If attackers have had three or four months with the stolen data, the situation is even more urgent for impacted LastPass users than if hackers have had only a few weeks.
It seems to have been sometime after August 2022, but the timing is significant, because a big question is how long it will take attackers to start “cracking,” or guessing, the keys used to encrypt the stolen password vaults.
The company hasn't even clarified when the breach occurred. LastPass has not returned WIRED's multiple requests for comment about how many password vaults were compromised in the breach and how many users were affected. Now, nearly a week since the disclosure, the company has not provided additional information to confused and worried customers. The details LastPass provided about the situation a week ago were worrying enough that security professionals quickly started calling for users to switch to other services. For the security service's 25.6 million users, though, the company made a worrying announcement on December 22: A security incident the firm had previously reported (on November 30) was actually a massive and concerning data breach that exposed encrypted password vaults-the crown jewels of any password manager-along with other user data. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. Here's how the security savvy can connect their LastPass account to Google Authenticator.You've heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. You will also need to download and install Google Authenticator on your mobile device if you haven't already. To link them, you'll need access to an internet browser, mobile device, and your master password on hand. The Authenticator lets you add another layer of protection for your bank accounts and passwords you've uploaded to your LastPass Vault by generating one-time-use, time-sensitive codes that will confirm you are the account holder.Ĭoupling LastPass's native security system with Google Authenticator can offer another layer of protection for your cyber identity and the data in your Vault. That's where Google Authenticator, the alphabet company's software-based mobile freeware that implements two-step verification services, can help. Despite all its security features, for some, LastPass's master password system isn't enough protection for their most sensitive information and data. LastPass is a locally encrypted way to store all your passwords and other essential data securely in one place.
0 kommentar(er)
