentication.Īs we've described in a recent blog post, two-factor authentication (2FA) is using something you know (a password) and something you have (e.g., a one-time password on your smartphone or tablet) for authentication and access to your account. While many in the IT industry have been skeptical of using password managers for fear of them being enormous targets for hackers, others have argued that the benefits outweigh the risks-namely, that password managers enable people to use randomly generated, stronger passwords and reduce human error that comes with using weak passwords. However, they announced that they have found "no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed." After noticing suspicious activity on their network, LastPass discovered that their account email addresses, password reminders, server per user salts, and authentication hashes were compromised. ![]() On Monday, June 15, 2015, a popular password manager, LastPass, announced a security breach.
0 Comments
Leave a Reply. |