LastPass Quickly Fixes New Vulnerabilities

Posted on March 23, 2017 by Paul Thurrott in Cloud, Mobile, Windows, Windows 10 with 22 Comments

LastPass Quickly Fixes New Vulnerabilities

A Google security researcher has discovered new vulnerabilities in the LastPass password manager. The good news? LastPass already fixed them.

The bad news? These kinds of episodes always trigger a knee-jerk reaction in certain circles.

So I want to be very clear about this: As I wrote in First Steps: Secure Your Online Identity, using a good password manager is in fact one of the key steps you can and should take to protect yourself. And, yes, LastPass is a good password manager.

Our reactions to things are in many ways a sign of the times. Anything can be turned into a negative these days, and while one might choose to focus a story about this event as “oh, look, LastPass has f@#$ed up again,” I think the opposite is perhaps more relevant: These events don’t actually happen very often, and LastPass fixed the problems immediately.

That’s the kind of response we should be looking for, not denouncing. And as for this incident specifically, LastPass says it has impacted no customers.

Even the security researcher who found the vulnerabilities is impressed: “Very impressed with how fast @LastPass responds to vulnerability reports,” he tweeted. “If only all vendors were this responsive [thumbs up].”

Exactly.

Not surprisingly, Last Pass recommends exactly the same advice I published in First Steps: Secure Your Online Identity, but it also adds two other bits: Be wary of phishing attacks, and keep your PC up-to-date with AV/anti-malware, both of which amount to “just don’t be stupid.” It’s good advice. Including for those who are writing articles about this incident.

If you’re using LastPass, your browser plug-in/app should update automatically. But it doesn’t hurt to check, you know, using that “don’t be stupid” mantra.

 

Tagged with

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register