Jump to content

Search the Community

Showing results for tags 'lastpass'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 19 results

  1. LastPass launched a new feature in the mobile versions of the password manager LastPass today that allows customers to recover their account under certain circumstances. Password managers help users when it comes to password use on the Internet. They provide users with tools to create and use unique passwords everywhere. The database is usually protected by a master password that the user needs to enter to decrypt the password database and access stored passwords and other information. Password managers may support other authentication options. KeePass, a popular free password manager supports key files or Windows user accounts. Users who forget the master password are in a precarious situation as it is the only option to unlock the database unless recovery options are available. LastPass Mobile Account Recovery LastPass launched a new feature called LastPass Mobile Account Recovery today that introduces an option to recovery a LastPass account in case the master password is not accepted anymore by the service. The feature is only available in the mobile LastPass applications for Android and iOS. Mobile account recovery requires a mobile device with fingerprint or Face ID authentication support. Basically, what it does is unlock an option to recover a LastPass account using the authentication method. While LastPass makes no mention how the feature works, it appears that it links biometric authentication to the LastPass account so that users of the service may reset the master password using it. It should be clear that LastPass users need to configure the feature before it becomes available. The company notes that the account recovery feature is device-specific. If you want it to be available on all devices, you need to enable it on all of them. If you are using LastPass on an Android device, you need to configure fingerprint authentication first; if you use it on an iOS device, you need to set up Face ID instead. Setup is identical afterwards: sign in to the LastPass application on the mobile device. LastPass should display a notification about the new account recovery option; if it does not, go to Menu > Settings > Security and enable the unlock feature (called Use Fingerprint to Unlock on Android, and Use Face ID on iOS), and toggle the account recovery feature afterward. Here is a video by LastPass that demonstrates the feature. If you need to reset your LastPass master password, select "forgot password" when you get to the login screen. From there, select "Recovery with Fingerprint" or "Recovery with Face ID" and authenticate using the biometric authentication option. LastPass will prompt you for a new master password that you may enter directly. You may also add a password hint. The selection of "set master password" completes the process. Closing Words LastPass recommends that customers enable the new account recovery option on their mobile devices even if they only use the desktop version of the password manager. The new option is certainly helpful in restoring an account if the master password cannot be remembered; users should take note, however, that it could also open up a new option for third-parties to gain unauthorized access to the account through coercion. Cautious users might want to stick to using the password hint option as the only resort when it comes to account recovery. Source: LastPass introduces Account Recovery on Mobile (gHacks - Martin Brinkmann)
  2. LastPass increased the price of the Premium plan of its password management service in February 2019; this time to $3 per month for a Premium plan, an increase by $1 per month. LastPass is the maker of a popular password management service. Free and paid versions of LastPass are available, and Home users may upgrade accounts to a Premium or Family plans. The Premium version adds features such as encrypted file storage, emergency access, advanced multi-factor authentication options, and priority tech support to the feature set. LastPass enabled mobile access for free accounts in 2015, and removed the free account limitation that restricted sync operations to device classes (e.g. PC to PC, but not PC to mobile). Families support up to six users as opposed to the single user that a Premium license supports. It furthermore includes access to a family manager dashboard and unlimited shared folders. LastPass Premium's price is $3 per month if paid annually as of February 2019. LastPass increased the price from $2 per month to $3 per month in February for existing and new users; this is the second premium price increase after the increase from $1 per month to $2 per month in 2017. Both increases came after LogMeIn's acquisition of LastPass in late 2015. The new price took effect for new customers on February 7, 2019. Existing customers have to pay the new price when they renew the plan. LastPass sends out reminders 30-days before the expiration of a plan to notify users about the upcoming renewal. Price comparison An increase from $1 to $3 per month in two years is certainly something that does not look too good on paper. Compared to other premium password manager offerings, it is not too expensive, however. Dashlane charges $5 per month for Dashlane Premium, 1Password $2.99 per month (and $4.99 for Families), Enpass asks for one-time payments for individual platforms ($11.99 per platform), and BitWarden charges $1 per month for its Family plan (there is no Premium plan). KeePass, which I use, is available for free. LastPass' price matches that of the competition for the most part. Enpass' decision to charge users a one-time fee deserves commendation in a world in which most companies move to subscription-based services. Closing Words The LastPass Families price remained as it was; it costs just $1 more per month and gives customers access to five additional Premium accounts. The price increase moves LastPass' premium offering in line with its competition. Source: LastPass increases price of Premium plan again (gHacks - Martin Brinkmann)
