Add to browser.

Click Add extension above − it takes less than a minute to download!

Add to browserCreate Account

You're almost done.

Next, click the LastPass browser button above to create your account or log in.

Add to browserCreate Account
Log in and access LastPass using the browser icon.

Add to Firefox.

Click "Allow" then "Install" above. The installation takes
less than a minute! Next, you'll create your account, or log in if you already have one.

Step 1.

Click "Allow"

Step 2.

Click "Install" and LastPass will be installed in under a minute.

Step 3.

Create your account.

Should I be concerned about reports that my master password can be stolen?

Following a presentation at the DefCamp 2014 conference that claimed to show how an attacker could expose the LastPass master password, we want to address the concnern LastPass users may have about keeping their master password safe.

After reviewing the research, we offer the following tips and clarifications:

1) Strong antivirus software and multifactor (two-factor) authentication are the best line of defense against a man-in-the-middle (MitM) attack. LastPass Enterprise administrators can enforce the use of multifactor authentication through the LastPass security policies.

2) Important to note is the fact that the Metasploit module used in the research only works if the “remember my password” option is enabled. We strongly warn that users should not enable this option, and that doing so significantly reduces their security. LastPass Enterprise administrators can use a security policy that prevents the "remember my password" option from being checked, rendering the entire "vulnerability" null and void.

3) When founded, LastPass was originally built with AES256+ECB. Several years ago we switched to AES256+CBC with PBKDF2 rounds that are adjustable per user (in the LastPass Icon > My LastPass Vault > Settings menu). Enterprise administrators can enforce a particular limit of iterations via security policy. ECB isn't weak per-se, but it's a poor fit for any large block of regular data like images. AES256 in CBC mode is very strong.

4) The author states "They determined how it worked and created a script to reverse it", but to clarify, all of this is public information, so that others can vet the service and prove it to be secure.

5) If your computer is infected by a virus that can't be detected by antivirus software, there are other significant problems that the user will need to address.

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Please review these answers to your question:

Still Having Trouble?
Look for answers in our vibrant customer-to-customer community help forums.
Forums
View your account information and view the status of previously submitted support tickets.
View Tickets
Submit a support ticket and we'll get back to you as soon as we can!
New Ticket

Browse through our FAQs:

Quantcast