LastPass attacker stole password vault data, showing Web2’s limitations
1 min readPassword management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing.
Notice of Recent Security Incident – The LastPass Blog
However, a recent Ethereum Improvement Proposal (EIP) aims to remedy this situation. Called “EIP-4361,” the proposal attempts to provide a universal standard for web logins that works for both centralized and decentralized applications.
If this standard is agreed upon and implemented by the Web3 industry, its proponents hope that the entire world wide web will eventually get rid of password logins altogether, eliminating the risk of password manager breaches like the one that has happened at LastPass.