Saturday , 26 May 2018
Home » NEWS » TOP 10 STORIES » Researcher Finds LastPass 2FA Could Become 1FA

Researcher Finds LastPass 2FA Could Become 1FA

LastPass has resolved a number of issues with its two-factor authentication (2FA) implementation, after being alerted to the issues by Salesforce security researcher Martin Vigo. The company said the problems are now resolved, and users do not have to take any action. “To exploit this issue, an attacker would have needed to take several steps to bypass Google Authenticator,” LastPass said in a blog post. “First, the attacker would have had to lure a user to a nefarious website. Second, the user would have to be logged in to LastPass at the time of visiting the malicious site. This combination of factors decreases the likelihood that a user might be impacted.” According to Vigo’s write-up, he discovered that Lastpass was using a hash of a user’s password to generate the QR code that is used to set up 2FA on a user’s device.

View full story


About Japonica Jackson

Japonica is head of editorial at IT Security Guru. If you'd like to get in touch with Japonica, please email