The only thing left to do now is migrate to a different password manager, change absolutely EVERYTHING and hope this never happens again. ![]() ![]() Your master password may take 1 billion years to crack on current hardware that much is true, but the hardware a decade from now may do it in 1 minute. The job will get easier and easier with every new GPU/CPU generation. You should now assume that your vault is out there forever and it's only a matter of time before even the strongest master passwords are cracked. At this point you could add 2FA and could assume your entries are not tampered with and go through and change them all. The strength of the 2nd lock depends on multiple factors including password entropy, password reuse and previous breaches.Įven if you go and change your master password now it will make no difference at all since you cannot change the master password that is tied to the backup. If you want to keep your current info and not reset the account, change your password and use the current recovery code to disable 2FA, which will change the recovery code. The key to the 2nd lock is the master password that was used at the time the backup was made. The threat actor knows which email is tied to your LastPass account which basically gives them the 1st key to a door with 2 locks. The threat actor has obtained a backup of all of your vaults and the 2FA protecting your account has already been bypassed.
0 Comments
Leave a Reply. |