Should I be concerned about reports that my master password can be stolen?

LastPass always has security as top of mind. We offer the following tips and clarifications:

  • Strong antivirus software and Multifactor Authentication are the best line of defense against a man-in-the-middle (MitM) attack. LastPass business account admins can enforce the use of Multifactor Authentication through LastPass security policies.
  • We strongly warn that you should not enable the "Remember my password" option. Enabling this significantly reduces your security to your LastPass account. LastPass business account admins can use a security policy that prevents the "Remember my password" option from being checked, rendering the entire possibility of the vulnerability null and void.
  • LastPass is built with AES256+CBC with PBKDF2 rounds that are adjustable per user by doing the following:
    1. Click the active LastPass icon LastPass in your web browser toolbar.
    2. Select Open My Vault.
    3. Go to Account Settings in the left navigation.
    4. Under Security within the "Password Iterations" setting, make your desired changes (100100 is default and recommended at minimum).
    5. Click Save when finished.
  • LastPass business admins can enforce a particular limit of iterations via security policy.
  • If your computer is infected by a virus that can't be detected by antivirus software, there are other significant problems that you will need to address.