Password manager Stories March 28

AAPL: 143.80

2.92

Update:

LastPass says that the browser extension vulnerability has now been patched, and that there is no evidence that it was ever exploited.

Google security researcher Tavis Ormandy reported a client-side vulnerability in the LastPass desktop browser extensions, but neither he nor LastPass released any details pending a fix. The company said that this has now been done, and most users will be automatically updated to version 4.1.44.

On Saturday, March 25th, security researcher Tavis Ormandy from Google’s Project Zero reported a security finding related to the LastPass browser extensions. In the last 24 hours, we’ve released an update which we believe fixes the reported vulnerability in all browsers and have verified this with Tavis himself.

Most users will be updated automatically. Please ensure you are running the latest version (4.1.44 or higher), which can always be downloaded at https://www.lastpass.com/.

LastPass has now provided details of the issue in a blog post, but warns that the obscure nature of the vulnerability means that the explanation is highly technical.

Password-manager LastPass is recommending that users follow precautionary steps while it works on fixing a vulnerability discovered over the weekend. Two of the recommendations are generic in nature, and should be followed anyway, but one is specifically geared to protecting your account from the vulnerability …

expand full story

Password manager Stories March 24

AAPL: 140.64

-0.28

While the available evidence suggests that hackers have not gained direct access to more than 600 million iCloud accounts, some of the sample login credentials supplied by the group have been found to be valid. ZDNet, for example, used Apple’s password reset function to test 54 logins supplied by the hackers, and found that all of them worked.

Apple has said that there have been no breaches of its own systems, and that the credentials likely came from ‘previously compromised third-party services.’ Most of the account owners contacted by ZDNet lent weight to this claim …

expand full story

Password manager Stories January 5, 2016

AAPL: 102.71

-2.64

LastPass has updated its Mac and iOS apps and browser extensions to version 4.0 to add an emergency access feature and shared passwords, as well as a significantly revamped user-interface.

Emergency Access (shown below) is designed to ensure that you aren’t permanently locked out of your account if you ever forget your master password.

Emergency Access lets users designate trusted family, friends or colleagues to have access to their password vault in the case of an emergency. For added security, a user can require a waiting period between when an Emergency Access contact can request access to the vault and when access is granted. During the waiting period, users can decline an Emergency Access request to their vault.

The new Sharing Center is designed to provide a safe method of allowing multiple people access to the same account, such as when two or more family members want access to utility accounts …

expand full story

Password manager Stories April 7, 2015

A couple of months after the 1Password iOS app was updated to support one-time passwords, the Mac app has been given the same feature, allowing the popular password manager to support two-factor authentication.

Version 5.3 of the pricey but powerful app also gains a number of other improvements, including improved credit card filling on a number of sites, among them Hilton, Cineplex, Drafthouse, Amazon, and PayPal. More custom fields have been added, and you can add your own fields in secure notes also …  expand full story

Password manager Stories January 20, 2015

Here are the worst passwords of 2014 (and ‘password’ still isn’t the worst)

SplashData, the company behind corporate password manager SplashID, has just compiled the latest top-25 ‘most hacked passwords’ rankings. As last year, the most-hacked password is 123456, with ‘password’ only managing second place.

But perhaps naive Internet users have been paying attention. It seems some of those using 123456 have come up with a cunning plan to defeat the hackers: dropping the final digit. 12345 has raced 17 places up the charts into third place. Old favorite ‘letmein’ has climbed one place to #13.

New additions this year include baseball, football, batman and access (cunning). You can see the full top-25 below. If you’re not already using a password manager to enable strong, unique passwords for each website, check-out our how-to guide.

1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 123456789 7. 1234 8. baseball 9. dragon 10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael 21. superman 22. 696969 23. 123123 24. batman 25. trustno1

Password manager Stories December 10, 2014

LastPass matches Dashlane with automated password changing – but it doesn’t yet fully compete

After password manager Dashlane grabbed the limelight yesterday with an automated password changer for 50 top US websites, LastPass has hit back with its own version of the same feature. However, while LastPass supports more sites, it falls short of the Dashlane offering by forcing you to change one password at a time, rather than doing all supported sites en-mass, and not yet supporting sites that employ two-factor authentication.

We’re excited to announce that the Auto-Password Change feature we released to our Pre-Build Team last week is now available for all users in beta. LastPass can now change passwords for you, automatically. We’re releasing this feature for free to all our users, on Chrome, Safari, and Firefox (starting with version 3.1.70) […]

Auto-Password Change already supports 75 of the most popular websites, including Facebook, Twitter, Amazon, Pinterest, Home Depot, and Dropbox.

LastPass notes that it does this while maintaining its secure approach of ensuring that only encrypted versions of the password are ever stored on the LastPass server, with the apps doing the decrypting on your device.

You can download the beta from the LastPass download site. If you’re not yet using a password manager, check out out our how-to guide.

Powered by WordPress.com VIP