![]() Lastpass screwed up, and there are frankly better alternatives. It protects user data with unbreakable AES 256-bit encryption, which is the same type of encryption that banks and militaries around the world use, and it has a zero-knowledge policy, which means no one other than you can ever access your password vault or gain access to your sensitive data. ![]() However, the Hacker has obtained the email address associated with your Laspass account, and assuming you use the same email address for the Coinbase account (which you are likely to do so), then the hacker can send you a targeted email pretending to come from Coinbase, with links that if clicked could result in giving access to the hacker. Thus, if you had an account with say, Coinbase (a crypto exchange), the hackewr can see this from the hack even though he does not know your Coinbase login details. The attacker though already has all the email addresses associated with Lastpass accounts, and this combined with the URL information is a disaster waiting to happen. Not encypting URLs, which 1Password and Bitwarden, was a majot failure by Lastpass because the hacker can use this information for targeted attacks even though though the hacker may be unable to decrypt the vaults. It uses standard AES 256-bit encryption, PBKDF2 SHA-256 key. The two main reasons I left LastPass are that they were not transparent about the breach and also that they do not enctypt URLs. LastPass is relatively safe it has security gaps that make people question its security standards.
0 Comments
Leave a Reply. |