I was sidetracked by work this morning. As a result everyone and their brother has beaten me to the LastPass blog post. So let me be the millionth person to post “It is the last pass you’ll ever need, until we force you to change it.”
LastPass monitors their network, saw an anomaly and in an abundance of caution chose to force a master password reset. All these tweets “lastpass hacked” are a bit over the top. Particularly amusing is the Schadenfreude directed at anyone who would store their passwords in the cloud. How many of these people have actually evaluated the service and compared the risks/benefits to using a local application?
Is the cure worse than the disease? All day I’ve been unable to log into LastPass. Due to the high volume of traffic LastPass is logging people in under offline mode. I’m pretty sure that doesn’t work for me. I use Yubikey and I don’t think that works with an offline authentication. Fortunately I can get to my passwords on my iPhone, but my usage is still rather crippled.
Source: LastPass blog