However unimportant, it is inarguable their security has been reduced. The lack of visibility of LastPass’s source (and proprietary info) gave them some protection that is now gone. Next time, use 4 or 5 random diceware words for your master password. One advantage of OS software is there is no presumption of security through obscurity. They picked you out because they saw you're a crypto guy, then using the sites you visit and then searching Google about you, they figured out your master password. Combine with LastPass not encrypting everything in your vault, you were just easy pickings. I would very much assume they got in because your master password was weak. The ongoing investigation into the LastPass breach determined 'a threat actor exfiltrated encrypted backups from a third-party cloud storage service,' the black hat hackers were able to obtain an encryption key with which they could have decrypted 'a portion' of the stolen encrypted backups. This is why length is not the most important factor when it comes to passwords, but randomness, then you worry about length. While "J0nSmith1969!" is long, it's not at all secure funny enough, "J0nSmith1969!" gave me 10.2634. Secure your Twitch account by using a strong and unique password created with a password manager like LastPass or 1Password. With the info you given so far, I would bet your master password was something easy, like your name, maybe a b-day or something you like. That's a log scale, so you being half that is very concerning. That way, you won’t have to enter the 2FA code on the devices you frequently use.ĢFA is a quick, convenient way to add very strong security to your account.This randomly generated example 4 diceware passphrase (respect-filtrate-everglade-monsoon) gave me 26.12845. This process is even easier for LastPass users, since LastPass will autofill your Reddit username and password for you. Then all you need to do is type that code to complete your login. Going forward, we hope Reddit will also add the option to trust a device. Once you enter your username and password, look at the LastPass Authenticator app to type in the code that’s displayed. LastPass didn’t, or couldn’t, say, in its November 2022 update, how long it took for the second wave of crooks to get into its cloud servers following the first attack on its development. I get they theoretically have better security than your average company, but (IMO) the wealth of data to be gathered more than makes up for the time/effort any given hack might take. If all businesses in general have targets on them for this stuff, security companies list LastPass have giant, neon signs that say 'hack me'. Once you’ve set up two-factor authentication for your account, you’ll be prompted for a 6-digit code every time you log in. I mean, its a security service in the cloud. Communication with users will depend on the incident and those of the highest priority will include emails, blog posts, and social posts. Our team reacts swiftly to reports of bugs or vulnerabilities and communicates openly with our community. You’ll see a success message from Reddit and a reminder to generate backup codes.įor more information, be sure to head to Reddit’s Help Center. LastPass values transparency in its incident response procedures.Scan the barcode and type in the 6-digit code listed under the Reddit entry.From LastPass Authenticator, tap the “Add” button and select the option to scan bar code.If you haven’t already, download LastPass Authenticator from the iOS or Play store.Choose the option to enable two-factor authentication.Click on preferences in the top menu and select the password/email tab.Every password you use for every online account should be unique and long and locked up in your password manager. The added security is intended to keep people from gaining unauthorized access to your account. Even if someone were to steal your Reddit account password, they still wouldn’t be able to log in without the 2FA code.īut remember – that’s no excuse to use a weak password for your Reddit account. The code is generated by an app on your phone and is only valid for a limited period of time. During the course of our investigation, we. We have now completed an exhaustive investigation and have not seen any threat-actor activity since October 26, 2022. Why 2FA for your Reddit account ?ĢFA adds another layer of security by prompting you for an additional code. Security Incident Update and Recommended Actions To Our LastPass Customers I want to share with you an important update about the security incident we disclosed on December 22, 2022. I got very similar 'vibes' from it but this breaks it down in a very succinct and clear way. Redditors, rejoice! You can now enable two-factor authentication (2FA) on your Reddit account. And even better, you can use LastPass Authenticator as your 2FA app of choice to add that extra security. The security incidents were not, the statement read, 'caused by any LastPass product defect.' Maybe not, but corporate security processes and controls appear to have fallen even shorter than.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |