LastPass has been in the news a number of times in the last few years, and not in a good way. The firm makes password-management software for multiple platforms, synced through their central servers. In mid-2015, thieves copied its main password database, but because of good password storage design, the likelihood is that no users had any data extracted. In January 2016, a researcher found a user-interface spoofing bug, since fixed. In mid 2016, another researcher figured out how to fool LastPass with an autofill operation (fixed) and another reported a phishing vulnerability (also fixed). Then a few weeks ago, another found browser-based extension vulnerabilities (also fixed, except for one older client, being retired).
To read this article in full or to leave a comment, please click here