  3. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  4. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  5. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  6. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  7. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  8. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  9. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  10. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  11. Just keep putting those eggs in the one basket, friends Password manager LastPass has added a new feature to its software: the ability to store two-factor authentication codes. This is great news. For hackers. Increasingly, people with sense use two-factor auth as a way of ensuring that it is much harder for miscreants to break into their accounts, and to detect if anyone is anyone is trying to do so. A crook needs to know not only a victim's username and password, but also have their two-factor code to log in. Typically, what will happen is that when you try to log into an account – say, a bank account – the process will send a one-off code to a device that it knows belongs to you (typically a mobile phone) and require that code to be entered before moving forward. However, many companies, including Google, Facebook and Dropbox also offer the ability to generate one-off access codes from a device or app. You usually scan a barcode unique to your account, and this is used to calculate a sequence of access codes, with a new code every minute or so. When you log in, you provide your username and password, hand over that minute's code, and in you go if it's all correct. And that's where LastPass comes in. LastPass Authenticator supports any service that offers a standard Time-based One-Time Password (TOTP) algorithm and will store the seed online in your LastPass account. Great. Or not. Because if someone gets into your LastPass account, it undermines the very advantage of having two-factor auth: that there is a second level of authentication using a different device. Using a password manager piece is preferable over using a small number of the same passwords for everything because you are able – theoretically at least – to use a different and more complex password for every service. But it risks creating of a single point of failure – everything is there. By putting two-factor auth codes in the same piece of software, that single point of failure becomes even more stark. It is placing eggs on top of an already egg-filled basket. But of course in the real world, this is just a theoretical risk. So long as you use a complex password for your LastPass account, there is no reason to believe that your critical data is at risk. It's not as if LastPass users were locked out of their accounts last week because of unspecified updates. Or that last month the company's own two-factor authentication implementation was found to have a serious fault in it. Or that its browser plugins have also had problems. Nope, this is all a great idea. Nothing can go wrong with this. Article source
  12. Until everybody and their dog eventually replaces passwords, the long-running log-in security feature is here to stay. That said, there are ways in which you can decrease the likelihood of your account being compromised by an attacker. One way is two-factor authentication, which sends a code to a different device, a code which you need to input along with your password to log into the account. A bug related to this security feature was just revealed to have been fixed by password management service provider, LastPass. Back in February, a security researcher at Salesforce, Martin Vigo, privately disclosed a bug to LastPass, via the company's bug bounty problem. The issue itself has to do with people using Google Authenticator as an extra security measure on their LastPass vaults. The server-side bug meant that if the user was logged into LastPass and was then lured to a "nefarious website", Google Authenticator could be bypassed entirely. Vigo recently detailed the process on his blog. Of course, LastPass continues to recommend users stay vigilant at all times and outlines a few safe practices: Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies. Never reuse your LastPass master password and never disclose it to anyone, including us. Use different, unique passwords for every online account. Two-factor authentication remains the most effective way to protect your account. Always enable 2FA for LastPass and other services like your bank, email, Twitter, Facebook, etc. Keep a clean machine by running antivirus and keeping your software up-to-date. If you find any issues, LastPass encourages you to contact them using their bug bounty program. Article source
