![]() ![]() SIEM Splunk integrationĬustomers that use the SIEM Splunk integration must reset their instance token. ![]() LastPass encourages users of Duo Security, Symantec VIP, RSA SecurID and SecureAuth to regenerate the shared secret for each MFA instance and enter the shared secret into the respective MFA app configuration in the admin console. This process will require users to login, verify location and go through the reenrollment process for MFA apps. These accounts should only be set up for “break glass” situations that require special access and at least one super admin should maintain non-federated access.īusinesses need to reset MFA secrets for all non-federated users who have enabled MFA access to their vaults and use authenticators from LastPass, Google, Microsoft or Grid. ![]() Identify super admins using a weak password and rotate all critical credentials. Users with privileged access - super admin - should always maintain exceptionally strong master passwords and a high iteration count. LastPass said it will soon require all personal accounts to meet this standard and will notify business administrators before the change occurs. Businesses should set the recommended minimum of 600,000 iterations for all users. Security reporting in the admin console will identify users relying on weak or reused passwords, and organizations should consider forcing those users to reset their master passwords, LastPass said.Ĭritical credentials saved in shared folders accessed by users relying on a low iteration account, the number of rounds performed during the client-side encryption process, must be rotated. And prohibit the use of previously used passwords.“Remember that length wins over complexity,” LastPass said.Īdministrators should set policies that require: The longer the master password the better, particularly when all available character sets are used. Usernames and master passwords, which create a unique encryption key, should be at least 12 characters long, according to LastPass. Here’s the most high-level actions LastPass shared with its business customers in a top-down order to prioritize response (advice for individual customers can be viewed here ): Master Passwords Business administrators need to assess their organization’s risk across multiple components and heed the recommendations LastPass said it shared last week in a security bulletin with about 100,000 business customers. ![]()
0 Comments
Leave a Reply. |