Google Project Zero is a team of highly talented security analysts with a brief to uncover zero-day vulnerabilities. If a vulnerability is found, Project Zero reports to the vendor concerned and starts a 90-day countdown for a fix to be issued before full public disclosure is made. LastPass is also in the security business, being one of the most popular password management solutions with more than 16 million users, including 58,000 businesses. Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.
https://www.forbes.com/sites/daveywinder/2019/09/16/google-warns-lastpass-users-were-exposed-to-last-password-credential-leak/#5e161ec64600
The part where the article explains how the vulnerability is exposed is pretty scary. It seems like the vulnerability has already been patched and no user action is required currently. Also it reassures the readers that it’s still okay to keep using the pw manager but what I don’t get is the justification “It’s far more likely that your accounts will get compromised by attacks that exploit poor passwords”
I mean wouldn’t you want these companies to have stricter pw policies. I am seeing more and more that companies are implementing stronger pw policies and what not which is a step in the right direction