LastPass has long been known as a trustworthy password manager, thanks to their browser extensions, ease of use and security protocols. Recently, researcher Sean Cassidy carried out a presentation at the hacker convention, Shmoocon. There, he demonstrated a phishing attack that reportedly exposed a vulnerability in the LastPass security system.
The attack was meant to trick users who accessed a malicious website into believing that they have been logged out of their LastPass accounts. Once this happened, they would be prompted to relog by entering their master password on a false website, which would then steal the user’s information.
Once these claims were made, LastPass was quick to respond and point out some of their security strategies, meant to make such events impossible. Apart from preventing malicious websites to log users out of LastPass, the program also displays clear warnings when users attempt to enter their master password on non-LastPass pages.
Also read: Researcher: Even Last Pass Will Be Hacked
Together with this, an additional security feature has been implemented, meant to double check whenever users tend to log in from unknown devices and locations. Based on this, upon attempting to login from a suspicious location or device, users will have to complete a mandatory email verification. The verification process is meant to significantly reduce the risk of phishing attacks, as hackers would also have to get access to the user’s email address, which can be countered by enabling two-step verification over there as well.
During the last couple of years, LastPass has been actively encouraging Google to allow certain extensions to display notifications, as this would allow password managers such as LastPass the possibility to better protect their users.
Based on everything that has been outlined so far, what do you personally think about LastPass’s security implementations? Have you used the platform? Let us know your thoughts in the comment section below.