As mentioned in the article, a few mitigations could have been applied to mitigate, though not eliminate. None of these are perfect, nay sayers will pop up lamenting "it wouldnt work" but the point is it would help.
1. Fraud detection on the metadata like IP address, access timing, access patterns etc. eg: Why is a person from UK logging in from China IP?
2. IMO orgs should be importing and refusing known leaked credentials and the top 1000 passwords. This could happen both at password set time ("You cannot use that password as it's a known leaked credential, click here for more info about the breach"), or at login time "You're using a leaked credential, please follow the password reset flow".
> Why is a person from UK logging in from China IP?
And then we get to the other side of this where people get locked out of accounts because they went on vacation and bothered to check their email.
And often times these "person from UK logging in from a China IP" are massively wrong. For the longest time my home IP was showing up as from another country in most GeoIP databases. They're routinely trash.
The only good thing I have to say about lastpass is that they allowed you to allowlist countries you wanted a login from. Like calling your credit card company, I'd login and add a country if I was traveling.
That's an example of what I was talking about though. I set LastPass to only let me sign in from the US and suddenly I was locked out at home because it thought my home IP address was non-US despite definitely being in the US at the time.
Yeah security is always a tradeoff of convenience and control. If I were in your shoes i would have allow listed the IP. either switch to my phone, went to a coffeeshop, or a friends house, or the library, or the gym, or mcDonalds, or Target...
1. Fraud detection on the metadata like IP address, access timing, access patterns etc. eg: Why is a person from UK logging in from China IP?
2. IMO orgs should be importing and refusing known leaked credentials and the top 1000 passwords. This could happen both at password set time ("You cannot use that password as it's a known leaked credential, click here for more info about the breach"), or at login time "You're using a leaked credential, please follow the password reset flow".