Vulnerability

What do you love about LastPass? What do you hate about it? Tell us why you like it, why you don't, and why.

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

Vulnerability

Postby Quokka23 » Sun Oct 29, 2017 7:19 am

If I use LastPass on my phone, and I can reset my password with a code that gets sent to that same phone, how is it prevented that anybody with access to my phone can get access to my passwords? Anybody with access to my phone can check my emails, too.
Quokka23
 
Posts: 1
Joined: Sun Oct 29, 2017 7:11 am

Re: Vulnerability

Postby jpenny84 » Sun Oct 29, 2017 8:46 am

That code is not resetting your password. The cached recovery one time password is.

https://helpdesk.lastpass.com/account-recovery/
jpenny84
 
Posts: 7532
Joined: Tue Mar 06, 2012 9:10 pm

Re: Vulnerability

Postby jonat » Sun Oct 29, 2017 1:09 pm

Set the "Security email" to be an address you don't normally use, doesn't get auto-fetched by your phone, and for which you don't need LastPass to get the password. This is the best practice.
jonat
 
Posts: 1987
Joined: Thu Dec 09, 2010 8:42 pm

Re: Vulnerability

Postby robertb » Mon Oct 30, 2017 10:12 am

How is your garbage opsec on your part a vulnerability on LastPass' behave? Explain.
robertb
 
Posts: 8
Joined: Tue Oct 24, 2017 10:23 am

Re: Vulnerability

Postby allanonmage372 » Sun Nov 12, 2017 6:22 pm

"Set the "Security email" to be an address you don't normally use, doesn't get auto-fetched by your phone, and for which you don't need LastPass to get the password. This is the best practice."
+1

"How is your garbage opsec on your part a vulnerability on LastPass' behave? Explain."
I'm not following how this is OPSEC related; it seems more physical security than OPSEC. Explain.
allanonmage372
 
Posts: 12
Joined: Sun Nov 12, 2017 5:38 pm


Return to Feedback

Who is online

Users browsing this forum: No registered users and 15 guests