I don't make a lot of money and like many Americans, I have two jobs and work 6 days per week, 9 hours per day. If I do, I'm forfeiting money set aside for a dental copay I had planned. Maybe if you allowed users to pay monthly ($3 bucks I can manage) but $27 annually is just too hard for me to justify right now. However, you will definitely want to change your Master Password and enable Multifactor Authentication as soon as possible.Hi, I was trying to leave lastpass because I am low income and cannot afford $27 to upgrade to premium. Overall, this doesn’t appear to be anything to panic about as the passwords stored in your vault are well protected and shouldn’t have been compromised. Thank you for your understanding, and for using LastPass. We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords. We are confident that the encryption algorithms we use will sufficiently protect our users. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised. We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. It’s short and doesn’t give a whole lot more detail than what we know already. Today I finally received an email from LastPass about the security issue. There are other services users who have a Premium account ($12/year) can use like finger print scanners, and USB keys. To enable two factor or multifactor authentication in Lastpass, just goto Account Settings > Multifactor Options and select the method you want to use… Google Authenticator is probably the easiest. We’ve spoken about this in depth here at groovyPost and we plan to focus on this even more in the coming weeks. Honestly, in the online climate we have today, enabling two factor authentication really is no longer optional if you want to keep your online accounts secure. The process is extremely simple and there’s no better way to secure your LastPass account. We showed you how to Enable LastPass Two Factor Authentication a few years ago. In its statement today, LastPass said: “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled.” It adds an extra layer of security to your account, and will give you more peace of mind that your passwords are secure. While you’re at it, we recommend that you enable multifactor authentication for your LastPass account. During the process, LastPass will re-encrypt everything, and send you a verification email that you changed the master.Įnable MultiFactor Authentication for LastPass That will bring you to the Password Reset page where you can simply follow the onscreen instructions to change your master password. Then in the Account Settings window click Change Master Password under the Login Credentials section. To change your master password, and click Account Settings from the left pane. At the time of this writing, I haven’t received one, and by the looks of the comments on the LastPass blog, neither have a lot of other users. As the company also said in its post that emails are being sent to all users about the security incident. One thing that’s rather irritating to a lot of users is that they are finding about this news on websites. As an added precaution, we will also be prompting users to update their master password.” The company also said, “We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. We are confident that our encryption measures are sufficient to protect the vast majority of users. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In a blog post, LastPass gave some limited details about what happened:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |