my password would've taken centuries, or even if they got 5 3090's it still would've taken like 30 years or something, not days to brute force. I did not click on any Phishing Emails or enter my Master Password in a fake LastPass site. My old Master Password would've shown "strong" with estimated time to crack "centuries". However, I did change my Master Password. I'm not a security expert, so its really difficult for me to theorize what happened and how the hackers would've gotten my Master Password. Important to note: I do NOT RE-USE passwords, especially for something like this. Sooooo, this must mean that the hackers somehow figured out my Master Password. WTF? Also, when I look at the LastPass Authenticator, it shows all my other accepts and no reactions, yet this one did not show in the prompt history. I got the MFA notification that I did NOT initiate. I had a theory, if the hackers somehow figured out my Master Password, I will get the MFA notification. My Master Password is configured with 16 chars, upper, lower, numbers, symbols. I work for a business and we use LastPass. The only thing left to do now is migrate to a different password manager, change absolutely EVERYTHING and hope this never happens again. Your master password may take 1 billion years to crack on current hardware that much is true, but the hardware a decade from now may do it in 1 minute. The job will get easier and easier with every new GPU/CPU generation. You should now assume that your vault is out there forever and it's only a matter of time before even the strongest master passwords are cracked. The strength of the 2nd lock depends on multiple factors including password entropy, password reuse and previous breaches.Įven if you go and change your master password now it will make no difference at all since you cannot change the master password that is tied to the backup. The key to the 2nd lock is the master password that was used at the time the backup was made. The threat actor knows which email is tied to your LastPass account which basically gives them the 1st key to a door with 2 locks. The threat actor has obtained a backup of all of your vaults and the 2FA protecting your account has already been bypassed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |