nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Account History Failed Attemps Questions

inc0ming

I often check my account history to look for fx. failed logins but have a couple of questions about these two (and these are the only two I've found):

If I do a typo on login I get a Failed Login Attempt also but these where not from my IP. And as you can see it's with a month in between so I wouldn't guess some attacker.

My questions are:

1. Did the person 'only' get to the first screen, knowing my email and then trying?

2. Will the error be the same if the person guessed my password and hit the 2FA page?

3. Since I'm using 2FA are the risk high at all?

4. Should I change my login email (I guess that can be done faily easy)?

5. How does LastPass command line come into place?

Looking forward to hear from you (and NO, I don't use my password anywhere else) 🙂

Find more posts tagged with

Accepted answers

glenn.dobson

Hi @ASongForYou, welcome to the community.

1. This means they tried to sign in with your email address and what they thought was your password. If your email has been involved in any of the 3rd party data leaks they will try that information on sites like LastPass hoping you reused the password there as well.

2. Yes, I believe so, but I will check what happens if they do not try to enter a 2FA code and just quit.

3. You are not at high risk since you have 2FA enabled and they would need to correctly guess your master password and have access to your 2FA device. Also, there is email verification (unless you have disabled it), that would be triggered by an unrecognized device or IP address accessing your account.

4. There is no need to change your email and they should give up trying after a couple of attempts and failing.

5. LastPass has a command-line application, they are most likely running a script and using it to try a collection of email addresses and passwords that have been sourced from data breaches.

All comments

glenn.dobson

Hi @ASongForYou, welcome to the community.

1. This means they tried to sign in with your email address and what they thought was your password. If your email has been involved in any of the 3rd party data leaks they will try that information on sites like LastPass hoping you reused the password there as well.

2. Yes, I believe so, but I will check what happens if they do not try to enter a 2FA code and just quit.

3. You are not at high risk since you have 2FA enabled and they would need to correctly guess your master password and have access to your 2FA device. Also, there is email verification (unless you have disabled it), that would be triggered by an unrecognized device or IP address accessing your account.

4. There is no need to change your email and they should give up trying after a couple of attempts and failing.

5. LastPass has a command-line application, they are most likely running a script and using it to try a collection of email addresses and passwords that have been sourced from data breaches.

inc0ming

Great to hear and thanks for your thorough answers. I'll check up on the email verification but I do believe it's on. I've experienced - when coming home from vacation and have had my router offline that I must go to my security mail and accept that this login is from a new IP.

Not sure where I check it though. The Trusted Devices list is just full of 'unnamed' entries. But maybe it's because I don't stay logged in - I login every day or every time I use my computer.

Ahh... somewhere in the login process there is a message about 'stay logged in for 30 days' or so. I never check that.

I see here:https://support.logmeininc.com/lastpass/help/manage-trusted-devices-for-multifactor-authentication-lp030010- that this must be where the entires are named.

A little side question: Is email verification possible without 2FA? Have a friend who uses LP and he says that even if he logs in at work he won't be asked to verify that login. But maybe that has to do with having a security email setup?

inc0ming

I've check the 'correct password + wrong 2FA' situation and it doesn't show at all in the log.

But as you said, with the security mail, having to verify if the correct password is used from a new location, this would work as a warning sign of someone knowing the password.