  13. LastPass faced critical vulnerabilities LastPass, the password vault that you were supposed to trust with your information, was affected by a critical security flaw. Thankfully, the company has already patched things up. This wasn't even some very complicated problem, but rather a coding error. At least that's the opinion of Google's Tavis Ormandy, security expert that has detected numerous problems over the years, including the recent Cloudflare incident. The white hat found the issue within the LastPass Chrome extension. According to Ormandy, the extension had an exploitable content script that could be attacked to extract passwords from the manager. It could also be pushed to execute commands on the victim's computer, which the Google hacker demonstrated easily. "This script will proxy unauthenticated window messages to the extension. This is clearly a mistake," Ormandy writes. Nothing was safe Since LastPass works by storing passwords in the cloud, the browser extension is your link to the LastPass account, helping you save new information as you browse the Internet. The vulnerability made it dangerous for users to even browse a malicious website as all your passwords could have been picked up by attackers. "This allows complete access to internal privileged LastPass RPC commands. There are hundreds of internal LastPass RPCs, but the obviously bad ones are things copying and filling in passwords (copypass, fillform, etc)," Ormandy added in his report. It seems that all one needed to exploit the vulnerability was two simple lines of JavaScript code. Thankfully, LastPass has already fixed the issue within its Chrome extension by disabling 1min-ui-prod.service.lastpass.com. As always, the company had been notified early on about the discovered vulnerability and worked directly with Tavis to verify the report and to create and issue a fix. Firefox too A similar vulnerability was then discovered within the LastPass Firefox extension, a bug that could be exploited by malicious webpages to extract passwords straight from the manager. It looks like LastPass has already issued a patch to fix the addon, but the updated version is in Mozilla's review process so it may take a little bit longer for it to go live. Source
  14. As a small disclaimer: I am a PHP developer in my day job and I love PHP. This is in no way a criticism of PHP. I wanted to start using a password manager, since i’ve heard a lot about them and a lot of good things. The first one coming to my mind was LastPass because I have heard it somewhere on reddit or so before. After creating an account, I wanted to add 2-Factor-Authentication, because losing my LastPass account would equal losing every password of mine. I got redirected to https://lastpass.com/update_phone.php Red lights flashed in my head. I get redirected to a php file in the root of the webserver? The webserver doesn’t even bother rewriting the url so that maybe the url could look like “/update_phone”. Leaving out the .php will not work either. This is a big indicator for some really ugly and old PHP code. A friend of mine played around a bit after I joked require(‘header.php’); and found https://lastpass.com/header.php which is literally the header of their main site. PHP can be a beautiful language in 2016, but sites like these give PHP such a bad reputation. How am I supposed to trust a site with all my passwords that writes code like this? These might not be big security issues on the first look, but I’m willing to bet that a company writing this kind of code, will have security issues somewhere. This isn’t intended as a witch hunt, but maybe as an impulse to change some things. I apologize for my terrible style of writing, I’m not a writer, I’m a software developer but I wanted to vent my frustration or rather my release concerns somewhere. Ironically, this where you can delete your account: https://lastpass.com/delete_account.php Article source
  15. LastPass announced today that all users of its password management solution are now able to sync data across all their devices for free. LastPass is a popular password management solution for desktop and mobile devices that uses the cloud for storage. The company offers free and premium accounts to its users. Probably the biggest limitation up until now was that free users could only use LastPass on a single device class. If you started out with LastPass for the desktop, you could sync your password database and other data only to other desktop devices. If you wanted to use LastPass on mobile devices as well, you had to sign up for a Premium account to do so. The same was true for the other way round. If you used LastPass on mobile devices, you could not sync to desktop computer systems unless you would upgrade the account to Premium first. Premium accounts are not overly expensive at $12 per year if you pay annually, but the limitation put the company at a disadvantage when compared to services that did not restrict synchronizations. Many cloud-based password management services -- Dashlane, 1Password or Sticky Passwords for instance -- have the same or similar limitations in place on the other hand. The situation changes with today's announcement that all LastPass users can now sync their data across as many devices as they like. The unlimited devices synchronization feature is no longer a premium feature but available to all users. This means that you can install LastPass on the desktop as a free user, and sync your data to other desktop or mobile devices without signing up for a LastPass Premium account. Closing Words The move will make LastPass more attractive to users, especially those that require a password management solution on desktop and mobile devices but don't want to pay for it. It will be interesting to see if the decision affects the number of premium subscribers of LastPass. While Premium users get other options, e.g. more multifactor authentication options, shared folders, and desktop application passwords, it seems likely that unlimited synchronization of passwords and data was one if not the main feature for the majority. Article source
