· 2 min read

How long to guess your LastPass master password?

LastPass has been breached. How long before a hacker breaches your master password?

LastPass has been breached. How long before a hacker breaches your master password?

LastPass has been breached, and many master passwords are in the process of being cracked.

Before reading this article, update your LastPass password immediately, and definitely update the passwords in your vaults, then come back and read the rest of the article. Be aware that if you store 2FA backup codes in your LastPass account, then these may have been compromised alongside passwords, thus creating the potential for the hackers to bypass your 2FA for your linked accounts.

There are a huge number of ways to crack passwords with varying speeds.

  • Very quickly: If your password is one of over 550 Million passwords breached from other sites or a slight variant of them then you’re at the most risk, hackers can break these passwords by cracking them using a dictionary attack. Typically hackers will try the most common passwords first, meaning the more insecure your password, the faster your password will be cracked. Hackers may also prioritize cracking lucrative accounts such as [email protected], which often have much higher privileges, and thus offer “the keys to the kingdom” to the hackers, or prioritising CEOs. A $2,000 GPU can crack the PBKDF2-SHA256 hashing reportedly used by LastPass at a rate of nearly 1 million hashes (guesses) per second. In an offline password cracking attack, account lockout mechanisms will not stop the attacker, and thus they are limited only by the limits of computation. By using a GPU cluster that far exceeds a value of $2,000, hackers will be able to crack passwords much faster than 1 million per second.
  • Slowly: The good news is that if you’ve chosen a unique password you’ve not used before, and used a highly random password or passphrase, especially when comprised of several random words, provided that the hashing was done correctly by LastPass, hackers could take a very, very long time to crack your password, meaning even if you take a long time to find out about the breach and update your password, that you’ll still be secure. By a long time, we mean billions of years to crack even for a cluster of super computers. To see how to create a password stronger than the hackers, be sure to follow us on Linkedin to see the articles we have planned.
    Share:
    Back to Blog

    Related Posts

    View All Posts »
    Anti Spam Laws Around the World

    Anti Spam Laws Around the World

    Spam, unsolicited electronic communication, has become a global issue that affects individuals, businesses, and governments alike. Various countries have developed anti-spam laws to protect consumers from unwanted emails, messages, and other forms of digital marketing. These laws vary by region, but they generally focus on requiring consent from recipients, providing clear opt-out mechanisms, and penalizing violators with hefty fines. Below is an overview of key anti-spam regulations from the United States, Canada, New Zealand, Australia, Ireland, and the United Kingdom.

    What is Risk Reduction in Cyber Security - 50 Ways to Reduce Risk

    What is Risk Reduction in Cyber Security - 50 Ways to Reduce Risk

    Explore the essentials of risk reduction in cyber security and learn how to proactively protect your organization. Uncover strategies for minimizing vulnerabilities, strengthening defenses, and implementing best practices to lower potential cyber threats and ensure robust digital security.

    What is Risk Transfer in Cyber Security - 40 Ways to Transfer Risk

    What is Risk Transfer in Cyber Security - 40 Ways to Transfer Risk

    Discover how risk transfer in cyber security can safeguard your organization. Learn about strategies to mitigate potential cyber threats by shifting liability, utilizing insurance, and partnering with third-party experts. Explore effective ways to protect your digital assets.