![]() ![]() Flaws happen how you handle them is really important. I would expect a company who's sole purpose is security to handle these things swiftly and make it their bread an butter. The larger thing, I think, is how LastPass seemed to sit on it for a longer they they "should" have without a fix. ![]() This seems like a limited case not only from the people who use this app, but also to the effort an attacker would need to be ready with other info. However, I think you're right to an extent. An attacker could get this "secure" info easily and broadly across the board. Generally there's a larger concern when the attack can be modified to run automatically. They still would have to have access to my username and password to use the 2FA token for the app. If I installed an app like that, that is on me. ![]() Someone would have o get an app on my phone that was malicious to be able to "read" the screen. It wasn't with or regarding the password manager app.įor me personally I only have 1 item in my LastPass authenticator and it is a Discord Server. This was with their authenticator app, the one that gives out 6 digit codes. Maybe I am just not aware of the security concern here. Priority and we strive to always improve our internal processes.Ī little disappointing, but because my phone is set to lock itself after only a short while with a fingerprint and PIN the likelihood of this being exploited is very very small, even if I did lose my phone in a public place (already unlocked).Įdited so my opinion didn't look like part of the article. To security reports – and customer concerns in general – is our highest At LastPass, investigating and responding We’ve identified and resolved the procedural issue to ensure future Through our bug bounty program, proper steps were not taken to escalate In addition to strengthening the app, the report highlighted needed It goes over this in the blog article she linked: We deserve an explanation of that gap before any further discussion takes place about restoring that trust. To date, LastPass has earned that trust, but this is a huge strike against it. Please tell us why it took six months to produce a fix, and only then after the reporting party finally went public.Īpplications like LastPass require a huge amount of trust of their users. Let me know if I can answer any questions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |