#Lastpass security email upgrade
LastPass failed to upgrade some accounts from 5,000 to 100,100 iterations. You should especially check your password iterations setting. Happy holidays, everyone!Įdit (): As it turned out, even for a “nobody” there are certain risk factors.
If their web application has been compromised nobody will be safe. Unless LastPass underestimated the scope of the breach that is. Should you hold the keys to your company’s assets however (network infrastructure, HR systems, hot legal information), it should be a good idea to replace these keys now. If you are a regular “nobody”: access to your accounts is probably not worth the effort. You should also consider whether you still want them uploaded to LastPass servers.
If you are someone who might be targeted by state-level actors: danger is imminent and you should change all your passwords ASAP. But the executive summary is: it very much depends on who you are. I’ll delve into the technical details below. Fact is however: decrypting passwords is expensive but it is well within reach. It also prepares the ground for blaming you, should the passwords be decrypted after all: you clearly didn’t follow the recommendations. This makes it sound like decrypting the passwords you stored with LastPass is impossible. If you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology. The following statement from the blog post is a straight-out lie: In particular, they are rather misleading concerning a very important question: should you change all your passwords now? While this email and the corresponding blog post try to appear transparent, they don’t give you a full picture. If you have a LastPass account you should have received an email updating you on the state of affairs concerning a recent LastPass breach.
0 kommentar(er)
