Not only was LastPass using a password hash in its two-factor authentication scheme, but 2FA could be disabled by an attacker, a security researcher has found.

Leave a Reply