This means that you’ll only be able to use LastPass Free on either a computer or a mobile device. Compared to a premium LastPass subscription, their free tier will only allow for one device type. It offers an unlimited number of password storage and comes with one account. LastPass has a free version, albeit with limited features. You might be better off using more secure password managers, such as Dashlane or Keeper as both companies have yet to report data breaches. There’s even been a recent report linking the stolen LastPass accounts from November 2022 to a string of cryptocurrency heists currently being investigated. Aside from the 2022 breaches, LastPass has had security incidents since 2011. While LastPass has since adopted security and privacy changes to their platform, the risk simply isn’t worth taking given the company’s tumultuous history of breaches. Even still, this isn’t the type of news we want to hear from a software provider that’s supposed to protect your passwords and other sensitive credentials. LastPass has said that the encrypted data remains secure with 256-bit AES encryption so long as the user’s master password makes use of their password best practices, such as having a 12-character minimum and not reusing the master password on other sites. In particular, the threat actor gained “unauthorized access to cloud backups” that included “system configuration data, API secrets, third-party integration secrets and encrypted and unencrypted LastPass customer data.” This customer data consisted of encrypted fields such as website usernames and passwords, secure notes, and form-filled data and unencrypted data such as website URLs. Unfortunately, LastPass disclosed a second breach on November 22, 2022, wherein the data gained in the August 2022 breach was utilized to access LastPass customer data. The first incident, which occurred in August 2022, involved a software engineer’s corporate laptop being compromised.Īccording to LastPass, the incident allowed a bad actor “to gain access to a cloud-based development environment and steal source code, technical information, and certain LastPass internal system secrets.” The company reiterated that “o customer data or vault data was taken during this incident.” In 2022, LastPass experienced two major data breaches that led to both LastPass customer and company data being stolen. Because of the most recent data breaches, I wouldn’t say LastPass is safe to use.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |