Compromised copies of value data - two factor authentication?

wyolivete

Hi community

Regarding the recent LastPass breach, the threat actor may have a copy of my customer vault data. However, normally when I log into my vault, I have two-factor authentication activated.

Q: does the two-factor authentication also apply to those compromised copies of the vault data, and therefore it would be much more difficult for the threat actor to gain access?

Thanks for your response.

katcherw

No, it won't help. 2FA is used when logging into LastPass so even if somebody has your password, they can't access your vault without the 2FA authentication. The problem with the breach is that now a hacker has a complete copy of the vault. They don't need to log in anywhere to access the vault, they already have it. All they have to do is try different passwords until they find a weak one that they can decrypt, and they can read all the unencrypted metadata without any further hacking. In other words, 2FA will only protect what is online, but won't protect if the data is offline because it was already stolen.

However, if the individual sites that are contained in your vault are protected by 2FA, it will protect them even if the hackers are able to get access to your vault. So it is good to enable 2FA on all your sensitive sites like banks and email.