Jump to content

Search the Community

Showing results for tags 'lastpass'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 17 results

  1. Approximately 57% of businesses around the world are currently using multi-factor authentication (MFA), with a 12% gain over the stats from last year according to research from LastPass based on data from 47,000 orgs. Multi-Factor Authentication (MFA) a method of authentication designed to add an extra layer of protection on top of the users' credentials. When MFA is enabled for an online service, the user will also be prompted to enter an authentication code from their MFA solution (hardware or software-based) after logging in using their usernames and password. "Securing employee access has never been more important and unfortunately, we see businesses ignore password security altogether, or only half-heartedly attempt to address it," said LogMeIn Chief Information Security Officer, Gerald Beuchelt. "This report further highlights the importance of using the identity and access management tools available to information security managers in addition to maintaining focus on employee training to improve password habits." 95% use software-based MFA authentication "The increase in businesses using multifactor authentication (MFA) is one of the biggest takeaways from this year’s report, with significant gains in usage compared to our findings in 2018," says the report. Out of all the employees utilizing MFA, 95% use a software-based multi-factor authentication tool like a mobile app, while only 4% of the total have a hardware-based MFA solution and roughly 1% use biometrics. "Given the scalability and lower cost of software-based choices, it’s unsurprising that they’re currently the most popular," adds the report. A previous study from Spiceworks shows that 62 percent of organizations around the globe currently use biometric authentication tech, with an additional 24 percent of them planning to switch to it within the next two years. "Fingerprint and face scanners are the most common types of biometric authentication used on corporate devices and services," said Spiceworks. "The results show 57 percent of organizations are using fingerprint scanning technology, while 14 percent are using face recognition technology." Data from 47,000 organizations of all sizes This year's LastPass Global Password Security Report on the state of password usage by businesses all over the world is based on aggregated and anonymized data collected from roughly 47,000 organizations that use LastPass, including info related to MFA, SSO, and mobile password management. "Though the data set represents LastPass users, given the breadth and depth of the data set, conclusions are broad enough to be applied to the business community at large," says LastPass. The highlights of the report are as follows: • Worldwide: More than half of businesses globally have employees using multi-factor authentication • Progress: IT admins take advantage of policies and integrations to increase security and streamline management, but more IT admins could be mandating the use of multi-factor authentication • Leading: The Netherlands emerges as a leader in security this year, with high usage of multi-factor authentication and the top Security Score • Mobility: The ability to access passwords on mobile significantly improves the experience – and employee adoption • Risk: Password reuse is still widespread, and contributes to lower Security Scores • Initiatives: Internationally, increased regulations appear to be a driving factor in password security awareness, especially in EMEA and APAC • Accountability: IT organizations must take responsibility for ongoing training and take proactive measures to eliminate risky password behaviors and improve company-wide Security Scores The most concerning of all the study's findings is that password reuse and sharing is still a very common practice in most organizations, with their employees reusing a password an average of 13 times. Out of all businesses that took part in this year's study, the employees of smaller orgs with fewer than 1,000 agents reused 10-14 passwords compared to only about four reused passwords in the case of larger businesses. Hardware-based MFA is the way to go To put things into perspective when talking about MFA, Director of Identity Security at Microsoft Alex Weinert said in an Azure Active Directory Identity Blog post that "your password doesn’t matter, but MFA does! Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA." This month, Weinert also added that "use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.1% of the general population." While Google also said in May that "simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks," the fact that "zero users that exclusively use security keys fell victim to targeted phishing during our investigation" shows just how much more effective hardware-based MFA actually is when compared to the SMS-based version for instance. Microsoft and Google also provide easy to follow procedures on how to secure your accounts, with Microsoft having a support page on the five steps to secure your identity and Google having published a blog post about the five things to do to stay safe online. Source
