On top of strong two-factor authentication practices, organizations should also implement a reputable VPN. Two-factor authentication for LastPass could look like your employee using a password, and then receiving an additional code via text or email they enter into the appropriate field to complete the login. Two-factor authentication is an extra layer of security used to verify that the individual requesting access to a particular device or resource is authorized to access it. Security experts recommend two-factor authentication (2FA) when using password managers. A SaaS-based password manager that uses hashes and salts to remove the existence of physical passwords in their own vaults is still a highly proactive solution.” Password complacency and sloppy security hygiene are the scourge of security specialists everywhere. Steve Prentice explained in this week’s Cloud Security Tip: “But for CISOs, this might be a good thing. It really just means more education on cyber-hygiene. So what does this mean for companies? No more password managers? No, it doesn’t have to be that extreme. However, there is a solution to increase security and still use a password manager in your organization. On top of numerous vulnerabilities, password managers are easy targets for cybercriminals. Our study suggests that it remains to be a challenge for the password managers to be secure." "The root causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model. The researchers reviewed their findings in a report that explained: Four of these contained exploitable vulnerabilities for stealing user credentials. UC Berkeley researchers revealed security flaws in five of the leading password management tools a few years ago - LastPass, RoboForm, My1login, PasswordBox (now Intel Security), and NeedMyPassword. “This was because you can bypass the tab credential cache being populated by including the login form in an unexpected way!” LastPass released a blog on Sept. “LastPass could leak the last used credentials due to a cache not being updated,” Ormandy Tweeted. Ormandy revealed a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. The most recent LastPass vulnerability was reported on August 29th, 2019 by Tavis Ormandy, a researcher from Google Project Zero.
0 Comments
Leave a Reply. |