Password manager LastPass was forced to up its security measures following the release of research showing just how easy it is to convince its customers to hand over their password, The Register reports.
LastPass is a piece of software that keeps lots of different passwords in one place. It makes it easier to manage lots of complex passwords.
But security researcher Sean Cassidy published a blog post that showed how it could take criminals “less than a day” to build a spoof version of LastPass that could convince people to hand over their email address and passwords.
In response to Cassidy’s post, LastPass upped the security requirements for people trying to log into the service. Anybody logging into the service now has to visit their email inbox and manually approve every sign-in attempt. That makes it harder for criminals to steal any passwords.
LastPass published a blog post responding to Cassidy’s research. It says that its verification procedure “significantly reduces the threat of this phishing attack.” It said that users with two-factor authentication enabled (where multiple devices are needed to log into a service) would still have to use email verification to avoid any fake versions of the site.