LastPass Faces Unknown “network anomaly”, Forces Password Reset For All

LastPass logoI’m a huge fan of LastPass – it’s a great software for managing all your passwords. I was slightly surprised and concerned , when trying to login to LastPass account, I was greeted with a “Re-enable your LastPass account” page.

LastPass Activate Page

Upon verifying my email address, LastPass then proceeded with asking me to reset my master password. In a blog post, LastPass explained what happened:


Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn’t find that root cause. […] Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it’s big enough to have transfered people’s email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn’t remotely enough to have pulled many users encrypted data blobs.

To counter that potential threat, we’re going to force everyone to change their master passwords.

While it is disconcerting that the data transferred is big enough to represent the email address & the salted password hashes, the fact that they have disclosed this and are forcing a password reset, rather than requesting people to change the password is solace.

On the bright(!) side of this, LastPass have mentioned that they will be introducing PBKDF2, a technique where a pseudo-random function is applied to the input password along with a salt( a 256-bit one, in LastPass’s case) repeatedly ( 100,000 in LastPass’s case) to produce a cryptographic key, which is then used to encrypt the password – as a deterrent to further reduce chances of brute-force attacks from being able to crack a password.

As of now, LastPass mentions that they don’t have enough data to thoroughly analyze what happened and the chosen attack method. They have, however clarified that the systems in question has been taken offline.

Password Sync Coming to Opera, Soon

Opera With the introduction of Opera Link in 2007, Opera became one of the first browsers to support profile synchronization out of the box. Although Opera Link has received multiple enhancements since then, it still has a pretty big shortcoming. It can’t sync passwords. However, that might be about to change.

Last year Opera had explained that they wanted to support password synchronization; however, given the sensitive nature of the data, they wanted to get it absolutely right before launching it. It appears that the wait might finally be over. Favbrowser was tipped off by a reader that one of the Opera 11.10 snapshots contain a “SyncPasswordManager” setting buried inside opera:config.

Although this setting was removed in the most recent snapshot, I am fairly confident that the appearance of the setting is an indication that Opera is planning to launch this feature soon. In the meanwhile, you can install the excellent LastPass extension for Opera to be able to access your passwords from pretty much any browser and any operating system. The latest version can even import Opera Wand passwords. Roboform fans can also check out the new RoboForm Lite adapter for Opera.

LastPass Acquires Xmarks, Promises to give it a Business Model

XmarksXmarks, the popular cross-browser bookmark synchronization tool, has announced that it has been acquired by LastPass, bringing to end months of speculation about Xmarks’ future.

Towards the end of September, Xmarks had announced that it will be shutting down due to its failure to identify a viable business model. The announcement had triggered an outcry from its users, who blamed the company for not even trying. Taken aback by the outpouring of support from users – as many as 30,000 pledged to pay for a premium version of the service, Xmarks soon changed its stance. The pledge of financial support from users also helped the startup gain the attention of multiple potential buyers.

LastPass is also one of our favorites, and we have lauded the cloud based password and identity management tool on multiple occasions in the past. Like LastPass, the core functionality of Xmarks will remain available for free. However, a premium offering, which will include iPhone and Android apps among other things, will be available for $12 per year. Users looking to take advantage of both of these excellent services can opt for the combined subscription at $20 per year.

For now, LastPass and Xmarks will continue to operate individually. They will have separate websites as well as separate downloads. However, in the future, they might be combined into a single offering.

LastPass Extension for Opera is Finally Here!

LastPass is one extension I have been waiting for ever since Opera published its API. I had earlier mentioned that LastPass has been working with Opera software to release an extension as soon as possible. However, one thing holding them back was the lack of support for HTTPS in Opera’s extensions. Opera Software fixed this in Opera 11 Beta (actually they did it in an earlier snapshot), which was released just yesterday, and now LastPass is already here.

The LastPass Button

LastPass Tools

If you are wondering why I am gushing about LastPass, check out our earlier articles on this nifty little tool. LastPass is a free (freemium to be accurate) cloud based service that can generate strong passwords, remember your passwords, and automatically fill forms and works seamlessly across multiple browsers, operating systems and devices. While Opera’s Wand can remember passwords, none of the other features offered by LastPass are available. Better still, you can even import and export information from other similar third party tools like RoboForm, 1Password, KeePass, Password Safe, MyPasswordSafe, Sxipper, TurboPasswords, and Passpack

Create LastPass Form Profiles

LastPass for Opera works through a button in the address bar, much like its Chrome counterpart. It automatically jumps into action as soon as it detects a form and offers to remember and fill-in information. You can also tick the “Auto-login” option to automatically enter and submit login information.

