Phishing attack exposes ALL LastPass data

For years there has been a debate between the convenience of "cloud" based password managers versus the security of "offline" password managers. While the convenience of cloud based solutions has been widely adopted by companies and enterprises, convenience often comes at the expense of security.

Security researchers at VerSprite released a video highlighting the security implications inherent with the "move to the cloud". While this video targets LastPass, a similar methodology could be used to target any cloud service (and cloud based password managers).

You can watch the full video here: https://www.youtube.com/watch?v=2rvPXgG-6QM (be sure to give them a "like" for the great work! )

LogonSafe is the world's first cloud enabled offline password manager. Since your passwords are not stored on our cloud, no similar phishing attack can ever expose your credentials in one fell swoop. 
Our patent-pending syncing solution retrieves your passwords from your "Primary Device" (typically your cell phone) only when your users request them - and manually approve their transfer.

Even a Man-in-the-Middle attack like the one shown in the video can't expose your credentials during transit. All passwords are encrypted with 256 bit AES encryption in transit, and 2048 bit RSA is used between your devices to protect the key.

LastPass is far from the only service that is at risk from a phishing campaign pointing at a reverse proxy.

Think email, CRM solutions, social networking, anything.

Any cloud account, including ones protected by 2FA, can be compromised by a user falling for a similar phishing attack.

Our next blog post will show how our syncing solution perfectly couples with our patent-pending anti-phishing engine to provide a true Next Generation Password Mangement solution. 

For more information in the meantime, feel free to look around our website, and especially grab a 14 day free trial.

Begin your more secure future today!