2 min Security

LastPass users continue to experience authentication problems

LastPass users continue to experience authentication problems

Many LastPass end users have long been unable to log in to their password manager due to authentication problems. This is evident from the many comments on Twitter and other user forums. LastPass does eventually come to the rescue of users.

The authentication problems surrounding LastPass’s password manager service have occurred since early May this year. This follows a request by the company for end users to reset their multifactor authentication (MFA) settings due to planned security upgrades.

Resetting their MFA authentication preferences requires end users to log back into their LastPass account. For many users, this fails, and thus they cannot access their accounts.

Even successfully resetting their HFA applications, such as LastPass Authenticator, Microsoft Authenticator and Google Authenticator does not help, say end users on different platforms.

End users cannot get immediate help from the company because it requires logging into their own accounts. This leaves affected end users in a loop asking them to reset their MFA apps.

Strengthened encryption

LastPass is aware of the problems and generally tries to help its end users. Several methods have since been published that affected end users can likely use to resolve the problem.

The root of the problems, according to LastPass, lies in the use of a stronger Password-Based Key Derivation Function (PBKDF2) than normal. This can cause end users to be forcibly logged out and problems resynchronizing the MFA functionality.

The problems are related to the encryption of end users’ LastPass Vault, which stores all their passwords to be managed.

Security incidents 2022

According to LastPass, the 2022 data breaches led to the need to improve security. In recent months, end users have been notified several times of these changes and what things they needed to change in order to do so.

Read more: LastPass confirms second data breach of the year