LastPass is the world's most popular cloud password management tool. This tool is the main user of the Internet account number and password management, and 1Pass very similar. On the PC side, the user can use the LastPass browser plug-in on their own account and password management, in the end of the phone is APP. !
LastPass in addition to the account password of the automated storage, but also for some manufacturers to provide automation to change the password of the programme. LastPass even provides a front-end encryption service to prevent the were middle attacks and the like. LastPass the use of cryptographic protection measures sufficient to protect the vast majority of users of security,LastPass for authentication hash to strengthen the protection,the use of a random factor,and the client outside of PBKDF2-SHA256 server-side implementation of the 1 0 million cycles of processing. On the surface it sounds very safe tricky, but in fact really true? 2 0 1 4 years, several security experts said, lastPass did not imagine in so safe. Because once your LastPass account is stolen or registered mail is stolen, then all of the Internet accounts are not to be spared. 2 0 1 5 years, a hack propaganda has infected the LastPass server, and steal the entire database. Although LastPass using a preceding encrypted, but still have to crack the possibilities. !
Multiple security vulnerabilities From the Google Project Zero researchers Tavis Ormandy found a few LastPass 0day vulnerabilities. Researchers said on Twitter: really someone with LastPass? I just see a few eye will find several vulnerabilities...... LastPass now has an emergency patch the vulnerability, there is no disclosure of vulnerability details. Here are some case we may not of known. In addition, a security personnel Mathias Karlsson, also found a LastPass vulnerability: LastPass according to domain name automatically fill in account and password. For example, I browse to a Google page, then lastpass will automatically fill in account and password, I only need to login on the line. As shown below: !