Hacked: Hacking Finance

LastPass Sheds Light on Their Latest Security Implementations


Daniel Dob

Daniel Dob



LastPass Sheds Light on Their Latest Security Implementations

Posted on .

LastPass has long been known as a trustworthy password manager, thanks to their browser extensions, ease of use and security protocols. Recently, researcher Sean Cassidy carried out a presentation at the hacker convention, Shmoocon. There, he demonstrated a phishing attack that reportedly exposed a vulnerability in the LastPass security system.

The attack was meant to trick users who accessed a malicious website into believing that they have been logged out of their LastPass accounts. Once this happened, they would be prompted to relog by entering their master password on a false website, which would then steal the user’s information.

Once these claims were made, LastPass was quick to respond and point out some of their security strategies, meant to make such events impossible. Apart from preventing malicious websites to log users out of LastPass, the program also displays clear warnings when users attempt to enter their master password on non-LastPass pages.

Also read: Researcher: Even Last Pass Will Be Hacked

Together with this, an additional security feature has been implemented, meant to double check whenever users tend to log in from unknown devices and locations. Based on this, upon attempting to login from a suspicious location or device, users will have to complete a mandatory email verification. The verification process is meant to significantly reduce the risk of phishing attacks, as hackers would also have to get access to the user’s email address, which can be countered by enabling two-step verification over there as well.

During the last couple of years, LastPass has been actively encouraging Google to allow certain extensions to display notifications, as this would allow password managers such as LastPass the possibility to better protect their users.

Based on everything that has been outlined so far, what do you personally think about LastPass’s security implementations? Have you used the platform? Let us know your thoughts in the comment section below.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?


Daniel Dob

Daniel Dob

  • user

    AUTHOR MoooonMan

    Posted on 4:23 am January 20, 2016.

    I tried entering my LastPass password with Yahoo sign-on and I did not see any warnings.

  • user

    AUTHOR George Wells

    Posted on 1:54 am January 22, 2016.

    I met Danny in 2013 , he is a professional security analyst and certified hacker. the time I met him he already was certified since 2009 and he is very good at testing securities. should you ever have a project you need to test if it is totally secure, you should contact him by sending a mail to [email protected], I bet he is competent and savvy enough to solve your problem whatever it might be………..

  • View Comments (2) ...
    Australia stands unprepared for a cyber war, according to the Australian…