LastPass Sheds Light on Their Latest Security Implementations | Hacked: Hacking Finance

LastPass Sheds Light on Their Latest Security Implementations


Daniel Dob

Daniel Dob



LastPass Sheds Light on Their Latest Security Implementations

Posted on .
This article was posted on Tuesday, 19:20, UTC.

LastPass has long been known as a trustworthy password manager, thanks to their browser extensions, ease of use and security protocols. Recently, researcher Sean Cassidy carried out a presentation at the hacker convention, Shmoocon. There, he demonstrated a phishing attack that reportedly exposed a vulnerability in the LastPass security system.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

The attack was meant to trick users who accessed a malicious website into believing that they have been logged out of their LastPass accounts. Once this happened, they would be prompted to relog by entering their master password on a false website, which would then steal the user’s information.

Once these claims were made, LastPass was quick to respond and point out some of their security strategies, meant to make such events impossible. Apart from preventing malicious websites to log users out of LastPass, the program also displays clear warnings when users attempt to enter their master password on non-LastPass pages.

Also read: Researcher: Even Last Pass Will Be Hacked

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Together with this, an additional security feature has been implemented, meant to double check whenever users tend to log in from unknown devices and locations. Based on this, upon attempting to login from a suspicious location or device, users will have to complete a mandatory email verification. The verification process is meant to significantly reduce the risk of phishing attacks, as hackers would also have to get access to the user’s email address, which can be countered by enabling two-step verification over there as well.

During the last couple of years, LastPass has been actively encouraging Google to allow certain extensions to display notifications, as this would allow password managers such as LastPass the possibility to better protect their users.

Based on everything that has been outlined so far, what do you personally think about LastPass’s security implementations? Have you used the platform? Let us know your thoughts in the comment section below.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Daniel Dob

Daniel Dob

  • user

    AUTHOR MoooonMan

    Posted on 4:23 am January 20, 2016.

    I tried entering my LastPass password with Yahoo sign-on and I did not see any warnings.

  • user

    AUTHOR George Wells

    Posted on 1:54 am January 22, 2016.

    I met Danny in 2013 , he is a professional security analyst and certified hacker. the time I met him he already was certified since 2009 and he is very good at testing securities. should you ever have a project you need to test if it is totally secure, you should contact him by sending a mail to [email protected], I bet he is competent and savvy enough to solve your problem whatever it might be………..

  • View Comments (2) ...
    The team:
    Dmitriy Lavrov
    Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
    Jonas Borchgrevink
    Jonas Borchgrevink is the founder of and He is a serial entrepreneur, trader and investor. He shares his own personal journey on // -- Discuss and ask Read More
    Mate Csar
    Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
    Mati Greenspan
    Senior Market Analyst at // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
    Rakesh Upadhyay
    Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
    Pamela Meropiali
    Account Manager
    Pamela Meropiali is responsible for users on // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
    Joseph Young
    Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
    Australia stands unprepared for a cyber war, according to the Australian…