A dangerous LastPass security vulnerability allows attackers to gain remote access to user accounts.
LastPass saves user passwords in a "secure" area and automatically displays credentials for you on the pages that require it when needed. The system uses AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to protect valuable data that is stored.
But according to the well-known security researcher from the Google Project Zero Tavis Ormandy, the software contains "critical issues" that could put user accounts at risk.
On Tuesday, White Hat hacker revealed on Twitter that a quick look at LastPass security discovered "obvious" security issues.
So millions of users can be in danger until the problem is repaired. Of course, you understand that if an attacker can intercept a LastPass user account, it gives him access to a thesaurus with credentials for other online services.
Ormandy has announced zero-day and other critical critical security issues without giving technical details.
The same researcher has discovered critical problems in the software of major companies such as Symantec, Avast and many others.
Here we should mention something we say very often: For passwords managers, forget about online services. Store your data locally. They are more likely to hack a LastPass that attracts them hackers by thousands because of its services rather than your computer.
Try the free app KeePass. It will store all of your passwords locally with satisfactory encryption. All you have to remember is a master code for opening the application.
