Password Security Challenge - Last Pass & 1Password

Recently in the news, you may have heard about the #LastPassHack. According to this thread on Hacker News multiple people received notifications appearing to originate from LastPass in Dec 2021 saying that their master password was successfully used to access their vault (but was flagged as it was from another country  Brazil it would seem). 

At least 1 twitter user seems to have lost his life savings as they had their master password compromised and money emptied out of their accounts

This of course calls into question the great password management system provided by LastPass. One I myself used successfully have used for many years.

Of course with any online storage of secured passwords, there is always the risk of the password getting stolen. There is a trade-off between the convenience of generating and storing complicated secure passwords, and trying to remember them all in your head.  And it certainly beats the alternative of using the build in browser method of saving your passwords or using the same password for multiple services.

So should I/we switch all of my passwords to another service like 1password?

To help solve this problem, I am issuing a challenge and a bounty to to all hackers out there.  I have setup 2 accounts both with LastPass and 1password.  The usernames are shown in the image below:

All you have to do is successfully discover the master password for one (or both of these accounts). Both are protected with different complex master passwords, but each password chosen is the same length and contains the same number of upper/lowercase, numbers and special characters.

Inside each is a) A second password (also randomly created) and b) the recovery phrase for 2 crypto wallets (1password is a bitcoin (BTC) wallet - and LastPass is an Ethereum ETH wallet).  Each of these represent the 'bounty'. 

The person who successfully accesses the wallet wins the bounty. 

For the 1password you can view the wallet on the blockchain here -> 1password_bounty (Initial Balance 0.00107999 BTC)

For LastPass you can view the wallet on the blockchain here -> lastpass_bounty (Initial Balance: 0.01702 ETH)

Anyone may watch these public addresses for deposits & withdrawals.

Understandingly, the initial wallet balances may not be high enough for would-be hackers to even try to access the accounts, though as the price of the crypto increases, so too may hacking interest. That being said  so if you would like to help out this cause - you can deposit into the bounty yourself using the QR Codes below.

Please Note: You will never receive your deposit into either addresses back - so don't bother asking.

Disclaimer: Both 1password and LastPass take hacking and attacks at their site very seriously.  Do not confuse this challenge as any kind of  an open invitation to try and actively hack other systems or authorization to attempt to attack these or any other online service.  -  It is simply the offer that if you already know how to get the master password for each of these services already here is an anonymous way to prove once and for all that one or both of  these systems as insecure to the general public. 

To prove you successfully accessed the master passwords of either of the accounts above simply withdraw any amount from either, so that users an know that the system is insecure.

Do not attempt to email the email addresses shown above, as they are unmonitored.

Neither of these accounts use multi-factor authentication. If you are using any online service and MFA is available, I recommend adding it to your account. More information can be found in in the article  - What is Multi Factor Authentication ?

To learn more about cryptocurrency, check out "Ask A Geek - Which Crypto should I buy?

If you liked this post please consider sharing via your favorite social networks!!

and ..if you like my blogging, video, audio, and programming - please consider becoming a patron and get exclusive access @


Popular posts from this blog

Programming Rant - Stop the Insanity!! - .NET 7 is not the successor to .NET 4.8

Everything in Moderation...

Despite of how it looks - I'm not part of a coup d'etat

Way back then...Apple ][

Diabetes is not caused by eating too much sugar !!!

So I started a Podcast ! - The G33k Dream Team .

The Most Dangerous Software on the Internet!

Windows Gadgets (Geek Wisdom Clock)

You should be able to do that...