No more need for password reset: LastPass
LastPass has withdrawn its command for all its users to reset their master passwords due to a possible database breach.
The online password management system has posted in its blog this morning that it will no longer allow its online patrons to do any changes until all their databases are completely caught up.
LastPass CEO Joe Siegrist said through an e-mail to Computerworld, that the company’s in its plans is due to the request of its users not to reset their passwords anymore.
"They're asking because they know how strong their master password is -- that it's not vulnerable and therefore they know they're safe even if it was exposed," Siegrist said.
Conversely, comments posted on a LastPass blog suggest that the company's decision may also be related to difficulties that some users encounter in resetting their master passwords. Most of them said that changing the LastPass master password canceled out all their stored passwords, and thus they were locked out of accounts.
LastPass acknowledged this issue which affected only five percent of its users who were attempting to reset their master passwords and has promised to fix these troubled accounts.
As many users complain about the delayed information about the online breach, Siegrist today said that the company's first priority is "stabilizing the system in a safe way first."
Siergist reiterated that the company has previously maintained strong master passwords used to access the LastPass service. These should protect respective online users from the loss of any personal information.
At the outset, LastPass resolved to ask their users to reset master passwords as a precaution.
LastPass now allows users to bypass the reset procedure by emphasizing that their master passwords are strong. "We apologize for not having that available when we announced the password reset plan," the company remarked.