mtd91429 wrote:If there are a series of failed login attempts to the lastpass vault, does the software have automatic security features to prevent data loss? For example, after 10 failed login attempts, the local cache of encrypted passwords is automatically flushed - and/or the account information is locked-down on your servers.
We have brute force protection at the server (and if you login using LastPass while online you'll hit the server). You'll receive an email locking you out for a time period and notify you that someone is attempting to login.
We do not have any solution to offline, other than utilizing multi-factor like Grid or Yubikey, and making a strong master password. While we could flush the data after a certain number of attempts a sophisticated attacker could attempt to check passwords without using the program so it'd be a false sense of security.