LastPass Reveals Your Last Password
By: Jim Stickley and Tina Davis
September 18, 2019
We’re just going to cut right to the chase on this. If you are a LastPass user, make sure your Chrome and Opera browsers are updated to the latest versions. Researchers at Project Zero found a bug in LastPass that ironically, could allow the user to give away the last password typed into a website. Good news is that was reported at the end of August and it’s already fixed. That’s why the browsers are available for and should be immediately updated.
Remember that when updating browsers, you’ll have to close out of the browser completely and reopen it before it will take effect. If you haven’t closed your browser in a while, now is a great time to do that.
Additional tips to stay safe online:
- As always, remember not to click links from unknown persons or that you are not expecting to receive. This goes for attachments that may be included in an email message.
- Enable the multifactor authentication for any account for which it’s available. It is for LastPass and that should be used. This is an extra step that must be completed before access is granted to an account. Often it is a one-time code that is sent via text that needs to be entered. It may also be a randomly generated code from a key generator. Some websites use challenge questions. Whatever it is, use it.
- Use unique passwords for each and every online account. And most certainly have a unique and strong password for your password manager account, such as LastPass. Make sure they have at least eight characters and include upper and lowercase letters, numbers, and special characters.
- Don’t give your passwords to anyone. Keep them to yourself. They should be your best-kept secret.
- Be sure you have security software on all devices. If it allows automatic updates, enable that option so you don’t have to manually check.
- Update your products as soon as updates are available. This goes for software, firmware, and all of your mobile device operating systems and apps.
Now before you think you need to stop using LastPass or any other password manager, don’t jump to conclusions. While there is a risk that if your master password is stolen, you give away the entire contents of the safe, there are other risks of not using one. There are so many passwords to use these days. If the only way you can manage to keep track of them is to use a product like this, by all means keep doing it. The risk is still relatively low compared to writing them all down in a document on your computer or on sticky notes taped all over your desk area.
Other browsers were also updated to include this fix as a precaution. Though, only Chrome and Opera were found to be vulnerable to it.