LastPass Fill Password

LastPass Settings

If you on Opera 11 Beta, you can download LastPass from the official extensions gallery.

Lastpass Extension for Google Chrome

Lastpass is a very popular service that allows you to manage your passwords and form data, allowing you to easily fill inane forms with the click of a button.

Many users have been using Lastpass in the form of a . If you have been waiting for one for , your wait is finally over.


Lastpass has released a that will allow you to manage your passwords and forms from Google Chrome.

You can manage your entire account using this extension. You can add new sites, create notes, fill form among other things.

Please note that this extension is not yet full stable. The extension did crash twice but due to way chrome works it did not crash the entire browser.

Definitely worth trying out if you are a lastpass user and have been using Google Chrome.

You will need to use the development version of Chrome to make use of this extension.

Download Lastpass for Chrome [via]

Fill Form, Share Site Logon, Generate Strong Passwords Free Online

In my previous post, I wrote about LassPass: a free online password backup, storage and synchronization software / service. Apart from this, LastPass offers a wide range of other services like Form Filling, Site sharing and logging and strong password generation, a lot of other features which makes LastPass a must have on your most useful internet resources.

LastPass Instructions

Form Filling

The second major service (after password synchronization) offered by the software is form filling. LastPass can save you from typing in of data and credit card numbers onto online forms provided it is given the correct data. You can set multiple profiles for automatic form filling by LastPass.

Site Sharing and Logging

LastPass saves you from the risk of theft and loss involved in sending logins and password details to friends via email when you want to share site information with them. It allows secure sharing of login details. It monitors the sites being logged into.

Password Generation

LastPass helps you generate strong hack proof passwords that you will not have to remember or type. This comes in handy when your imagination fails to give you a secure password.

Using LastPass to Generate Secure Passwords

Screen Keyboard

Use an on screen keyboard while you are keying in passwords. This on screen keyboard is something similar to

With so many incredible features in one software LastPass is a clear winner.

[ Visit LastPass ]

Synchronize And Store Passwords For Free Online

If you visit a lot of websites regularly, then remembering the login information to all the sites is quite a challenge. I know, the browsers these days are smart enough and with the help of add-ons, you don’t have to remember all the passwords, but what if you are travelling and not carrying your laptop with you ?

This is where LastPass comes in picture. LastPass is a free, online password manager software which has the coveted sync capability. It aims at making online website browsing a safer, faster and easier experience on Windows, Mac and Linux operating systems.

Password Synchronization

Majority of the websites today require registration and login. Remembering loads of usernames and passwords can be quite a chore. So you use your computer’s inbuilt password remembering system. But what if you want to access a website through another computer? Retrieving lost passwords and making new ones can be a waste of time.

LastPass requires you to remember only one strong LastPass password. The software remembers all your other passwords allowing you to log into websites with a single mouse click, seamlessly, without typing in passwords. What is more, LastPass software synchronizes your data across browsers securely allowing you access to websites at anyplace anytime.


You don’t have to worry about your password security as your passwords are encrypted only on your PC using 256-bit AES encryption accepted by the US Government for protecting top secret data; they are made accessible online without you having to memorize them. Only your LastPass password can unlock these passwords and only you have access to them. Your LastPass password will act as the key to content in your database and hence no hackers will be able to hack and get hold of your sensitive data.

LastPass works across multiple browser and computers. Besides browsers, it can also import passwords from Roboform, KeePass, Sxipper, 1Password, MyPasswordSafe, Password Agent, Password Safe, Passpack and TurboPasswords.

LastPass stores your sites’ information and other sensitive data in a database available for view and editing. If a site is not on the database it will ask you to remember the password, quite similar to the functionality most browsers offer today.

Lastpass takes backups of your passwords so that they are never lost. You can also backup data to a USB key and use Firefox portable or Lastpass pocket to access data from it, though this is available if you choose to be a premium customer. You can export LastPass data without an Internet connection if you use the plug-ins.

As Premium users you can enjoy the AD free LastPass, which allows you to access passwords while travelling, because it is compatible with Windows Mobile and Blackberry phone. And soon they will be rolling out support for iPhone as well. Premium feature costs just about $12 / year.

LastPass is key logger safe. Which ensures all your other data is safe and intact !

[ Visit LastPass ]