![]() ![]() And it literally is time sensitive.For many years, LastPass' free tier was a steal, with most of the basic features you'd want in a password manager, including unlimited syncing across all your devices. which they have not confirmed in any way) All of my two facto codes have to be reset now as well just in case.If you are one of the unlucky users who lost both your password vault and your two-factor authentication backups, you have way more to worry about than you think. depending on the dates of the backups stolen. So, even though I have no LastPass vault to be stolen (I hope. Now, all of my authentication tokens are in the wild. Now I deleted my LastPass account completely years earlier, so I have no password vault, but it still relies on the application itself to be installed and logged in to backup. This is a totally separate product to LastPass Password Manager, and it's always free, so I didn't think much of it.īecause, in order to backup your authentication secrets, Authenticator uses your LastPass account. Authy is great, but I prefer the user interface of LastPass Authenticator. If you lose your device, you need to start from scratch with every platform you have two-factor enabled on.)Īnyway, as I usually do, I've tried multiple products over the years. (I don't use Google Authenticator because it doesn't have any way of backing up your codes. So, I use Authy, and Microsoft Authenticator (for work), and I've tried others in the past. There is however one feature that's missing unless you pay BitWarden: built-in two-factor authentication support. The free tier is as good, if not better than the paid LastPass paid tier. So, I left - partly in solidarity, but mostly because of my waning approval of the new owners. This directly affected my family and friends who weren't able to pay for a subscription at all. I've generally paid for password managers, but not only did they double the basic subscription cost, they removed features form the lower plans, and restricted the free tier from syncing multiple types of devices (mobile / web browser plugin / etc.). I abandoned LastPass after being bought out by LogMeIn. Really, unless protected by two factor authentication? But, my two factor secrets were stolen as well! Steve mentioned that you should (roughly 1:52:30) "take the time to scan through your vault changing the login passwords of any of your important accounts which are not also protected by some form of strong second factor authentication" Two-Factor Authentication, and how it has been affected.Īfter listening to a two-hour "Security Now" podcast with Steve Gibson and Leo LaPort, they covered the technical details of the breach very well, but one comment near the end of the show had me worried. I'll go into some technical details later, but I want to bring up something I haven't heard discussed properly. However, for most people it's not blindingly obvious beyond the breach itself, why, from a technical perspective they should be avoiding LastPass completely. Sure, it's become obvious in the last few weeks why people should be seriously reconsidering their choice of password manager. ![]()
0 Comments
Leave a Reply. |