Windows 10: LastPass is scrambling to fix another serious vulnerability

Discus and support LastPass is scrambling to fix another serious vulnerability in Windows 10 News to solve the problem; The flaw could allow for remote code execution or password theft. For the second time in two weeks developers of the popular LastPass password... Discussion in 'Windows 10 News' started by Borg 386, Mar 29, 2017.

  1. Borg 386 Win User

    LastPass is scrambling to fix another serious vulnerability


    LastPass is scrambling to fix another serious vulnerability | PCWorld
     
    Borg 386, Mar 29, 2017
    #1
  2. Steve C Win User

    Perhaps it's best never to store passwords on any IT system?

    :)
     
    Steve C, Mar 30, 2017
    #2
  3. Lastpass password manager.

    That hasn't happened to me... I clicked "remember password" and it gave me a warning that my decision could make my password more vulnerable if my device is ever lost/stolen, but after I said "yes", it remembered it. When I open Edge it only opens my homepage,
    and lastpass auto-fills all my password for me.

    Maybe it only happens to some people. Since LastPass said they are working to fix it, they must be aware that at least some people have a problem.
     
    Shawn 'Cmdr' Keene [MVP], Mar 30, 2017
    #3
  4. LastPass is scrambling to fix another serious vulnerability

    Sumit Dhiman2, Mar 30, 2017
    #4
  5. TairikuOkami, Mar 30, 2017
    #5
  6. Victek Win User
    Tavis found the vulnerability and LastPass is working on fixing it; what is the problem? No security software is perfect and never will be. The argument for using LastPass has always been all of the other much more serious security problems it solves, eg weak passwords, users using the same password on multiple sites, users forgetting passwords and/or writing them down on sticky notes, etc.
     
    Victek, Mar 30, 2017
    #6
  7. yu gnomi Win User
    I am a LastPass user, and this doesn't scare me at all. Tavis seems to have made improving LastPass a project of his - hopefully LastPass is compensating him for his efforts - and this will benefit LastPass users in the long run.

    In the mean time, Tech blogs will have fodder for their FUD stories following every tweet Tavis makes about LastPass, completely missing the point that it's security is actually being improved by this, and no one is exploiting any of these vulnerabilities.
     
    yu gnomi, Mar 30, 2017
    #7
  8. pparks1 Win User

    LastPass is scrambling to fix another serious vulnerability

    Better to be scrutinized, and updated quickly. It's the fact that LastPass responds so quickly to resolve the issue that gives me peace about the whole situation.

    And in the latest case, it was demonstrated to LastPass what could be done. It's not an active exploit. Kudos to LastPass for jumping right in and fixing it.
     
    pparks1, May 3, 2017
    #8
  9. That is why I manage my own passwords.*Smile
     
    Josey Wales, May 3, 2017
    #9
  10. pparks1 Win User
    Are you telling me that you use
    • A different password for every site
    • A password that is long enough and complex not to guess
    • You can either memorize them all, or only need to access a local password database to get to them?

    I'm so inundated with passwords, for both work and home. I work on a variety of machines. It's become necessary to have my passwords available in all places I might be, so managing them on my own isn't great. Even if I put them on my phone, it would be ok until I lost my phone.

    Passwords are such a necessary evil today, but there will hopefully be a better way in the future.
     
    pparks1, May 3, 2017
    #10
  11. That is exactly what I am telling you. I have this application that is called random password generator it can create random passwords and store them off line. I am retired, I have one device and no smart phone.
     
    Josey Wales, May 3, 2017
    #11
  12. swarfega Win User
    Lastpass can generate random passwords to your specification without even pressing a keystroke thereby avoiding keyloggers.
     
    swarfega, May 3, 2017
    #12
  13. LastPass is scrambling to fix another serious vulnerability

    Yes but they are stored online are they not?
     
    Josey Wales, May 3, 2017
    #13
  14. pparks1 Win User
    Well, there you go. That makes all of the difference in the world. Most of my computing time during the day is spent at work, so I need access to my personal passwords there. Then at home, I have my desktop, my sons desktop and my primary computer which is my mac laptop.

