![]() This story originally appeared on Ars Technica. While LastPass said the bug was limited to the Chrome and Opera browsers, the company has deployed the update to all browsers as a precaution. The extension update should automatically install on users' computers, but it's not a bad idea to check. The LastPass bug was fixed in version 4.33.0. And despite the criticism SMS-based MFA gets-for good reason, by the way-even meager protection would likely be enough to protect most people against account takeovers. ![]() By far, the cross-industry WebAuthn is the most secure and user-friendly form of MFA, but time-based one-time-passwords generated by authenticator apps are also relatively secure. One way to reduce the damage that can occur in the event of a password manager hack is to use multifactor authentication whenever possible. On the whole, I still recommend most people use password managers unless they devise another technique to generate and store strong passwords that are unique to every account. In the event of a password-manager hack, there's the risk that the credentials for multiple accounts can be exposed. It's not unusual for some people to use password managers to store hundreds of passwords, some for banking, 401k, and email accounts. I abandoned it quickly because while you can get a free account, you need a paid one to use Yubikey. ![]() ![]() This limit is because of a storage capacity. The downside to password managers is that if or when they fail, the results can be severe. LastPass is only app (at all) that works with Yubikey on iOS (more on that later). Yubikey and every security key that supports TOTP, will have a limit on how many accounts they can store on one key. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |