Skip to main content
  1. Home
  2. Computing
  3. News

Despite security revisions, the secrecy of your passwords may still be at risk with LastPass

By

Heartbleed LastPass
Image used with permission by copyright holder
LastPass is what’s considered a single sign-on service, or SSO. It compiles all of your passwords into a single vault that can auto-fill forms at any time. It’s convenient, saves time, and is allegedly more secure than the alternative — typically using the same password for everything.

Security researchers have determined, however, that LastPass is far from perfect. It has been found to contain the types of holes that any amateur hacker could have a field day with. Given the proper tools, user data could have easily gotten into the wrong hands, revealing myriad private login credentials and leaving them vulnerable to a host of dangerous exploits.

Recommended Videos

This news comes by way of Martin Vigo, self-proclaimed “security geek,” who recently shared his findings at the Black Hat Europe conference. Speaking alongside Alberto Garcia Illera, Vigo provided vivid instructions for getting around LastPass’ security in a demonstration of just how easy it is to get through.

Related

The two sales force security engineers outlined several holes in the service’s security protocols, both from the outside and from within using the client or server. Locally, the experts were able to get past the two-factor authentication in LastPass using a locally stored plain text token. By doing this, Vigo and Illera were able to trick the password recovery feature, in turn managing to exploit session cookies, though other procedures ensued.

Most worrying for loyal LastPass devotees, however, is that by installing a few lines of JavaScript code, cybercriminals could theoretically rob users of their usernames and passwords.

For obvious ethical reasons, all of these discoveries were immediately reported to LastPass, and the firm made some quick modifications to its security protocols. Unfortunately, as David Bison pointed out on security consultant Graham Cluley’s blog, this problem is likely not exclusive to LastPass. Rather, numerous other SSO clients probably experience the same central flaws.

On a brighter note, if you’re currently using an SSO client, it’s probably still safer than not using one at all and, say, making all of your passwords the same, easy-to-guess word. In a Tom’s Guide article, journalist Marshall Honorof writes that cracking the LastPass code would actually be quite the challenge for many cyber thieves, unless they’re able to take control of the user’s server or the device itself. Because of this, most hackers would opt for other means of password theft. Nevertheless, it’s still a concerning matter considering LastPass is used by thousands of organizations globally.

Of course, as we reported on earlier this year, LastPass was the victim of a massive data breach back in June. Perhaps even more distressing, the SSO service was purchased just last month by LogMeIn, a major SaaS (software as a service company) that underwent a data breach of its own last January.

This is the second consecutive year in which this same pair of engineers has discovered some loose strings in the LastPass code, making it painfully easy to get past its ostensibly tightly concealed vault doors. We can only hope these findings will motivate LogMeIn to improve its situation rather than making LastPass even more susceptible to threats.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Best HP laptop deals: Get a 17-inch workhorse for $370 and more
An open HP Spectre x360 16 sits on a table, angled so that the screen and keyboard can be seen.

HP is one of the best laptop brands on the market, and if you're thinking of picking up a new laptop, then you may want to consider one of its many varieties of laptops. Not only that, but HP usually has some form of deal going on each of its sub-brans, so whether you're looking for an HP Omen gaming laptop or a Spectre X360 2-in-1 convertible, you'll likely find a good deal on it. Of course, it can be hard to navigate the dozens of different types of laptops HP has, which is why we've gone out and collected some of our favorite deals to help save you the trouble. That said, if you can't find quite what you're looking for below, be sure to check out these other great laptop deals and gaming laptop deals as well.
HP Laptop 15z -- $250, was $500

If you need a budget laptop for basic tasks, you can't go wrong with the HP Laptop 15z. With its AMD Athlon Silver 7120U processor, AMD Radeon Graphics, and 8GB of RAM, it's going to be a dependable device for doing online research and working with productivity apps. The laptop features a 128GB SSD with Windows 11 Home pre-loaded, and a relatively large 15.6-inch HD screen for its low price.

Read more
Some Intel CPUs are about to take a big performance hit, report says
Intel's 14900K CPU socketed in a motherboard.

High-end Intel CPUs are about to lose some significant performance, according to a new report from BenchLife (via VideoCardz). The outlet claims Intel has sent guidance to motherboard partners to implement the Intel Default Settings on Z790 motherboards, following a wave of reports of instability on recent high-end Intel CPUs.

According to the report, these default settings will enforce a PL2 of 188 watts. Intel maintains power limits (PL) for its processors. PL1 is the base power, or the power that the processor can sustain for long periods of time. PL2 is the maximum boost power, which the processor can hit for brief spurts when under a heavy load.

Read more
Best Buy laptop deals: Cheap laptops starting at $159
Apple M1 MacBook Air open on a desk with plants in the background.

If you’re looking for an affordable laptop, Best Buy is a great outlet to turn to. It carries some of the best laptops on the market, and often you’ll find many of the best laptop deals taking place at Best Buy. And while it’s a great place to land some savings on almost any device, including tablet deals, headphone deals, and smartwatch deals, the Best Buy laptop deals you can shop right now are worth taking a look at. Among them you’ll find many quality laptop options at some of the best prices we’ve seen, so read onward for more details. And if Best Buy doesn’t have what you’re looking for, you can check out some of the best Amazon deals and best Walmart deals, where you’ll also find a discounted laptop or two.
HP 14-inch laptop — $159, was $180

The HP 14-inch laptop is a fast and fun computing device. It's a great option for anyone searching the best laptops for high school students or the best laptops for college. It has an Intel Celeron processor and 4GB of system RAM that combine to push through homework assignments, work presentations, and hours upon hours of binge watching. The 14-inch screen sports HD resolution and makes this HP laptop a great way to enjoy movies, photos, and other digital content. The HP 14-inch laptop is able to reach up to 14 hours of battery life on a single charge, making it a great all-day option for people who like to do their work on the go.

Read more