Password manager LastPass has an extra layer of protection for its Authenticator app, in the form of a fingerprint and/or PIN that ostensibly keeps people out of your passwords if they find your phone unlocked. Last week, a developer posted that he’d been able to bypass this security feature on the Android version of the app. As of right now, though, LastPass users can download an update to the app that fixes the issue and adds a one-time code when the fingerprint/PIN feature is first enabled.
This isn’t the first time LastPass has had to fix critical security flaws. In March of this year, the company had to fix some server-side issues and update its extensions. If you use LastPass on Android now, though, you’ll want to update your app to the latest version. If your phone was stolen or lost and you need to re-enable the multi-factor authentication feature, LastPass has a list of recommended steps.
Ultimately, this exploit helped clue the company in that its response process needs an overhaul, as well. The original developer was unable to successfully notify the company about the exploit, which is why he used Medium. LastPass has since revamped it’s procedures for reporting issues like this. “At LastPass, investigating and responding to security reports – and customer concerns in general – is our highest priority and we strive to always improve our internal processes,” said the company in a statement.
Source: LastPassRead Original: Engadget