- Jan 14, 2023
Like many here, I'm a LastPass user facing many many many many password changes in my future. In trying to decode just how screwed LP users are with this latest breach, I've wondered about MFA's role in protecting our offline password vaults. Does it have one? I've heard from a colleague and read on this forum assertions that MFA will protect stolen password vaults. Yet, in several podcasts covering the most recent LP breach, I haven't heard MFA listed as a mitigation of attacks on user password vaults. It occurred to me that maybe MFA only protects us in an online attack scenario. Support for that theory is that (at least for LastPass) when offline access is allowed, and airplane mode is activated, there is no MFA challenge. I don't know if this is the case with other password managers, but I suspect that MFA can't help with offline attacks regardless of vendor. Does anyone here know for sure?