LastPass master passwords compromised (?)

  • Thread starter Wrichik Basu
  • Start date
  • Tags
    Master
In summary: I think that having different passwords for different websites is a good idea.-In summary, several users received email warnings of unfamiliar login attempts and even logins to their LastPass account. The question arises whether the LastPass master password has been leaked in a data breach. According to LastPass, the passwords were not leaked and this was a regular "stuffing attack" in which a bot tries to access accounts using passwords from past data breaches. The company has also said that no account has been compromised, and that, some false alerts were triggered by an error in their system, which, they claim, has been fixed.
  • #1
Wrichik Basu
Science Advisor
Insights Author
Gold Member
2,157
2,719
Several users received email warnings of unfamiliar login attempts and even logins to their LastPass account. The question arises whether the LastPass master password has been leaked in a data breach. According to LastPass, the passwords were not leaked and this was a regular "stuffing attack" in which a bot tries to access accounts using passwords from past data breaches. The company has also said that no account has been compromised, and that, some false alerts were triggered by an error in their system, which, they claim, has been fixed. But people still reported suspicious activity, even after changing their master password. Some reported that they were unable to change the master password or disable/delete their accounts.

More information can be found in this tweet-thread:



Maybe it's a good time to change the master password if you are using LastPass. I tried changing mine, and got an error, but it seems to have changed as I got logged out from the LastPass extension on Chrome and had to log in again using the new password.
 
Computer science news on Phys.org
  • #2
This is why I do not trust an online password manager. All my passwords are on my computer, not someone else's, stored I-don't-know-how. I don't know if it is the best, but I used KeePassXC.
 
  • Like
Likes sysprog
  • #3
jack action said:
All my passwords are on my computer, not someone else's, stored I-don't-know-how.
I think you misspoke Jack. When you log in, a remote site has to compare the PW you typed with the PW on file (or the functional equivalent, the PW hash). So if no remote computer has it, you can't use it.
 
  • Like
Likes sysprog
  • #4
anorlunda said:
I think you misspoke Jack. When you log in, a remote site has to compare the PW you typed with the PW on file (or the functional equivalent, the PW hash). So if no remote computer has it, you can't use it.
In a correctly designed system the only thing stored on the remote site should be a salted and hashed (100s-100s of times using as good algorithm like SHA-256) value. That way the password cannot be leaked in a security breach.
 
  • Informative
Likes berkeman
  • #5
anorlunda said:
I think you misspoke Jack. When you log in, a remote site has to compare the PW you typed with the PW on file (or the functional equivalent, the PW hash). So if no remote computer has it, you can't use it.
No, what I meant is that my password manager is on my computer, not on some server that is filled with maybe millions of people's passwords, thus very tempting for hackers to try to get into this server. My password manager still fills the authentification process (both on my computer or some distant server) like any online password manager.

It has to be very personal for someone trying to hack my computer to get only my passwords.
 
  • Like
Likes sysprog and Ibix
  • #6
glappkaeft said:
In a correctly designed system the only thing stored on the remote site should be a salted and hashed (100s-100s of times using as good algorithm like SHA-256) value. That way the password cannot be leaked in a security breach.
That's what I thought, but I don't know much about how passwords work on the Internet.

But it seems like a counterexample would be the accounts that I have (including some work website accounts, which presumably are well-designed) where when you have to change your password, they will not let you just change the last letter, for example. This seems to be pretty commonplace, but would contradict them only storing a well-hashed version of the password, no?
 
  • #7
berkeman said:
This seems to be pretty commonplace, but would contradict them only storing a well-hashed version of the password, no?
To change your password, you must type in the old and new PWs on the same page. So at least temporarily, they have access to the text version of your PW.

Or is the hashing done on the client computer before transmission?
If yes, then your hash *is* your password and anyone leaking your hash has access to your account.
 
  • Like
Likes jack action
  • #8
My take is that it doesn't matter how the technology works, or how well it works. Companies and systems are built and maintained by humans, and humans are fallible. Witness nearly every security breach in recent history. The consumer software industry is predicated on the "move fast and break things" model. One password for everything, stored in one database sounds like a monumentally stupid idea to me.

