Here at Select All, we’ve sung the praises of password manager LastPass for some time now. It’s free. It’s fairly easy to use. But, as is the risk with storing all your passwords in any one location, it’s not a perfect system. This week, LastPass announced on its blog that a Google security researcher, Tavis Ormandy, discovered a security exploit in the platform. The issue is a client-side vulnerability that affects the LastPass browser extension. The company is calling it “unique and highly sophisticated,” and says it’ll explain in further detail once it has finished fixing the problem.
Until that happens, LastPass has a few tips for keeping your passwords as secure as possible: If you haven’t already done so, make sure all your accounts use two-factor authentication. (Provided a given platform offers two-factor. If it doesn’t, drop it an email or an angry tweet asking why it doesn’t want its users to be safe.) And, as usual, be careful not to click any third-party links from unknown senders to avoid phishing scams.
Finally, LastPass is recommending all users launch password-protected websites directly from the LastPass vault (that is, not from the LastPass Chrome extension, which houses the vulnerability). “This is the safest way to access your credentials and sites until this vulnerability is resolved,” the company explained. Which sounds like a bit of a pain, but also a small price to pay for not having things go the way of Mark Zuckerberg’s Pinterest boards.
- ‘Sorry, ISPs Are Trying to Do What?’ What to Know About Congress’s New Internet-Privacy Rollback
- A Brief History of ‘Cash Me Outside, Howbow Dah?’
- Robot Lighting Trump’s Tweets on Fire Will Make You Ask Yourself Why You Didn’t Think to Bust Out a Lighter and Do This Sooner
- The Snapchat 101: The Best, Coolest, Smartest, Weirdest Accounts on the Hottest Social Network on Your Phone
- Lettuce Pray: Sean Spicer Brings Up Russian Salad Dressing During Press Briefing