Page 1 of 1

Vulnerability

PostPosted: Sun Oct 29, 2017 7:19 am
by Quokka23
If I use LastPass on my phone, and I can reset my password with a code that gets sent to that same phone, how is it prevented that anybody with access to my phone can get access to my passwords? Anybody with access to my phone can check my emails, too.

Re: Vulnerability

PostPosted: Sun Oct 29, 2017 8:46 am
by jpenny84
That code is not resetting your password. The cached recovery one time password is.

https://helpdesk.lastpass.com/account-recovery/

Re: Vulnerability

PostPosted: Sun Oct 29, 2017 1:09 pm
by jonat
Set the "Security email" to be an address you don't normally use, doesn't get auto-fetched by your phone, and for which you don't need LastPass to get the password. This is the best practice.

Re: Vulnerability

PostPosted: Mon Oct 30, 2017 10:12 am
by robertb
How is your garbage opsec on your part a vulnerability on LastPass' behave? Explain.

Re: Vulnerability

PostPosted: Sun Nov 12, 2017 6:22 pm
by allanonmage372
"Set the "Security email" to be an address you don't normally use, doesn't get auto-fetched by your phone, and for which you don't need LastPass to get the password. This is the best practice."
+1

"How is your garbage opsec on your part a vulnerability on LastPass' behave? Explain."
I'm not following how this is OPSEC related; it seems more physical security than OPSEC. Explain.