The only problem with password managers is that once a person has access to your master list, you’re in big trouble. This is why password managers usually have an added layer of security to prevent users from accessing the master list unless they have a master password, or in the case of LastPass where they created an app requiring users to scan their fingerprint or enter a PIN (this acts as two-factor authentication).However last week it seems that a developer revealed that he was able to bypass the security on the Android version of LastPass Authenticator, which thankfully the company has since managed to fix. According to LastPass, “When a researcher discovered a workaround for the extra the PIN/fingerprint prompt, our engineering team fixed the issue that allowed the workaround and the update is available now. Now when the fingerprint/PIN feature is enabled, users must provide their fingerprint or PIN code in order to view the one-time code.”
The company also adds, “Using the reported workaround to access someone’s temporary codes would have been difficult since it requires access to the device, and the one-time codes are useless without the username and password for the services they are used. At no time did the identified workaround allow access to the TOTP secrets used to generate the one-time codes.”
Like we said, the update is now available that should address the issue so if you are running Android, then head on over to the Google Play Store and download the latest version of the Authenticator app.
Filed in . Read more about Android, Apps, LastPass and Security.