So, some of my passwords are in the cloud, some on my machine. But if you want any of my important (financial) PWs, you'll have to decipher the slightly cryptic handwritten notes in the little PW book in my desk drawer.

I view this as nearly entirely an issue of humans and organizations, not technology. I'm waiting for someone to show me I'm wrong.
 
Last edited:
  • #9
I generally don't like those policies too much (often they are applied in a way that promotes bad password hygiene) but if you are a little paranoid (which is seldom wrong when it comes to security) changing the password occasionally (say one/twice a year) will defeat the type of attack where the black hats breaches the remote site and acquires your hashed password.

If the password never changes the attackers could then dedicate lots of time and/or enormous amounts of computer power to brute force crack your hash. If the hash is salted and the password is good this is more of a theoretical risk but for organizations in real life it provides some risk mitigation against users with bad passwords (and might be required for IT insurance purposes etc).

All this of course assumes the remote site does a good job securing the password however there is a reason https://plaintextoffenders.com/ exists.
 
  • #10
anorlunda said:
To change your password, you must type in the old and new PWs on the same page. So at least temporarily, they have access to the text version of your PW.

If you don't trust the site that far you shouldn't use it. ;)

Generally the password would be encrypted, sent to the server, decrypted, salted/hashed and then the password should be forgotten by the server. One improvement of that method is client side hashing where the client will salt and hash the password before sending it and then the server does addition hashing before comparing it to the database. Not sure how common that is in practice but it has some advantages if the remote site is compromised.

Or is the hashing done on the client computer before transmission?
If yes, then your hash *is* your password and anyone leaking your hash has access to your account.
Yes, that would be completely useless (same as storing it in plain-text) so I hope no one does that.
 
  • #11
anorlunda said:
To change your password, you must type in the old and new PWs on the same page. So at least temporarily, they have access to the text version of your PW.

Or is the hashing done on the client computer before transmission?
If yes, then your hash *is* your password and anyone leaking your hash has access to your account.
The hashing is done on the (presumably trusted to flush the plaintext as soon as the hash is genned) target machine, and via SSH, it is never transmitted in plaintext.
 
  • #12
Wrichik Basu said:
More misinformation
Fixed that for you.

LastPass does not store master passwords on their server.
 
  • Like
Likes pbuk
  • #13
Vanadium 50 said:
Fixed that for you.

LastPass does not store master passwords on their server.
They do store hashes of them, right?
 
  • #14
No, They store functions of the site passwords that when combined with the master password - which they do not know - yields the site password.
 
  • Informative
  • Like
Likes FactChecker and Motore
  • #15
Vanadium 50 said:
No, They store functions of the site passwords that when combined with the master password - which they do not know - yields the site password.
I see the distinction, but wouldn't those functions be hashing functions? Perhaps I'm using a different definition of that from yours. The way it was done with ACF2 in the '80s ##-## compute a key from the plaintext input (in essence this was a hashing function), discard half of it so that the process couldn't be reversed, and store the result in a database. Then at logon, repeat the process, and compare the result against the stored key ##-## if they matched, good to go; if not, password incorrect. Of course, this meant that some (highly probably non-typeable) alias existed for the password, but that was not considered to be a problem.
 
  • #16
glappkaeft said:
One improvement of that method is client side hashing where the client will salt and hash the password before sending it and then the server does addition hashing before comparing it to the database. Not sure how common that is in practice but it has some advantages if the remote site is compromised.

glappkaeft said:
Yes, that would be completely useless (same as storing it in plain-text) so I hope no one does that.
Please explain. First you say client side hashing is an improvement, then you also say it is completely useless.
 
  • Like
Likes Wrichik Basu
  • #17
anorlunda said:
Please explain. First you say client side hashing is an improvement, then you also say it is completely useless.
I think what @glappkaeft said was that client-side hashing with no further hashing on the server-side was useless, for the reason you suggested. But transmitting a hashed and salted password over a secure connection for further hashing and salting is an improvement.

I don't have an opinion on the topic - not my field - but I think that's what he said.
 
