/cdn.vox-cdn.com/uploads/chorus_asset/file/24016885/STK093_Google_04.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/24808816/Starfield__The_Settled_Systems___Supra_Et_Ultra_____Starfield__The_Settled_Systems___Supra_Et_Ultra_2023_7_25_94252.263_1440p_streamshot.png)
Many LastPass users have reported difficulty accessing their accounts due to the company’s security upgrades.
The problems started in May 2023, when the password manager announced some upcoming changes. warn users That they need to log back into their accounts and reset their multi-factor authentication (MFA).
However, many users have reported being locked out of their accounts even after resetting their codes from their authenticator apps, such as Google Authenticator or LastPass.
lock-out
To make matters worse, affected users can’t even access LastPass support, as that requires logging in as well. Instead, they are asked to repeatedly reset their authentication app in the client, as the system fails to recognize the new codes set by users as instructed.
As expected, users are adopting it Twitter And the LastPass community forums to vent your frustrations.
LastPass said in-app messages and emails were sent to customers informing them to reset their MFA long before the actual announcement of the security upgrade.
The company has since clarified what exactly the security upgrade includes. It has now strengthened its Password-Based Key Derivation Function (PBKDF2), an algorithm “that makes it difficult for a computer to verify that any 1 password is the correct master password during a compromise attack.”
The default minimum number of password repetitions after upgrade is now 600,000. In order to perform this upgrade, LastPass says users were required to log out of their accounts and reset their MFA.
“You will need to log into the LastPass website in your browser and re-enroll your MFA application before you can access LastPass on your mobile device again. You may not re-enroll using the LastPass browser extension or the LastPass Password Manager app,” it added.
LastPass was previously included in our list of best password manager solutions, but since users’ vaults were stolen through a series of breaches at the company, we decided to remove it.
The safes were encrypted, and there’s no indication that threat actors managed to break into them – only if they managed to guess your master password could they gain access. However, other personal data stolen from customers, such as contact and billing information, was not encrypted.