  2. LastPass has released a fix last week. Vulnerability details are now public. Users advised to update. Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google's elite security and bug-hunting team. Fix available LastPass, believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. If users have not enabled an auto-update mechanism for their LastPass browser extensions or mobile apps, they're advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher's bug report walks an attacker through the steps necessary to reproduce the bug. Since the bug relies on executing malicious JavaScript code alone, with no other user interaction, the bug is considered dangerous and potentially exploitable. Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials entered on previously-visited sites. According to Ormandy, this isn't as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site. "I think it's fair to call this 'High' severity, even if it won't work for *all* URLs," Ormandy said. Since the vulnerability was discovered and then privately reported by Google, there's no reason to believe the bug has been exploited in the wild. A LastPass spokesperson did not return a request for comment. Don't abandon password managers because of a fixable bug Like any other applications, password managers are sometimes vulnerable to bugs, which are in all cases eventually fixed. Despite this vulnerability, users are still advised to rely on a password manager whenever they can. Using a password manager is many times better than leaving passwords stored inside a browser, from where they can be easily extracted by forensic tools and malware. LastPass' efficiency in keeping passwords away from prying eyes was proven this summer when the company couldn't answer legal demands from the US Drug Enforcement Administration (DEA). The company was told by cops to hand over information on a user, such as passwords and home address, but the company couldn't comply with the order because the data was encrypted and they couldn't access it. Source
  3. LastPass launched a new feature in the mobile versions of the password manager LastPass today that allows customers to recover their account under certain circumstances. Password managers help users when it comes to password use on the Internet. They provide users with tools to create and use unique passwords everywhere. The database is usually protected by a master password that the user needs to enter to decrypt the password database and access stored passwords and other information. Password managers may support other authentication options. KeePass, a popular free password manager supports key files or Windows user accounts. Users who forget the master password are in a precarious situation as it is the only option to unlock the database unless recovery options are available. LastPass Mobile Account Recovery LastPass launched a new feature called LastPass Mobile Account Recovery today that introduces an option to recovery a LastPass account in case the master password is not accepted anymore by the service. The feature is only available in the mobile LastPass applications for Android and iOS. Mobile account recovery requires a mobile device with fingerprint or Face ID authentication support. Basically, what it does is unlock an option to recover a LastPass account using the authentication method. While LastPass makes no mention how the feature works, it appears that it links biometric authentication to the LastPass account so that users of the service may reset the master password using it. It should be clear that LastPass users need to configure the feature before it becomes available. The company notes that the account recovery feature is device-specific. If you want it to be available on all devices, you need to enable it on all of them. If you are using LastPass on an Android device, you need to configure fingerprint authentication first; if you use it on an iOS device, you need to set up Face ID instead. Setup is identical afterwards: sign in to the LastPass application on the mobile device. LastPass should display a notification about the new account recovery option; if it does not, go to Menu > Settings > Security and enable the unlock feature (called Use Fingerprint to Unlock on Android, and Use Face ID on iOS), and toggle the account recovery feature afterward. Here is a video by LastPass that demonstrates the feature. If you need to reset your LastPass master password, select "forgot password" when you get to the login screen. From there, select "Recovery with Fingerprint" or "Recovery with Face ID" and authenticate using the biometric authentication option. LastPass will prompt you for a new master password that you may enter directly. You may also add a password hint. The selection of "set master password" completes the process. Closing Words LastPass recommends that customers enable the new account recovery option on their mobile devices even if they only use the desktop version of the password manager. The new option is certainly helpful in restoring an account if the master password cannot be remembered; users should take note, however, that it could also open up a new option for third-parties to gain unauthorized access to the account through coercion. Cautious users might want to stick to using the password hint option as the only resort when it comes to account recovery. Source: LastPass introduces Account Recovery on Mobile (gHacks - Martin Brinkmann)
