Recent LassPass master password breach....

4EverMaAT
4EverMaAT
Community Member

https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/

which I originally was alerted from https://www.webhostingtalk.com/showthread.php?t=1864045

I wanted to ask what 1P staff thinks is the likely attack venue for the compromised passwords?

and how would 1P handle this better.


1Password Version: 8.4.1
Extension Version: 2.1.4
OS Version: win10 x64 ltsc

Comments

  • Hi @4EverMaAT

    1Password isn't impacted by the recent credential stuffing attempt on LastPass. LastPass itself doesn't appear to have been compromised, and according to them, the security alerts that were sent out were accidental. With that being said, 1Password protects you against similar credential stuffing attacks in the form of the Secret Key. Your Secret Key is long, random, and unique, which ensures that guessing attacks won't work on a 1Password account: About your Secret Key

    Both your 1Password account password and your Secret Key are required in order to decrypt the data within your 1Password vault, and so an attacker without both, in full, would be unable to compromise your 1Password account. 1Password also offers optional two-factor authentication, which would protect you even if an attacker somehow acquires both your account password and your Secret Key at once.

    I hope that helps!

    Ben

This discussion has been closed.