The big news recently is about the theft of LassPass user passwords, resulting in the loss of crypto assets.
Let me start by saying that I personally use las pass, but I have never put any confidential files on it, such as gmail, bank account password, currency account password, or wallet mnemonic, because in essence, last pass is a very powerful technology. , it is also a third-party password protection program, and this tool has made it clear that it is in charge of passwords, so it is difficult to prevent hackers from taking some actions against it, right?
Here we teach you some methods to protect assets, which are applicable to various services.
1. Be sure to turn on mobile phone & email two-way authentication
2. Turn on Google Authenticator if possible
3. Write down the password by hand, especially the mnemonic phrase, and then prepare it in a remote location
4. Don’t put your money in unknown places. If it is currency, it is recommended to only put it on Binance, the top exchange.
5. There are actually a lot of phishing letters. Remember to confirm the sender's address. You can usually see the flaws. Look for the system letter that lastpass sent you before, for example, xxx@ooo to see if ooo are the same. They must be exactly the same.
6. Do not open any dangerous files, especially .exe files.
7. Today’s services are all enabled by default, and a letter will be sent to notify you when you log in. This is a good service. If you find that the login address is no longer your location, be especially careful and may need to do some processing.
Hope it helps everyone~
The excerpt from this lassPass is as follows:
On the 13th of this month, LastPass received reports from users that it was attacked by phishing letters, and security vendor Malwarebytes also obtained letter samples for analysis. During this wave of attacks, users received what appeared to be letters from LastPass technical support, stating that a certain user function was blocked and that users needed to enter personal information to complete identity verification before September 26 in order to restart the function. An unknown number of users clicked on the link attached in the letter and entered the phishing website, allowing hackers to obtain personal information.
$BTC#BTC#lastpass
