LastPass Authenticator App On Android May Not Be As Secure As You Believe

With users signing up for an ever-increasing number of online services, there has been an innate need for password managers. Users have farther gravitated towards apps that tin can secure their online identity with the use of 2-factor authentication. But, what would be your reaction if I told you that LastPass Authenticator for Android isn't completely secure?

Yes, you're reading it right. The LastPass Authenticator app on Android, that'southward used to log into LastPass and other supported apps, has a security loophole that enables anyone to featherbed the PIN or fingerprint authentication you lot've used to top off the security of your 2FA codes stored in the app.

This vulnerability has been discovered by Dylan, a programmer over at Hacker Noon. He has suggested that the Android app for the password manager is non using the protection standards similar to its flagship app, leaving the 2FA codes attainable via individual activities on Android. Information technology tin can be accessed both in person, as well as via malicious code injection and has been present in the app since June.

To access the 2FA codes, you don't even need to root the device and tin access the same using apps such as Activity Launcher on pre-Oreo devices and QuickShortcutMaker on Android Oreo. If you install any of these apps, you lot canaccess 'com.lastpass.authenticator.activities.SettingsActivity' activity and press the back button to see the principal activity where all 2FA codes lay in all their "unsecured" celebrity. The LastPass Authenticator app on iOS is completely secure and does non suffer from such a security loophole.

LastPass' Official Argument

The company has released an official statement via their Support Twitter account, where they state that they're aware of the security concerns with LastPass authenticator app on Android. The same is being "thoroughly evaluated" and the users who use stiff password have nothing to fearfulness.

We're aware of the concern raised with the Authenticator app and are evaluating it thoroughly.
Users who continue to use strong passwords do non need to take any activeness at this fourth dimension.

— LastPass Support (@LastPassHelp) December 27, 2017

So, this simply means that it'll exist better for you, LastPass users, to either cease using the Android app or replace weaker passwords with stronger ones for the time being. How practise you experience nearly this uncomplicated however concerning vulnerability? Share with us your opinion in the comments down below.

Source: https://beebom.com/lastpass-app-android-threat-security/

Posted by: darrahlusell.blogspot.com

Share this post