The LastPass Security Challenge and 1.64.4 released

Make one of your New Years resolutions greater security; take the LastPass security challenge: https://lastpass.com/?securitychallenge=1

As you may already know there has been another high profile release of millions of plain text passwords. In this case, RockYou had 32 million users passwords in plain text, downloaded with a simple SQL Injection attack.
It’s clear millions of plain text passwords are going to keep being taken. If RockYou hadn’t been publicly exposed, they may not have even known! SQL Injection attacks often don’t leave a lot of traces of what occurred.
With every password you use, an employee at the site or hacker could obtain it if the site doesn’t use a non-reversible hash to store your password. If they don’t properly salt the hash, you could still be quite vulnerable, despite the site operators believing they implemented things the right way (see: http://en.wikipedia.org/wiki/Rainbow_table). If you use the same passwords on multiple domains, you’re opening yourself up to your password being taken at one site and used at another.
The security challenge will download and decrypt your data (locally as always), then compare it to a number of known poor passwords, and show you which domains you use the same password on. It’ll help you protect yourself from these attacks in the future. LastPass will give you a score so you know how well you’re doing and keeps track of your score history so you can track your improvement.
We’d recommend using Firefox or IE to update your sites, as the ‘Fill Current Password’ + ‘Generate’ notification bar hasn’t been added to Chrome or Safari yet.
1.64.4 adds the security challenge to the menus (under Tools), and includes some long requested features: IE can run in ‘tool button’ mode, IE and Firefox share login state, better updating process in IE better menus in Chrome and more.
If your IE asks you to download more than once, please reinstall via: https://lastpass.com/lastpass.exe
 

25 Comments

  • Anonymous says:

    What problem are you having?
    LastPass Icon -> Preferences -> General -> Toolbar Mode : set to ‘Use only command button’
    Then restart your IE browser.
    If you don’t see it, then it’s likely hidden off to the right – click on the chevron on the IE right bar (the ‘>>’) and it will show up. To make it appear on the screen, right click and make sure ‘Lock the Toolbar’ is unchecked, then drag the toolbar band to make it bigger. Then you can recheck ‘Lock the Toolbar’. We’ll add this to our documentation. If you still have issues, then please use our helpcenter to contact us rather than asking for support in a 6 month old unrelated blog post.

    Thanks,
    LastPass