A significant number of LastPass users have encountered difficulties accessing their accounts due to security upgrades implemented by the company.
The problems emerged in May 2023 when the password manager announced upcoming modifications and issued a warning to users, emphasizing the need to log back into their accounts and reset their multi-factor authentication (MFA).
However, even after resetting their codes on authentication apps like Google Authenticator or LastPass’ proprietary app, many users have reported being locked out of their accounts.
Lock-out
To exacerbate matters, affected users are unable to access LastPass support as it requires them to log in. Instead, they are repeatedly prompted to reset their authentication app within the client, as the system fails to recognize the newly set-up codes as instructed.
Frustrated users have taken to Twitter and the LastPass community forum to express their frustrations.
LastPass has stated that in-app messages and emails were sent to customers well in advance of the security upgrade announcement, notifying them to reset their MFA.
The company has now clarified the specifics of the security upgrades. They have fortified their Password-Based Key Derivation Function (PBKDF2), an algorithm that increases the difficulty for computers to determine the correct master password during a breach attempt.
The default minimum number of password iterations after the upgrade has now been increased to 600,000. To implement this upgrade, LastPass required users to log out of their accounts and reset their MFA.
“You must log in to the LastPass website in your browser and re-enroll your MFA application before you can access LastPass on your mobile device again. You cannot re-enroll using the LastPass browser extension or the LastPass Password Manager app,” they further added.
LastPass was previously featured on our list of the best password manager solutions. However, due to the incidents of breached vaults, where customers’ vaults were stolen, we have made the decision to remove it.
Although the vaults were encrypted, there is no indication that the threat actors managed to decrypt them. Only if they were able to guess the master password would they gain access. However, other personal data stolen from customers, such as contact and billing information, were not encrypted.
Denial of responsibility! SamacharCentrl is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Deepak Sen is a tech enthusiast who covers the latest technological innovations, from AI to consumer gadgets. His articles provide readers with a glimpse into the ever-evolving world of technology.
