IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [lastpass]

A freemium password management service which seeks to resolve the password fatigue problem by centralising user password management in the cloud.

64 questions
18
votes
1 answer

Lastpass hack - risks for abuse

I use Lastpass. Today I got an email from them telling me that their servers were hacked, and a database with email addresses and recovery hints was probably copied. Dear LastPass User, We wanted to alert you that, recently, our team discovered and…
SPRBRN
  • 7,529
  • 6
  • 38
  • 38
7
votes
2 answers

LastPass - Best practices on foreign devices

I am a new user to LastPass and have been reading the literature to better understand how it works. What I do not grasp is how to best use LastPass on other computers. In the case where you only want to use the web GUI, I don't believe LastPass can…
Polite Master
  • 273
  • 1
  • 2
  • 6
7
votes
3 answers

Is storing my LastPass password in LastPass a security risk?

While categorizing my accounts in LastPass, I had a dumb thought cross my mind. Can I store my LastPass password in LastPass? Initially I thought this would be a completely pointless thought experiment. There's no way you could actually save your…
Stevoisiak
  • 1,535
  • 1
  • 13
  • 27
5
votes
2 answers

Does a leaked LastPass hash enable the attacker to retrieve encrypted passwords (ciphertexts)?

Normally LastPass servers won't send out encrypted passwords unless the client proves it knows the master password. With the hashes leaked, does it become possible for an attacker to retrieve encrypted passwords (i.e. ciphertexts, which are useless…
RomanSt
  • 1,220
  • 10
  • 25
2
votes
1 answer

How can you discover a password shared via LastPass?

I'm trying to set up a personal accountant with access to some of my financial accounts. I would like to use LastPass sharing to give them access to the accounts without giving them access to a password that could be used by third parties. However,…
Ryan McDermott
  • 21
  • 1
1
vote
1 answer

How to brute force Last Pass local storage extension?

I need to brute force Last Pass since I forgot my master password. Anyone know how is the format of the local storage of the extension? I was logged into it so it must have local data. I see words.dic and LPMPMU in local storage.
cswl
  • 111
  • 1
0
votes
0 answers

LastPass hack - risk for federated accounts on 100,100 PBKDF2 iterations

I'm trying to get a reasonable understanding of the possibility that our vaults could be brute forced in a viable timeframe. We have LastPass federated to Azure AD. Skimming through…
Kav
  • 1