  16. Don't use LastPass to generate your passwords. Or if you do, do not trust the handy strength meter. Password strength meters are notoriously unreliable and LastPass is unfortunately no exception. Depending on what options are configured, the password strength meter inside the LastPass browser plugin, or at lastpass.com will give completely misleading estimates. For instance, generating a purely numeric 14-digit password results in a green strength bar, although such a password is in fact extremely weak: with just 46 bits of entropy, it would be bruteforced in minutes by even a modest cracking rig. Don't get burned. Just use a proper, native password manager. PS. I had a pretty bad experience reporting a previous vulnerability to LastPass, so I won't bother doing that again, until they give their bug bounty program more attention. Article source
  17. For those who don’t know, LastPass is one of the worlds most popular password managers. I started by noticing that the extension added some HTML code to every page I visited, so I decided to dig into how that worked. A few cups of coffee later, I found something that looked really, really bad. The issue The bug that allowed me to extract passwords was found in the autofill functionality. First, the code parsed the URL to figure out which domain the browser was currently at, then it filled any login forms with the stored credentials. However, the URL parsing code was flawed (bug in URL parsing? shocker!). This was the code (lpParseUri function, un-minified): var fixedURL = URL.match(/^(.*:\/\/[^\/]+\/.*)@/); fixedURL && (url = url.substring(0, fixedURL[1].length) + url.substring(fixedURL[1].length).replace(/@/g, "%40")); By browsing this URL: http://avlidienbrunn.se/@twitter.com/@hehe.php the browser would treat the current domain as avlidienbrunn.se while the extension would treat it as twitter.com. Since the code only URL encodes the last occurence of @, the actual domain is treated as the username portion of the URL. Too bad to be true? Below you see that the extension would fill my form with the stored credentials for twitter.com. After that I could simply go through other commonly used sites and extract credentials for those too. I reported this to LastPass through their responsible disclosure page and the report was handled very professionally. The fix was pushed in less than a day(!), and they even awarded me with a bug bounty of $1,000. Are passwords managers bad? Should we stop using password managers? No. They are still much better than the alternative (password reuse). Although, taking a second to disable autofill functionality is a good move because this isn’t the first autofill bug we’ve seen, and I doubt it will be the last. Also, this would not work if multi factor authentication was on, so you should probably enable that as well. Article source LastPass Remote Compromise vulnerability
  18. Popular password manager LastPass said it fixed two vulnerabilities that were found last year. The disclosure comes just ahead of a security conference where a research paper describing the problems is due to be presented. Zhiwei Li, a research scientist at Shape Security, reported the flaws to LastPass in August 2013, which were "addressed immediately," LastPass wrote on its blog. Both flaws involved "bookmarklets," which assist in filling out stored password information when LastPass's plugin can't be used, such as when using a mobile browser. One flaw could be exploited if a bookmarklet was used on a website rigged to attack it, LastPass wrote. The other vulnerability could allow an attacker to create a bogus one-time password (OTP) if a LastPass user was tricked into visiting a malicious website. The OTP attack would require a hacker to know a person's username in order to exploit it and also serve a custom attack, LastPass wrote. "Even if this was exploited, the attacker would still not have the key to decrypt user data," the company said. Zhiwei co-authored a research paper that has been accepted by the Usenix Security Symposium, which starts in San Diego on Aug. 20. The study analyzed five popular Web-based password managers: LastPass, RoboForm, My1login, PasswordBox and NeedMyPassword, all of which run in a Web browser. The researchers wrote that "in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites." LastPass wrote it didn't believe anyone other than Zhiwei exploited the flaws. Still, "if you are concerned that you've used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don't think it is necessary." Source: http://www.computerworld.com/s/article/9249694/LastPass_discloses_now_fixed_flaws_ahead_of_security_conference
  19. Like many or all users nowadays, I have too many passwords to remember, since I don't use the same password between services. I was looking for a service to securely store my passwords, and I have read in many sites about LastPass. I'm testing this service right now and it's awesome, really good, but, I can't help thinking how and where my passwords are being stored, who can access them, are the service/servers secure against attacks, if the service goes offline for maintenance or problems, how can I login in my accounts? And many others questions... So, I'm here to listen a word from you guys, services/tools like LastPass, KeePass, 1Password worth it?
  • Create New...