FIDO2
- Thread starter Harry Bloomfield
- Start date
Sponsored Links
The data is stored on Lastpasses server encrypted, but the data is useless without the key to decrypt it. Only the owner of the data has the key. The data is pulled from the server, and decrypted by your own system, using the key you provide.
So hacking the data, from the server, simply isn't enough - the key is needed as well.
- Joined
- 7 Sep 2022
- Messages
- 3,223
- Reaction score
- 853
- Country
It seems increasingly unlikely as security software improves. The security is quite clever and contains multiple tricks beyond "does the camera see something that looks like user X" - for example a camera can see the change in skin colour caused by the flush of blood from the pressure surge when your heart beats, and FR security checks for it to make sure it's "looking" at a living thing
- Joined
- 25 Apr 2023
- Messages
- 551
- Reaction score
- 120
- Country
I'm only saying what the "expert" said, I haven't tried it myself.
Sponsored Links
If LastPass or whatever other company can be hacked, so can the rest of their infrastructure including the app.
Hacker types modify the app, shove those modifications to production, everyone with it gets auto-updated without knowing or caring what or why because that's how app updates work.
Then after a month or four the true purpose of the hack is revealed - that app update contained a minor adjustment where the key is sent to the remote servers.
Now the hackers have both the encrypted data and the keys for pretty much every user, and therefore every password for every account and device those users have.
By the time such an attack is discovered it's already far too late, the damage has been done. Game over.
