Submitted by BasedSweet t3_10z1kx5 in technology
guatemaleco t1_j84e7xv wrote
Reply to comment by PMs_You_Stuff in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet
16 characters seems low unless it’s a randomly generated password. PBKDF2 iterations would also matter a lot here. The most determining factor is probably how likely of a target are you? Are you likely worth the compute time?
[deleted] t1_j84lawy wrote
[deleted]
belteshazzar_der t1_j85klag wrote
This is incorrect. They stole the password vaults themselves, so if they crack your master password they'll get access to all of your passwords. Doesn't matter if you have 2FA on. This is one of the main reasons why this breach was so bad.
guatemaleco t1_j8gt399 wrote
Yea, 2FA is not used in encryption at all. It's only part of authentication to retrieve the encrypted vault. Since the vaults were already stolen, 2FA is meaningless here.
Viewing a single comment thread. View all comments