There are 2 separate users in the thread below confirming that the same exact same thing happened to them, from the exact same IP range as me.Įither the 3 of us had the same malware/Chrome extension or somehow had our master passwords compromised.? Or.? Is this a LastPass issue? I also talked to LastPass support over the phone, and they confirmed seeing the same information. the email was truly not phishing - the same information regarding the login attempt appears in my LastPass dashboard. That's scary too - what's the point of a 2FA you can remove.? The LastPass account had 2FA set up, but I was able to simply remove it (since I didn't have access to the token anymore). was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPass.? If that's the case, I'm in a world of hurt.īut are there any other possibilities? Is the email from LastPass accurate i.e. I can imagine that someone has my KeePassX file and the (completely different) password to this file. What troubles me is that the master password was stored in a local encrypted KeePassX file. The email doesn't look like it's a phishing attempt. According to an email I received from LastPass, this login was using the LastPass account's master password. LastPass blocked a login attempt from Brazil (it wasn't me). Subscriptions help fund the work we do every day.I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened. This includes unlimited access to and our print magazine (if you'd like). Special offer for Gear readers: Get a 1-Year Subscription to WIRED for $5 ($25 off). To remove LastPass from Safari on Mac you'll need to download this file, which contains an uninstaller.Īgain, once you're sure all your data is in its new home and everything works right, be sure to delete the CSV file that you exported from LastPass and empty your PCs Recycle Bin or Mac's Trash bin. In your web browser, head to the extensions page in your settings menu (usually accessible in the upper right of your browser window) and delete the LastPass extension. On Windows open the Start Menu, and under Programs click LastPass, then Uninstall LastPass. The final step is to remove any LastPass apps you have installed. It'll take you saying, yes, I really want to do this several more times, but in the end your account will be deleted. Click and you'll finally get a page where you can enter your master password and delete your account. This will open, yes, another new page, where there is another Delete Account button. This will open a new tab where you should see a button that says Delete or Reset Account. If you run into any problems, see Bitwarden's instructions for some helpful screenshots. Click Import Data and Bitwarden will do its thing. Chose the LastPass (CSV) option from the format dropdown and navigate to the CSV file you saved earlier when exporting your data from LastPass. Then log in to your Web Vault, click the Tools option in the top navigation bar, and then select Import data from the menu. Now you can import all that data into Bitwarden.įirst, create a Bitwarden account. Bitwarden was audited in 2020 by a third party to ensure that it's secure.īitwarden also has an option to import that LastPass export CSV file you saved-and your form-fills CSV file too, if you used that feature. In theory, the more eyes on the code, the more airtight it becomes. There are two other plans: a premium option ($10 per year) with support for Yubikey and other extras, and a Family Plan that includes support for up to six users ($40 per year).īitwarden is open source, which means the code that powers Bitwarden is freely available for anyone to inspect, search for flaws, and fix. Bitwarden is free with no limits, and it's every bit as polished and user-friendly as competitors. If you want to stick with a free service, I suggest Bitwarden.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |