Since May 2023, users of the LastPass password manager have been experiencing severe login issues after resetting their MFA.
It all started when people were asked to reset multi-factor authentication (MFA) applications. The fact is that users are required to re-login to their LastPass account and reset the MFA after the company was hacked at the end of last year. And by the way, we also talked that LastPass Breach Investigation Goes On, Things are Even Worse.
Let me remind you that media also wrote that Hackers Broke into the Home PC of the Developer of the LastPass Password Manager and Penetrated the Company’s Cloud Storage, and also that Hunter Biden’s top-secret laptop was protected with a simple password.
The new security measures that will be introduced as part of the planned improvements in this area were announced by the company on May 9th.
As a result, many users were off their accounts and lost access to the LastPass vault, even after successfully resetting MFA apps (eg LastPass Authenticator, Microsoft Authenticator, Google Authenticator).
The problem is exacerbated by the fact that victims cannot even contact LastPass support for help, since it requires logging into their account, and people are locked in an endless loop where they are prompted to reset the MFA.
At the same time, LastPass developers report that they warned about the upcoming reset of the MFA through messages in the application “several weeks” before the start.
Since the warnings clearly didn’t work, the company is now issuing security patch newsletters explaining to users that these changes are necessary to increase the password iterations to the new default value of 600,000.
In another newsletter, the company says users need to re-enable multi-factor authentication to stay secure when logging into LastPass.
The entire procedure required to reset the pairing between LastPass and an authenticator app (LastPass Authenticator, Microsoft Authenticator, or Google Authenticator) is now detailed in a separate document.
As part of security enhancements, users are now prompted to verify their location when they sign in to a website or app using LastPass. Also, if you sign in to a site or app that used LastPass to sign in, you’ll need to re-enter your credentials and authenticate with the authenticator app. The next time you sign in to a site or app using LastPass, you are asked to repeat the same process as an added security measure.