Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A login attempt without the 2fa token, failed with valid master password, so far a handful of others have reported it in this thread.


It's a side note, but I had 2fa enabled on my LastPass account but didn't have access to my token (it's an old phone that I don't have anymore).

I was able to remove the 2fa by clicking a link that LastPass sent to my email (confirming that I wanted to remove the 2fa).

So if anyone has your LastPass master password and has access to your email, it's game over and having the 2fa enabled on the LastPass account won't do anything.


Lol, that's horrible. Between things like that and simjacking, phones seem to be a terrible thing to involve in security. And people, I guess.


Yeah, and I used an app instead of sms on my phone for the 2fa token. Didn't make a lick of a difference...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: