Lastpass: Just in case you missed the first ten emails
-
.. we'll send you an eleventh...
Naturally, the UI on the computer concerned didn't give any indication that this is what was happening - instead just silently sitting there not doing anything (like going away) after the correct password was entered.
-
@PJH So LastPass emailed you each time an attempt was made to break into your account? Not sure what the WTF is?
-
@ASheridan i think @PJH did something intentionally, but got no visual confirmation in the ui.(... and therefore did it another 10 times)
-
@ASheridan It'd make sense to debounce the emails a bit, though.
-
@ASheridan said in Lastpass: Just in case you missed the first ten emails:
@PJH So LastPass emailed you each time an attempt was made to break into your account?
Regarding the same computer, from the same IP, and giving no indication of that fact on the system concerned. In the same minute (look at the timestamps.)
@ASheridan said in Lastpass: Just in case you missed the first ten emails:
Not sure what the WTF is?
Filling up a mailbox unnecessarily, given the circumstances. Multiple IP's, yes. Different times, yes.
Multiple attempts from a single system, no. And on that system no indication that I should go check my mail.
-
Regarding the same computer, from the same IP
It really wasn't clear from your original post that they were reporting on the same origin IP, so there's no way to tell if this was not a distributed attack.
Sure they could have debounced the emails as @anotherusername mentioned, but that's not a massive WTF really.
-
@ASheridan, OK, for clarity I was setting up a reinstalled laptop, fired up Lastpass, tried logging in, didn't 'work.' No error message, no change of UI, nothing.
So I closed the window, tried again, and again...
Gave up, did something else, and eventually checked my email and saw that..
-
@PJH Ah, it sounds like maybe something was different on the reinstall? I'm not sure how it creates a signature for a system, but seems likely you fell afoul of that then.
-
@PJH Same thing happened to me last week.
In fact, the GUI is such that, at first, I was thinking that I failed to post (with ENTER) so I tried by clicking Login. Same result.Can't they just give you a clue, like "check your email"
-
@TimeBandit said in Lastpass: Just in case you missed the first ten emails:
Can't they just give you a clue, like "check your email"
Maybe they're trying to avoid leaking information to an attacker: "You entered the right password; now go hack into the user's email to gain access."
-
@HardwareGeek said in Lastpass: Just in case you missed the first ten emails:
Maybe they're trying to avoid leaking information to an attacker: "You entered the right password; now go hack into the user's email to gain access."
This computer/location hasn't been previously recognised or you have entered incorrect credentials. If you've entered cromulent details, please check your email for an authentication link to allow this computer access to your account.
-
@PJH I didn't say it was a good way of trying to avoid leaking info.
-
@PJH said in Lastpass: Just in case you missed the first ten emails:
Multiple attempts from a single system, no. And on that system no indication that I should go check my mail.
Maybe they want to create blinking effect on that notification on your mobile phone's lock screen. (Imagine what it will look like when your phone receive 10 emails with same subject at once)
-
Update. Upon clicking the link to confirm a new location, I get this screen back..
Yeah. It wasn't my email - you verified that ages ago...
And I didn't bother obfuscating those IP's - they're
The Cloud
in London.
-
@PJH Didn't the Instagram logo change, to much Internet noise, a while back?
-
@coldandtired I think it was a few weeks ago. Good luck getting everyone to update their assets...
-
@bb36e said in Lastpass: Just in case you missed the first ten emails:
Good luck getting everyone to update their assets...
That's also not the Google logo.
-
@ben_lubar said in Lastpass: Just in case you missed the first ten emails:
That's also not the Google logo.
That's what Google would like you to think, anyway.
-
@flabdablet said in Lastpass: Just in case you missed the first ten emails:
Not the Confederate Flag – 02:20
To be fair, nobody says "the confederate government". Everyone's talking about the confederate army when they say "the confederate flag".
-
@ben_lubar said in Lastpass: Just in case you missed the first ten emails:
@flabdablet said in Lastpass: Just in case you missed the first ten emails:
Not the Confederate Flag – 02:20
To be fair, nobody says "the confederate government". Everyone's talking about the confederate army when they say "the confederate flag".
Techically, for the s, it's not even the flag of the Confederate army, just the one that everyone knows about.... Kinda like misconstruing
with
https://upload.wikimedia.org/wikipedia/commons/thumb/1/1a/US_flag_48_stars.svg/220px-US_flag_48_stars.svg.png(OOC, FFS why does Google Image Search have inverted and flipped versions of the US flag, but not a normal one??? )
(It still represents everything the Confederate army and government stands for though.)