latest
How to set up passkeys in LastPass
Learn how to use passkeys in LastPass to enjoy a new type of security that uses biometric data to sign in
LastPass supports a new type of security, which is the latest technology to help protect your website and app passwords. It uses biometric data like passkeys to make logins easier and more secure, eliminating passwords. You don't need to use your LastPass master password on devices you set up for passwordless access.
How to migrate LastPass passwords to Google Password Manager
Ditch LastPass for Google's built-in password manager
For many LastPass users, a new password manager has been of interest over the past few years. Since LastPass announced they would only allow free users to use their service on either computers or phones in March 2021, many users started to migrate away from the service. Additionally, there was a cyberattack in 2021, a hack in August 2022 that stole its source code, and another breach in December 2022.
LastPass breach could've been stopped with a 3-year-old Plex update
This story's more than about one employee's Plex account
LastPass has taken a reputational tumble from one of the great password managers out there to becoming mired in infamy after not one, but two massive data breaches last year. We learned more details about the second incident last week — a malicious party installed a keylogger onto a senior engineer's home computer through an exploit in Plex, the personal cloud service for movie storage and streaming, and was able to break into corporate-level caches as a result. But it turns out that the engineer had a big part to play in this major failure as well.
LastPass reveals its recent security attack was worse than it initially thought
Reeling from the repercussions of one old breach
Read update
Some of the best password managers understand their role perfectly — additional convenience for users without compromising their security. LastPass was counted among the best until recently, but a string of security incidents have stripped it of its credibility and reputation. Heaping insult on injury, another security incident at the company has now come to light, this time involving a senior employee’s home computer and Plex credentials.
Why Enpass is my perfect LastPass replacement password manager
There’s nothing better than being in control of your sensitive information
Like for many others, LastPass was my first password manager, but a few years ago, I decided to switch away from it. That’s when Enpass caught my eye mainly because it didn’t force me to store my passwords on its online servers. I wanted something that struck the right balance between convenience and privacy. Enpass checked all the right boxes for me, and I soon ditched LastPass for good. This decision has started to feel even more apropos considering all the breaches LastPass has suffered in recent times.
Using one password to secure all your other passwords might not be the brightest idea from a cybersecurity perspective, but it is convenient, and that’s exactly what password managers like LastPass do. However, that makes such services targets of regular and vicious cyberattacks — a reality LastPass is all too familiar with. Continuing the recent streak of detected attacks, LastPass is now alerting users of the latest system breach to access user data.
Hackers stole LastPass's source code, but users are unaffected for now
User accounts weren’t compromised, though stolen source code could change that quickly
Memorizing your login credentials for every online platform in today’s internet-enabled world can become a chore really fast. It created a market for Single Sign-On (SSO) authentication, password management features in popular browsers like Google Chrome, and third-party password managers. One of the most popular options among the latter is LastPass, and it is in cyber criminals' crosshairs. A recent breach compromised the company’s development environment. It was detected two weeks ago, but we are only learning of it now.
LastPass hasn't been compromised in recent hacking scare
Master passwords were uncovered in third-party breaches - don't reuse passwords, folks
Read update
LastPass may be one of the best-known password managers out there, and while many have turned their back on it following what was effectively the shutdown of its free tier in 2021, it’s still a popular choice. Now, a few reports have popped up with people saying that there were login attempts using their correct master passwords. While that’s bad enough for those affected, LastPass says that there is no indication that their servers were hacked, instead pointing to "third-party breaches related to other unaffiliated services." It looks like a coordinated attack can also be ruled out, with LastPass saying that a few of its recent login warnings were sent out in error.
New LastPass pricing goes into effect today, basically forcing users to pay for Premium
Free users will only be able to use LastPass on one 'device type' — desktop or mobile
Read update
LastPass has long been the password manager to recommend thanks to its generous free offer that allows you to store as many passwords as you need on as many devices as you own, but that's changing. LogMeIn, the company behind the software, announced in February that it's making the free tier a lot more limited starting today. Free users will only be able to use LastPass either on their computers or their mobile devices (phones, tablets, watches).
LastPass analytics code raises questions about potential security issues
In case you needed yet another reason to switch
LastPass recently caused an uproar by announcing forthcoming changes to its pricing model that will effectively nerf the free tier, and now the company is in for some more bad news. According to a report published by German cybersecurity researcher Mike Kuketz (via The Register), the password manager uses seven third-party trackers that introduce potential security issues, prompting him to recommend LastPass users to switch to competitors.
LastPass is just one of many password managers out there, though it has one of the most generous pricing schemes to offer. Its Android application has always been fairly modern and is known to quickly include new OS features in its beta, like Oreo's autofill API and Marshmallow's new app permission model. Today, the firm continues this commitment by announcing it'll support Android 10's biometrics, meaning you'll be able to unlock the app with Pixel 4's face authentication.
Password managers are becoming more and more of a hot topic nowadays. We live a lot of our lives online and that requires a growing number of accounts and identities; yet with multiplying security risks and hacks popping up left and right, it's crucial to use a password manager to stay on top of your login details. Most managers fall in one of two categories: the cloud solutions like LastPass, 1Password, and Dashlane, or the local solutions with a cloud backup option like Enpass (my personal favorite) or SafeInCloud or Keepass. Myki straddles the line between the two, being neither this nor that, but having resemblances to both, plus some very unique attributes that make it intriguing... very intriguing.
LastPass began its winding path to support Android Oreo's autofill API in August, but the day is finally here: The popular password manager has pushed support for Oreo autofill to its stable, non-beta app. Accessibility-based autofill is still available for older apps (and Chrome) that don't yet support the new implementation.
LastPass is how many of us choose to store our passwords, and the Android app is usually fast to support new Android features. If you want even faster access, there's the LastPass beta release. That one has just been updated with more robust autofill support—both accessibility-based and the new Oreo implementation at the same time. You should also get fewer autofill prompts when you don't need them.
A few days back it was revealed by a security researcher in a post on Medium that the LastPass Authenticator app for 2FA key generation wasn't entirely secure. Access to the keys was ostensibly secured by a PIN/fingerprint, but a workaround was found that allows anyone with the ability to launch an activity on the device, including other installed applications, to access those codes. LastPass has fixed this problem in an update today.
As Microsoft's abandonment of Windows phone continued apace this year, the company moved to release more of its core apps on Android, and that included its Edge browser. It's been pretty successful, with more than one million installs, probably due to the "continuous browsing experience" it offers Windows 10 users. Now, there's even more good news for fans of the app.
Last week, Google began sending out emails to Android app developers regarding their use of Accessibility APIs. The intended purpose of that functionality is to assist disabled users, but it is often used for other functionality (to overlay content, fill in text fields, etc) by apps like LastPass. Google said that apps using this API for anything except helping disabled users would be removed from the Play Store.
When Google released the final version of Android Oreo in late August, one of the most useful new features was the new Autofill API. This is essentially a system-wide solution similar to the way autofill works in Chrome, and that's something that can save us all a lot of time.
One of the more exciting features in Android 8.0 is support for autofill providers; apps that can drop in your username and password without a bunch of clunky workarounds. The catch, however, is that apps need to be updated with this feature in mind. LastPass is already readying Oreo support, and you can check it out now in the new public beta.
LastPass is one of the most popular password managers on the market, but it's getting a price hike today. It's going to be twice as expensive going forward, but the good news is you're getting some more features for the money. The bad news is those features used to be free. Users of the free account won't be completely losing out, though.