    I dumped my passwords into Excel and just for myself, I have 162 passwords. This doesn't include the passwords I keep for my kids stuff and my wife's stuff.
    Yes, they are stored online. At present I store my passwords for less secure things in Evernote. Things like banking, retirement, car payments...basically anything with financial data is stored in KeePass inside of Dropbox. I can only access these from devices where I have KeePass, but these aren't things that I use on a daily basis and for things like my home banking, that password is memorized and not a randomly generated secure password.

    The scary part online is that if somebody breaks into your Lastpass account, they get all of your other accounts. I cannot even image how long it would take me to go out and change my 162 passwords. It would take me an entire weekend.
     
    pparks1, May 3, 2017
    #14
  15. Steve C Win User
    I don't trust any form of online storage. I only ever store passwords in a password protected file stored on a Bitlocker protected USB stick kept in a safe location. My PC is never connected to the internet when I edit the file.
     
    Steve C, May 3, 2017
    #15
Thema:

LastPass is scrambling to fix another serious vulnerability

Loading...
  1. LastPass is scrambling to fix another serious vulnerability - Similar Threads - LastPass scrambling fix

  2. Scrambled

    in Windows 10 BSOD Crashes and Debugging
    Scrambled: When I print out documents from online, some of the pages are now coming out scrambled. This just started about a week ago. Not sure how to fix it. I didn't change any settings that I know of....
  3. LastPass

    in AntiVirus, Firewalls and System Security
    LastPass: Good day to all. been using Windows 10 for a while with no complaints. Also been using the Password manager LastPass, Been okay but lately it always ask me to sign what ever I enter in the settings time out 160min then I close down edge and go back within the time the icon...
  4. Edge and Lastpass

    in Browsers and Email
    Edge and Lastpass: Been using Lastpass with edge for a while without any problems, But this week something has spooked it the last pass wont remember my email. Has anyone got this issue please and some advice. Thanks. 77046
  5. Edge and LastPass

    in Browsers and Email
    Edge and LastPass: Just to mention: I have tried a number of times to install the LastPass extension on Edge. The installation appears to go OK but later, the message is that the app encountered a problem and needs reinstalling to repair it. This doesn't do the trick though. It seems to be a...
  6. LastPass password manager

    in Windows 10 Software and Apps
    LastPass password manager: Just installed the lastpass app from store.How do I get it to show at the top right of the edge browser Also installed the adblock from store. Any Help Please. 71524
  7. LastPass

    in Windows 10 Software and Apps
    LastPass: Didn't know where to ask this question.?? I have windows 10 and using Lastpass password manager. Went to add a secure note in the section in lastpass but failed to add the note a box came on screen.. This feature requires an external binary component, which is currently...
  8. Lastpass

    in Windows 10 Support
    Lastpass: Has anyone an idea as to when Lastpass will be available for Edge? Many are sitting on the edge of their seats waiting for this to become available within the next 24 hours. Is this a reasonable time to look forward to it becoming available? (please ... if any cannot see...
  9. Google Discloses Another Unpatched Windows Vulnerability

    in Windows 10 News
    Google Discloses Another Unpatched Windows Vulnerability: Google has published the details of another unpatched Windows security flaw, as per the company’s Project Zero program policy that discloses vulnerabilities still not fixed 90 days after the vendor is notified. This time, the vulnerability is a type confusion in a module...
  10. FREAK: Another day, another serious SSL security hole

    in Windows 10 News
    FREAK: Another day, another serious SSL security hole: It seemed like such a good idea in the early 90s. Secure-Socket Layer (SSL) encryption was brand new and the National Security Agency (NSA) wanted to make sure that they could read "secured" web traffic by foreign nationals. So, the NSA got Netscape to agree to deploy 40-bit...

Users found this page by searching for:

  1. windows 10 binary component for lastpass