LastPass is a popular password manager that retains and secures passwords. A lot of companies use LastPass instead of issuing employees numerous passwords for a variety of programs. Today, LastPass got some ‘not so great’ news from a Google researcher, Tavis Ormandy.
Ormandy discovered a vulnerability within the program that could leave various LastPass accounts open to hackers. In keeping with security code of ethics (bravo, Ormandy!), this flaw has not been made public. However, Ormandy did tell LastPass about the security threat. LastPass has since asked all users to stop using the program’s browser extensions until further notice.
LastPass has also issued a statement detailing the steps users need to take in order to ensure that accounts are kept safe. If you have a LastPass account, here’s what you should do.
First, do not use LastPass browser extensions. Instead go directly to the LastPass website and use the vault on the site.
Second, enable two-step authentication. This will make sure that you are the only one with any kind of access to your passwords or LastPass account.
Lastly, beware of any phishing scams. LastPass will not ask anyone for password information, and no emails from the company will be sent out to users. If you do get an email or text requesting these details, simply ignore it. Do not open the email, do not click on any links.
Fixing the Problem
LastPass is working on fixing the issue at hand today. As a security company, it is vital that LastPass engineers and security experts find the problem and solve it. Ormandy is currently part of Google’s ‘Project Zero’ initiative, which aims to find flaw with products designed by other companies. This is the second flaw that security experts from Project Zero have found with the LastPass program.
Despite these (and other) flaws, LastPass is still an excellent tool to use. This tool is also one of the only ones recommended by security experts. It is not uncommon for a company to create tools that sometimes have security issues. With a company like Google on the lookout for flaws in major and important programs in wide use like LastPass, many of these issues will be discovered and fixed.
The Password Manager System
Some security experts wonder if the whole password management system isn’t a major hack waiting to happen. After all, it’s one program that houses passwords for a multitude of other things - including emails, documents, account numbers, and other personal information. But LastPass, and those security experts that do support it, argue that this password manager is secure.
The company should have a fix to the issue within the week. For now, make sure not to use the LastPass extensions, and to follow the steps listed above. If you would like more information about this security problem, take a look at the LastPass blog. However, for security purposes, the company will probably not publish the actual issue. Hopefully, you’ve read this article and are now passing it along via social media so that everyone can be aware!