  • Like
  • Informative
Likes pbuk and Wrichik Basu
  • #18
glappkaeft said:
In a correctly designed system the only thing stored on the remote site should be a salted and hashed (100s-100s of times using as good algorithm like SHA-256) value. That way the password cannot be leaked in a security breach.
Out of curiosity, how were passwords leaked in the past, for eg. Adobe and Zomato? Did the hackers actually take the hashed passwords and de-hash them? If so, the encryption algorithm must not have been very strong.
jack action said:
No, what I meant is that my password manager is on my computer, not on some server that is filled with maybe millions of people's passwords, thus very tempting for hackers to try to get into this server. My password manager still fills the authentification process (both on my computer or some distant server) like any online password manager.
I get it, but is that very useful at the end of the day? Most people need their passwords on multiple devices rather than one PC only. I can sync them manually, but every time I add a new login credential, or change a password, it would be a headache to change it everywhere manually. Moreover, good password managers like Google (and LastPass, but you have to pay for the feature) automatically monitor password breaches and inform you if a password has been leaked anywhere.
Vanadium 50 said:
LastPass does not store master passwords on their server.
Good to know that.
 
  • #19
Wrichik Basu said:
Most people need their passwords on multiple devices rather than one PC only. I can sync them manually, but every time I add a new login credential, or change a password, it would be a headache to change it everywhere manually.
Full disclosure, I only use one device, but if it wasn't the case, you can still save your password as a file (created and encrypted by the password manager) in the cloud when you make a change (which shouldn't happen that often). Your passwords are still online, but it's on your own personal space where nobody knows what to expect, as opposed to a server dedicated to saving passwords which is a tempting challenge for a hacker.

I really have a trust issue when it comes to letting others manage my private life.
Wrichik Basu said:
Moreover, good password managers like Google (and LastPass, but you have to pay for the feature) automatically monitor password breaches and inform you if a password has been leaked anywhere.
If you have a different password for every site, each being a meaningless word with 256-bit entropy, I'm not worried about breaches. Good companies have strong security measures and will tell you if they had a breach. Bad companies with bad security measures and wouldn't tell you if they had a breach? Who cares? You probably have nothing important there and your password is next to impossible to guess, unique and non-reuseable. That is the whole point of using a password manager.

Also with my password manager on my computer, I can use it with programs on my computer. When a login window opens, I just hit Shift+Alt+A and the password is typed automatically. I'm not sure if an online password manager can do that or if it only works in a browser.
 
  • Like
Likes Ibix
  • #20
Ibix said:
I think what @glappkaeft said was that client-side hashing with no further hashing on the server-side was useless, for the reason you suggested. But transmitting a hashed and salted password over a secure connection for further hashing and salting is an improvement.

I don't have an opinion on the topic - not my field - but I think that's what he said.
Yes I agree that that is at least what he meant.

This link has a useful diagram illustrating what LastPass actually does: https://www.lastpass.com/security/what-if-lastpass-gets-hacked

Wrichik Basu said:
Out of curiosity, how were passwords leaked in the past, for eg. Adobe and Zomato? Did the hackers actually take the hashed passwords and de-hash them?
No, in general it is impossible to recover the original text from a hash (it is however possible, given enough computer power, to find a plaintext that may or may not equal the original text that hashes to the same value).

Generally password hash leaks are exploited by dictionary attacks: the attacker calculates the hash for passwords that people are known to use (e.g. from previous leaks) and looks for them in the database. Salting makes this harder because you have to recalculate the dictionary hashes for each target.

This is why you are advised to use passwords that are unique. If a hacker gets hold of a million password hashes then the 30% that have passwords like "password123" are going to be the ones that are compromised, and 300,000 compromised accounts are plenty.

The Adobe leak in 2013 was different: firstly there were plain text hints in the data base such as "my dog my birthday". This enabled use of a much shorter dictionary for each target. Secondly, and this is the disastrous part that (together with a couple of other egregious breaches such as at LinkedIn) led to a review of password handling throughout the industry, Adobe didn't use hashes, they stored encrypted passwords. Once attackers had worked out the encryption method and key (from guesses using the password hints), they were able to reverse the encryption process and decrypt all 3 million records. Truly shocking and Adobe's technical reputation was permanently damaged by the incident.
 
