![]() Probably after reading this thread, LP added another section in the recommendation page, confirming that 'the TOTP seeds used to generate the six-digit TOTP codes in your LastPass Authenticator are backed up to your LastPass vault using zero knowledge' such that they are also protected with your master password. Whether other seeds stored in the LP Authenticator were encrypted or leaked needs further disclosure. It seems that LP confirmed 'MFA seeds assigned to the user when they first registered their multifactor authenticator of choice to authenticate to the LastPass vault' were leaked, and they only recommend 'regenerate your shared secrets in your LastPass account settings' rather than other sites as well. So if you are using LastPass Authenticator, reset every seed stored in it.Īs comments pointed out, it is vague whether the TOTP secrets for other sites stored in the LP Authenticator were breached. They stored the key somewhere and the hacker took it along with the data. It works well for saving web and app log-in details, but it's. ![]() Save a password on one device, and it's available on all your Apple devices. For some reason, this part was not encrypted using their zero-knowledge method (!). This is a great choice for those in the Apple ecosystem. Not just the LastPass 2FA seed, but all the secrets in your Authenticator. I think the most important information from this was that they confirmed the 2FA seeds were leaked and decrypted. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |