It has not been a good year to be a LastPass user, with many now reporting issues logging in due to a multi-factor authentication reset.
LastPass announced a round of security upgrades that was scheduled for May 9. Unfortunately, according to BleepingComputer, many users have been completely locked out of their accounts, caught in an infinite loop of authentication.
To make matter worse, since users can’t log in, they’re unable to reach customer support since doing so requires successfully logging in to their accounts.
“The forced re-sync of MFA is now preventing me from logging in because LastPass won’t recognise the new MFA code. I’ve tried DM’ing but message won’t send. What is going on? Clearly this is impacting a lot of users.” one user wrote on Twitter.
Read More: Hackers Stole LastPass Encryption Key
According to LastPass, the MFA resets are part of its efforts to increase security following the data breaches it suffered in 2022.
“Following the 2022 incidents, we sent email and in-product communications to our customer base recommending that they reset their MFA secrets with their preferred Authenticator App as a precautionary measure. This recommendation was also included in the Security Bulletins that we sent to our B2C and B2B customers in early March and a second email communication in early April,” a company spokesperson told BleepingComputer.
“However, a subset of our customers still have not taken this action, so we have been prompting them to take action upon their next log-in to LastPass. We started this in-product prompt back in early June in the hopes that it would get a greater response than our emails.”
Given the ongoing issues LastPass continues to have, users may be better off opting for a competing service.