Let me try help and remind anyone else that can't fully grasp basic service email warning messages.the key is for the service to be prepared and protected which it seems LastPass never is.
I don't pay for the service, I am on the free version.25 million users or not, if you are paying a service to keep your credentials safe then it should be unhackable, doesn't matter if my account is the first to go or not, someones account will be the first to go is what matters.
It is not like this has not happened to them before and in the future I think we will eventually find this incident actually has but as of right now I think LastPass is just doing damage control.
I think it kind of silly they way you are playing it off ..... what if it was your account they decided to empty? probably wouldn't like it too much would ya?
LastPass has made Millions if not Billions of $$ storing peoples lives but yet cannot ever seem to get their house in order, use their service and you deserve whatever happens.
I would almost bet my bottom dollar the owner of LP doesn't even use his own service.
People are mostly concerned about the part that says “someone just used your master password”.Let me try help and remind anyone else that can't fully grasp basic service email warning messages.
In basic plain English that means : the service worked as intended and no access or no bypass was made. If messages like that makes some people upset and more paranoid, they should avoid check Microsoft accounts. That would really make them loose it.
Rants, account deletions info and other service advertising along with crystal clear disinformation. Not what I would call and interpret as " concerned ".People are mostly concerned about the part that says “someone just used your master password”.
It’s great that the access was blocked. But they still want to know how anyone managed to get their passwords in the first place.
In December 2021, logs from the RedLine Stealer malware were left publicly exposed and were then obtained by security researcher Bob Diachenko. The data included usernames, email addresses and plain text passwords.
In case a (master) password is leaked, 2FA is second level of defense against account takeover.Is 2FA really that necessary if a very strong - especially length - master pw is used? I ran mine through a couple different pw strenth test sites and the minimum time to crack it was a million years! I did assume this would be offline cracking. Honestly it seems like a lot of overreaction to this, though I'm one to talk, as this thread resulted in me switching to KeepassX(Linux) & Keepass 2 (Windows)
I agree 2FA indisputably adds security on the password, but I am really curious how long it take to crack a leaked 13-15 character, well hashed encrypted pw. I get the feeling 2FA isIn case a (master) password is leaked, 2FA is second level of defense against account takeover.
I have and advice others to enable 2FA on all important accounts like email, social media and passwordmanagers
I agree with your post, but the rumors say that they are leaked and used, highly unlikely, but again not real issue with 2FA.I agree 2FA indisputably adds security on the password, but I am really curious how long it take to crack a leaked 13-15 character, well hashed encrypted pw. I get the feeling 2FA is mostly necessary only for much shorter passwords, say only 8 characters, although I know LP requires longer than this.
There is a way to delete passwords/notes/logins/etc list in the vault so it would take a long if you have alot of saved password item.
If my understanding is right you mean that the only solution is to delete manually every password stored ?There is a way to delete passwords/notes/logins/etc list in the vault so it would take a long if you have alot of saved password item.