SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.
SoylentNews
Submission Preview
Lastpass now requires email validation for new devices, even when using 2FA
The Register reports [theregister.co.uk] that now in order to register a new device with LastPass, it is necessary to confirm that registration via a previously set up email account, even when using 2FA (2-factor authentication). Previously, such confirmation was only required when not using 2FA, however it turns out that the new device registration mechanism was too easy to spoof via phishing attacks.
Once the attack is successful, it appears that the attacker would have access to the master password and thus the entire store of passwords.
You definitely intend to start living sometime soon.
