WebProNews

Tag: password manager

  • LastPass: Master Passwords Not Compromised

    LastPass: Master Passwords Not Compromised

    Popular password manager LastPass says master passwords are safe, despite many users believing otherwise.

    Password managers are important elements in cybersecurity. A good password manager saves the many different passwords users collect, notifies them when one is too easy or has been compromised, and suggest strong passwords. A good password manager secures its database of passwords with a master password that must be input to access the saved ones.

    LastPass is one of the most popular of these programs. Early Tuesday, users began noticing suspicious activity, with login attempts from different locations using their master passwords.

    According to AppleInsider many of the cases involve accounts that haven’t been used in a while, accounts using old master passwords. While this would seem to indicate a hack involving the list of master passwords, specifically a hack involving an old list, some users report continued login attempts even after changing their password.

    Despite the anecdotal evidence to suggest the list of master passwords was compromised, LastPass says its service was not breached or compromised.

    Our initial findings led us to believe that these alerts were triggered in response to attempted “credential stuffing” activity, in which a malicious or bad actor attempts to access user accounts (in this case, LastPass) using email addresses and passwords obtained from third-party breaches related to other unaffiliated services. We quickly worked to investigate this activity and, at this time, have no indication that any LastPass accounts were compromised by an unauthorized third-party as a result of these credential stuffing attempts, nor have we found any indication that user’s LastPass credentials were harvested by malware, rogue browser extensions, or phishing campaigns.

    It remains to be seen if LastPass is correct, or if further investigation will reveal additional details. Either way, it is a disconcerting turn of events for a service that many people rely on to keep their online activity safe.

  • Mozilla Pulling the Plug on Firefox Lockwise

    Mozilla Pulling the Plug on Firefox Lockwise

    Mozilla is killing off its Firefox Lockwise password manager, with the end-of-life (EOL) date set for December 13, 2021.

    Password managers are a popular, and important, cybersecurity option. Password managers help users keep track of the myriad of passwords they use for various websites and services, even generating stronger passwords that would otherwise be difficult to remember. Security experts recommend consumers make use of such apps, given the protection they offer.

    Firefox Lockwise is Mozilla’s password manager, but its functions are already present in the Firefox web browser, across the various platforms it supports. As a result, Mozilla is killing off Firefox Lockwise.

    Mozilla will end support for the Firefox Lockwise app on Android and iOS, effective December 13, 2021. You will no longer be able to install or reinstall Firefox Lockwise from the App Store or Google Play Store. iOS version 1.8.1 and Android version 4.0.3 will be the last releases for Firefox Lockwise. The application may continue to work on your device, but it will no longer receive support or security updates.

    After December 13, 2021, you can continue to access your saved passwords and your password management in the Firefox desktop and mobile browsers.

  • Dropbox Passwords Going Free As LastPass Cripples Free Version

    Dropbox Passwords Going Free As LastPass Cripples Free Version

    Dropbox has announced it is making Dropbox Passwords free to all users, providing a valuable password management option when it’s needed most.

    Dropbox first introduced Dropbox Passwords last year to paid users. The company is now making it available to all users, including those with a free storage plan. The service uses zero-knowledge encryption, meaning that Dropbox cannot see or decipher the stored passwords.

    Most significantly, Dropbox’s service works across all compatible devices, filling an important need in the market. LastPass is a popular password manager, allowing users to sync their passwords across devices. Last month, however, the company announced it was restricting its free tier on a platform basis. Users can choose to use it on their computers or their mobile devices, but not both without upgrading to a paid plan.

    Dropbox’s service does have a couple of restrictions to the free tier. The free plan can only be used to store 50 passwords, and will only sync across three devices. Nonetheless, those restrictions are far better than the ones LastPass imposes.

  • Dropbox Password Manager Shows Up On Google Play Store

    Dropbox Password Manager Shows Up On Google Play Store

    Dropbox appears to be working on its own password manager, dropping an early access, invite-only version on the Google Play Store.

    Password managers are increasingly becoming an important part of internet users’ routines. As more and more websites insist on complicated passwords, many users are finding it difficult to keep up with them. In addition, several modern web browsers will recommend a password change if it’s too easy, or if it’s being used on multiple sites.

    A password manager solves the problem of trying to remember a myriad of unique passwords, as it stores all the passwords securely in one location. As a result, a user only has to remember the password to the manager, and let it handle everything else.

    It seems Dropbox wants in on the game, as it has released Dropbox Passwords on the Google Play Store. The app is still in development, however, and is accessible by invite only.

    Given Dropbox’s status as one of the most popular cloud services, it’s a safe bet Dropbox Password will be a big hit once it is officially released.