LastPass says it fixed two-factor authentication bug related to use of Google Authenticator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Until everybody and their dog eventually replaces passwords, the long-running log-in security feature is here to stay. That said, there are ways in which you can decrease the likelihood of your account being compromised by an attacker.

One way is two-factor authentication, which sends a code to a different device, a code which you need to input along with your password to log into the account. A bug related to this security feature was just revealed to have been fixed by password management service provider, LastPass.

Back in February, a security researcher at Salesforce, Martin Vigo, privately disclosed a bug to LastPass, via the company's bug bounty problem. The issue itself has to do with people using Google Authenticator as an extra security measure on their LastPass vaults. The server-side bug meant that if the user was logged into LastPass and was then lured to a "nefarious website", Google Authenticator could be bypassed entirely. Vigo recently detailed the process on his blog.

Of course, LastPass continues to recommend users stay vigilant at all times and outlines a few safe practices:

  • Beware of phishing attacks. Do not click on links from people you don’t know, or that seem out of character from your trusted contacts and companies.
  • Never reuse your LastPass master password and never disclose it to anyone, including us.
  • Use different, unique passwords for every online account.
  • Two-factor authentication remains the most effective way to protect your account. Always enable 2FA for LastPass and other services like your bank, email, Twitter, Facebook, etc.
  • Keep a clean machine by running antivirus and keeping your software up-to-date.
If you find any issues, LastPass encourages you to contact them using their bug bounty program.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top