  4. LastPass increased the price of the Premium plan of its password management service in February 2019; this time to $3 per month for a Premium plan, an increase by $1 per month. LastPass is the maker of a popular password management service. Free and paid versions of LastPass are available, and Home users may upgrade accounts to a Premium or Family plans. The Premium version adds features such as encrypted file storage, emergency access, advanced multi-factor authentication options, and priority tech support to the feature set. LastPass enabled mobile access for free accounts in 2015, and removed the free account limitation that restricted sync operations to device classes (e.g. PC to PC, but not PC to mobile). Families support up to six users as opposed to the single user that a Premium license supports. It furthermore includes access to a family manager dashboard and unlimited shared folders. LastPass Premium's price is $3 per month if paid annually as of February 2019. LastPass increased the price from $2 per month to $3 per month in February for existing and new users; this is the second premium price increase after the increase from $1 per month to $2 per month in 2017. Both increases came after LogMeIn's acquisition of LastPass in late 2015. The new price took effect for new customers on February 7, 2019. Existing customers have to pay the new price when they renew the plan. LastPass sends out reminders 30-days before the expiration of a plan to notify users about the upcoming renewal. Price comparison An increase from $1 to $3 per month in two years is certainly something that does not look too good on paper. Compared to other premium password manager offerings, it is not too expensive, however. Dashlane charges $5 per month for Dashlane Premium, 1Password $2.99 per month (and $4.99 for Families), Enpass asks for one-time payments for individual platforms ($11.99 per platform), and BitWarden charges $1 per month for its Family plan (there is no Premium plan). KeePass, which I use, is available for free. LastPass' price matches that of the competition for the most part. Enpass' decision to charge users a one-time fee deserves commendation in a world in which most companies move to subscription-based services. Closing Words The LastPass Families price remained as it was; it costs just $1 more per month and gives customers access to five additional Premium accounts. The price increase moves LastPass' premium offering in line with its competition. Source: LastPass increases price of Premium plan again (gHacks - Martin Brinkmann)
  5. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  6. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  7. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  8. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  9. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  10. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  11. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  12. 32-bit https://lastpass.com/lastpass.exe or https://lastpass.com/download/cdn/lastpass.exe 64-bit https://lastpass.com/lastpass_x64.exe or https://lastpass.com/download/cdn/lastpass_x64.exe
  13. Just keep putting those eggs in the one basket, friends Password manager LastPass has added a new feature to its software: the ability to store two-factor authentication codes. This is great news. For hackers. Increasingly, people with sense use two-factor auth as a way of ensuring that it is much harder for miscreants to break into their accounts, and to detect if anyone is anyone is trying to do so. A crook needs to know not only a victim's username and password, but also have their two-factor code to log in. Typically, what will happen is that when you try to log into an account – say, a bank account – the process will send a one-off code to a device that it knows belongs to you (typically a mobile phone) and require that code to be entered before moving forward. However, many companies, including Google, Facebook and Dropbox also offer the ability to generate one-off access codes from a device or app. You usually scan a barcode unique to your account, and this is used to calculate a sequence of access codes, with a new code every minute or so. When you log in, you provide your username and password, hand over that minute's code, and in you go if it's all correct. And that's where LastPass comes in. LastPass Authenticator supports any service that offers a standard Time-based One-Time Password (TOTP) algorithm and will store the seed online in your LastPass account. Great. Or not. Because if someone gets into your LastPass account, it undermines the very advantage of having two-factor auth: that there is a second level of authentication using a different device. Using a password manager piece is preferable over using a small number of the same passwords for everything because you are able – theoretically at least – to use a different and more complex password for every service. But it risks creating of a single point of failure – everything is there. By putting two-factor auth codes in the same piece of software, that single point of failure becomes even more stark. It is placing eggs on top of an already egg-filled basket. But of course in the real world, this is just a theoretical risk. So long as you use a complex password for your LastPass account, there is no reason to believe that your critical data is at risk. It's not as if LastPass users were locked out of their accounts last week because of unspecified updates. Or that last month the company's own two-factor authentication implementation was found to have a serious fault in it. Or that its browser plugins have also had problems. Nope, this is all a great idea. Nothing can go wrong with this. Article source
