I dug out my communication with #LastPass from 2018. I continuously prompted them to update the iteration count for existing accounts, they kept stalling. Originally I wanted to disclose their vulnerabilities only after they fixed this, yet I ended up publishing with the migration still “in progress” according to their claims. As we know now, it likely didn’t even start back then, and they never actually finished this migration. So now many of their users are at a heightened risk in the #LastPassBreach.

I am absolutely flabbergasted at the massive failure that comes to light now. Didn’t want to write any more, but… Well, one more blog post.

palant.info/2022/12/28/lastpas…

LastPass breach: The significance of these password iterations

The Password Iterations setting is essential to keep users’ data secure. Yet LastPass failed to keep it up-to-date for many accounts.

^{Almost Secure}