LastPass’ Authenticator app might not be as secure as you think

-

best password manager apps

  • A programmer discovered an exploit in the LastPass Authenticator app
  • The exploit supposedly allows you to view 2FA codes without your fingerprint or PIN
  • LastPass has yet to respond for comment on the issue

For those of you using LastPass as your password manager of choice, you've probably heard of or used the company's Authenticator app. Released last year, LastPass Authenticator introduces two-factor authentication to your LastPass account and other supported applications.

As useful as the app is, it appears that there is a glaring security hole that bypasses any fingerprint or PIN authentication you have in place.

That hole was discovered by Dylan, a programmer over at Hacker Noon who found that all you need to do to access your 2FA codes is access to individual activities. There is no need to root your device, either — Dylan says you can use an app like Activity Launcher for devices running Android Nougat and older, as well as QuickShortcutMaker for devices running Android Oreo.

According to the programmer, you are looking for access to the "com.lastpass.authenticator.activities.SettingsActivity" activity. Once you open it, press the back arrow button and you make it to the Main activity, where you see all of your 2FA codes. Dylan says that he did not need to provide his fingerprint or PIN number to access the information at any point.

Editor's Pick
related article

LastPass vs 1Password vs Enpass: Which of these password managers is the best?

As we use our smartphones and other mobile devices more and more often to purchase goods online or sign onto paid services, we also have to create and use more sophisticated passwords. While we are …

Here's where things get a bit hairier. According to Dylan, he first reported the workaround in June, with a LastPass support representative confirming he could replicate the issue. When Dylan followed up with LastPass, he was reportedly told that there was no ETA for a fix.

Fast forward to December, and Dylan was reportedly told that the issue was "still being investigated" and that there were no updates. Dylan then decided to publish the details regarding the issue a little over two weeks after he last communicated with LastPass.

In other words, the issue seems to still exist in the LastPass Authenticator app and there doesn't appear to be a fix anytime soon. To be sure, Android Authority reached out to LastPass for comment on the matter and will update this article accordingly.

Still, it's a bit weird to see this issue around since June and no update has been issued to close the workaround. Also, just in case you were wondering, this issue doesn't appear to exist in the iOS version.


Popular Posts:

Beyond eSIM: How iSIM could turn phones into the ultimate Internet ID

-
Image
Most modern smartphones still support the classic SIM card (well, the nano variant at least), but a gradually growing number of phones and other consumer gadgets are starting to support eSIM . We might not be too far away from yet another change in SIM tech, as devices could soon start using iSIM. Earlier this year, Arm unveiled its vision for the iSIM – an integrated SIM that fits into a device's system-on-a-chip. In the future, along with a CPU, GPU, LTE or 5G modem, your next phone SoC could also include the SIM card built inside it too. While there might not appear to be a big difference compared to eSIM, iSIM could end up drastically changing the way we use a wide range of connected devices. eSIM vs iSIM eSIM and iSIM are rather similar in a number of respects. Both replace the transferable nano SIM cards with a hardware chip that's permanently fixed inside a user's phone, tablet, or other gadget. When you consider that nano SIM cards are around 12.3 x 8.8 m
Continue Reading....

Collaboration request

-
Hi there How would you like to earn a 35% commission for each sale for life by selling SEO services Every website owner requires the use of search engine optimizaztion (SEO) for their websites. Think about it, this is really hot Simply register with us, generate your affiliate links and incorporate them on your websites, thats it. It takes only a few minutes to set up everything and the payouts are sent by each end of the month Click here to sign up with us, totally free: https://www.creative-digital.co/join-our-affiliate-program/ See you inside Tiffony
Continue Reading....

Apple is postponing new iOS features in favor of reliability and performance

-
Image
Apple has decided to postpone new features in iOS in favor of improving the reliability and performance of the operating system, as according to a report by Axios. According to the report, Craig Federighi, Senior Vice President, Software Engineering, announced the revised plan to employees at a meeting earlier this month. This pushes features like refresh of the homescreen and in-car user interface, improvements to core apps like Mail and camera experience to 2019. What we will get this year is improvements to AR, digital health and parental controls. Apart from that, the OS will largely feature improvements to performance and user experience. We have seen Apple do this with macOS in the past, where they dedicate one entire update cycle to just refining the OS and make existing features work better. However, we have never quite seen Apple do that on iOS. This is largely due to the hyper competitive nature of the mobile market where competition and customer demands push companies t
Continue Reading....

Samsung Opens ‘Samsung-AUT Tech Center’ in Iran in Partnership with the AmirKabir University of Technology

-
Image
  As part of a joint partnership between Samsung Electronics and the AmirKabir University of Technology (AUT) in Iran, the Samsung-AUT Tech Center was recently opened to support technology research and innovative projects, in addition to boosting education and employment prospects for students.   Operating under the Samsung Corporate Citizenship series of programs, the center’s primary focus is on mobile application development within the health, environment and energy, education, and employment sectors. As part of its efforts, the center will provide logistical and technical support, as well as facilitate the development, production, and introduction of innovative and useful applications.   At the center, young people will also receive support in the form of training, mentorship and equipment, with the aim that they use this support to create their own projects that will help them to become more employable in the future. In addition, with research and development another major a
Continue Reading....

I/O is coming, get ready

-
Image
What's new in Google Play and Android Email not displaying correctly? View it online April 2024 Google I/O program details are now live Get a sneak peek at this year's 150+ sessions and learning content covering mobile, web, multi-platform development, and more. Be sure to save the "What's new in Play" session to My I/O to learn about the latest tools and updates designed to help you grow your business on Google Play. Register now Upcoming Google Play and Android policy deadlines May 2024 • All apps must use the monetization.subscriptions A
Continue Reading....