  14. Until everybody and their dog eventually replaces passwords, the long-running log-in security feature is here to stay. That said, there are ways in which you can decrease the likelihood of your account being compromised by an attacker. One way is two-factor authentication, which sends a code to a different device, a code which you need to input along with your password to log into the account. A bug related to this security feature was just revealed to have been fixed by password management service provider, LastPass. Back in February, a security researcher at Salesforce, Martin Vigo, privately disclosed a bug to LastPass, via the company's bug bounty problem. The issue itself has to do with people using Google Authenticator as an extra security measure on their LastPass vaults. The server-side bug meant that if the user was logged into LastPass and was then lured to a "nefarious website", Google Authenticator could be bypassed entirely. Vigo recently detailed the process on his blog. Of course, LastPass continues to recommend users stay vigilant at all times and outlines a few safe practices: Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies. Never reuse your LastPass master password and never disclose it to anyone, including us. Use different, unique passwords for every online account. Two-factor authentication remains the most effective way to protect your account. Always enable 2FA for LastPass and other services like your bank, email, Twitter, Facebook, etc. Keep a clean machine by running antivirus and keeping your software up-to-date. If you find any issues, LastPass encourages you to contact them using their bug bounty program. Article source
  15. LastPass faced critical vulnerabilities LastPass, the password vault that you were supposed to trust with your information, was affected by a critical security flaw. Thankfully, the company has already patched things up. This wasn't even some very complicated problem, but rather a coding error. At least that's the opinion of Google's Tavis Ormandy, security expert that has detected numerous problems over the years, including the recent Cloudflare incident. The white hat found the issue within the LastPass Chrome extension. According to Ormandy, the extension had an exploitable content script that could be attacked to extract passwords from the manager. It could also be pushed to execute commands on the victim's computer, which the Google hacker demonstrated easily. "This script will proxy unauthenticated window messages to the extension. This is clearly a mistake," Ormandy writes. Nothing was safe Since LastPass works by storing passwords in the cloud, the browser extension is your link to the LastPass account, helping you save new information as you browse the Internet. The vulnerability made it dangerous for users to even browse a malicious website as all your passwords could have been picked up by attackers. "This allows complete access to internal privileged LastPass RPC commands. There are hundreds of internal LastPass RPCs, but the obviously bad ones are things copying and filling in passwords (copypass, fillform, etc)," Ormandy added in his report. It seems that all one needed to exploit the vulnerability was two simple lines of JavaScript code. Thankfully, LastPass has already fixed the issue within its Chrome extension by disabling 1min-ui-prod.service.lastpass.com. As always, the company had been notified early on about the discovered vulnerability and worked directly with Tavis to verify the report and to create and issue a fix. Firefox too A similar vulnerability was then discovered within the LastPass Firefox extension, a bug that could be exploited by malicious webpages to extract passwords straight from the manager. It looks like LastPass has already issued a patch to fix the addon, but the updated version is in Mozilla's review process so it may take a little bit longer for it to go live. Source
  16. Popular password manager LastPass said it fixed two vulnerabilities that were found last year. The disclosure comes just ahead of a security conference where a research paper describing the problems is due to be presented. Zhiwei Li, a research scientist at Shape Security, reported the flaws to LastPass in August 2013, which were "addressed immediately," LastPass wrote on its blog. Both flaws involved "bookmarklets," which assist in filling out stored password information when LastPass's plugin can't be used, such as when using a mobile browser. One flaw could be exploited if a bookmarklet was used on a website rigged to attack it, LastPass wrote. The other vulnerability could allow an attacker to create a bogus one-time password (OTP) if a LastPass user was tricked into visiting a malicious website. The OTP attack would require a hacker to know a person's username in order to exploit it and also serve a custom attack, LastPass wrote. "Even if this was exploited, the attacker would still not have the key to decrypt user data," the company said. Zhiwei co-authored a research paper that has been accepted by the Usenix Security Symposium, which starts in San Diego on Aug. 20. The study analyzed five popular Web-based password managers: LastPass, RoboForm, My1login, PasswordBox and NeedMyPassword, all of which run in a Web browser. The researchers wrote that "in four out of the five password managers we studied, an attacker can learn a user's credentials for arbitrary websites." LastPass wrote it didn't believe anyone other than Zhiwei exploited the flaws. Still, "if you are concerned that you've used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don't think it is necessary." Source: http://www.computerworld.com/s/article/9249694/LastPass_discloses_now_fixed_flaws_ahead_of_security_conference
  17. Like many or all users nowadays, I have too many passwords to remember, since I don't use the same password between services. I was looking for a service to securely store my passwords, and I have read in many sites about LastPass. I'm testing this service right now and it's awesome, really good, but, I can't help thinking how and where my passwords are being stored, who can access them, are the service/servers secure against attacks, if the service goes offline for maintenance or problems, how can I login in my accounts? And many others questions... So, I'm here to listen a word from you guys, services/tools like LastPass, KeePass, 1Password worth it?
×
×
  • Create New...