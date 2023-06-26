- Advertisement -

Users of the LastPass password manager have been facing significant login issues starting in early May. The company announced that users would have to reset their account and multi-factor authentication preference due to security updates planned for May 9.

However, numerous users have found themselves locked out of their accounts and unable to access their password vault again, despite successfully resetting their MFA apps (such as LastPass Authenticator, Microsoft Authenticator, or Google Authenticator).

- Advertisement -

LastPass users report difficulties getting help and support

According to what they report from Bleeping Computer, the problem has been further complicated by the fact that affected customers cannot seek help from LastPass support. The support search feature requires logging into accounts, but users are stuck in an infinite loop of resetting their MFA authentication. This has led to frustration and an inability to resolve technical issues.

LastPass has issued several warnings about the security improvements and has explained that these are made to increase the security of passwords. The company uses a stronger version of the Password Key Derivation Function (PBKDF) to increase the security of the Master Password. The MFA authentication reset is done to increase client password iterations and improve LastPass vault encryption.

LastPass has provided detailed instructions for resetting the pairing between LastPass and the authenticator app. Users must follow a specific procedure to re-enable multi-factor authentication on their account.

- Advertisement -

In addition, LastPass has implemented an additional security measure that requires users to verify their location when logging into a website or app using LastPass. This is done to ensure greater security when accessing accounts.

The company has communicated to its customers the recommendation to reset the MFA settings with their preferred authenticator application, as a precautionary measure. Emails and security bulletins were sent to inform users of the importance of taking these measures.

These issues are in addition to the security breach that LastPass experienced in December 2022. At that time, threat actors managed to steal a large amount of partially encrypted information and data from customers’ password vaults. The security breach originated from another breach that occurred in August 2022.