Hackers can simulate a login dialogue so closely that even careful users might simply give them their username,password and even their two-factor keyA security researcher has released a tool that can steal the login details and two-factor authentication key for the accepted LastPass password manager, leaving users potentially exposed.
LastPass, and like many other password managers,stores users passwords in the cloud in an encrypted vault protected by a single username and password. The vault can also be protected using various forms of two-factor authentication. Continue reading...
Source: theguardian.com