Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
LastPass Forced 2FA Reset (lastpass.com)
47 points by weird_fox on June 18, 2023 | hide | past | favorite | 6 comments


I switched to Bitwarden a few months ago (after using LastPass for years) and haven't looked back. Would recommend.

While I'm sure Bitwarden has its own set of issues I'm unaware of... at least you can self-host it, it's open-source, and it sure doesn't seem to have constant security incidents/oddities like LastPass!


Hey,

So i just got hit by this. Basically LastPass won't let you login anymore, unless you relink your 2FA with a new seed. Is there something going on here? I can't imagine a legit use case why they would force this besides a breach.


> Jun 16, 2023

It's also interesting that the article seems to have been updated/published (I can't seem to tell which) 2 days ago...


They were forcing more encryption rounds via a reset a while back. Unclear whether this is the same thing still or a new issue


I assume they are forcefully resetting MFA tokens for folks who did not read the full details of the hack and took appropriate action? One of the later iterations of the advisory regarding the hack stated token data was taken, requiring you to reset MFA.


I wonder how much of that partially-obscured QR code is decodable by hand...




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: