Security News > 2023 > June > LastPass users furious after being locked out due to MFA resets

LastPass users furious after being locked out due to MFA resets
2023-06-24 14:15

LastPass password manager users have been experiencing significant login issues starting early May after being prompted to reset their authenticator apps.

Since then, numerous users have been locked out of their accounts and unable to access their LastPass vault, even after successfully resetting their MFA applications.

Affected customers cannot seek assistance from support since reaching out to LastPass support requires logging into their accounts which they can't do because they're locked in an infinite loop of being prompted to reset their MFA authenticator.

"The forced re-sync of MFA is now preventing me from logging in because LastPass won't recognise the new MFA code," one user said.

"To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function," explains a LastPass support bulletin sent to impacted users.

"You must log in to the LastPass website in your browser and re-enroll your MFA application before you can access LastPass on your mobile device again. You cannot re-enroll using the LastPass browser extension or the LastPass Password Manager app," the company explains.


News URL

https://www.bleepingcomputer.com/news/security/lastpass-users-furious-after-being-locked-out-due-to-mfa-resets/