Last edited:
  • Like
  • Informative
Likes Wrichik Basu, sysprog and Ibix
  • #21
pbuk said:
This link has a useful diagram illustrating what LastPass actually does: https://www.lastpass.com/security/what-if-lastpass-gets-hacked
Here's the diagram from that page:

98aca272a4de42d695f815def5776d64.png
 
  • Informative
Likes FactChecker
  • #22
sysprog said:
The way it was done with ACF2 in the '80s
That may describe how Amazon deals with passwords, but what does it have to do with LastPass?
 
  • #23
Vanadium 50 said:
That may describe how Amazon deals with passwords, but what does it have to do with LastPass?
ACF2, the Access Control Facility, is a mainframe data security product. In the diagram, in post #21, linked to by@pbuk on post #20, you can see that LastPass does PBKDF2 hashing, which is in principle like what ACF2 did in the '80s to do a one-way hashing function using a DES block cipher (nowadays, it uses XDES+proprietary). (ref: https://en.wikipedia.org/wiki/Cryptographic_hash_function)
 
Last edited:
  • Like
Likes Wrichik Basu
  • #24
Yes, but how does this matter? It's a fact, but not a relevant fact.

The key point is that LastPass can't leak a master password because they can't leak what they don't know.
 
Last edited:
  • #25
pbuk said:
Generally password hash leaks are exploited by dictionary attacks:
I disagree when generally means the number of stolen passwords rather than the number of attacks. In some server breaches, tens of millions of login credentials are stolen at the same time. With the dictionary attack, you can only discover one password at a time.

Big companies and governments have a long history of dragging their feet notifying regulators and customers about a breach. Special laws had to be passed to force them to notify promptly, but even those laws are very hard to enforce. Companies and governments have financial and reputational motivations to conceal breaches.

It matters less every day because so many are switching to multifactor authentication. Soon we may even see mainstream sites with no passwords at all because of all the factors in multifactor, the password factor may be the most problematical.
 
  • Like
Likes Wrichik Basu
  • #26
I agree in re the "key point" -- the rest of what I said was to clarify the line of inquiry that I started in post #13.
 
Last edited:
  • #27
anorlunda said:
I disagree when generally means the number of stolen passwords rather than the number of attacks. In some server breaches, tens of millions of login credentials are stolen at the same time. With the dictionary attack, you can only discover one password at a time.
I was thinking of a dictionary attack on the stolen (hashed) credentials.
 
  • #28
pbuk said:
I was thinking of a dictionary attack on the stolen (hashed) credentials.
Isn't that the same? You only get one login per successful dictionary attack.
 
  • #29
An update - they had another attack. No passworeds were stolen (since they don't store them).
 
  • Like
Likes Wrichik Basu

FAQ: LastPass master passwords compromised (?)

What is LastPass and why is it important?

LastPass is a password manager that helps users securely store and manage their passwords for different online accounts. It is important because it allows users to create strong and unique passwords for each account, improving their overall online security.

How do I know if my LastPass master password has been compromised?

LastPass has several security measures in place to protect users' master passwords, but if you are concerned that it may have been compromised, you can check the LastPass Security Challenge feature. This will analyze your account for any potential security risks, including compromised passwords.

What should I do if my LastPass master password has been compromised?

If your LastPass master password has been compromised, you should change it immediately. You should also change the passwords for any accounts that may have been saved in LastPass. Additionally, enable multi-factor authentication for your LastPass account to add an extra layer of security.

How can I prevent my LastPass master password from being compromised?

To prevent your LastPass master password from being compromised, make sure to create a strong and unique password that is not used for any other accounts. It is also important to regularly update your master password and enable multi-factor authentication.

Is LastPass still safe to use after a potential master password compromise?

Yes, LastPass is still safe to use after a potential master password compromise. The company has a strong security team in place and regularly conducts security audits to ensure the safety of user data. However, it is important to regularly update your master password and enable multi-factor authentication to further protect your account.

Similar threads

Replies
84
Views
5K
Replies
46
Views
8K
Replies
21
Views
4K
Replies
1
Views
2K
Replies
1
Views
1K
Replies
3
Views
1K
Replies
0
Views
96K
Replies
1
Views
2K
Back
Top