Protecting Passwords in the Aftermath of the LastPass Security Incident
- LastPass experienced two major security incidents in 2022, raising concerns over its security protocols.
- Industry experts believe this incident was a continuous attack that was never correctly contained.
- LastPass has taken measures to prevent future attacks and improve its security protocols, but many users remain skeptical about the password manager’s safety and reliability.
- To ensure their data is secure, LastPass users should consider changing their master passwords, enabling two-factor authentication, and updating passwords for each account.
LastPass had a brutal end to 2022, with two significant data breaches that raised several questions about its security protocols. While LastPass continuously insists users are safe after those data breaches, many industry experts and LastPass users remain unconvinced. Things started to unravel in August when bad actors could access servers and steal technical data. Unfortunately, that led to another incident in November when the bad actors used previously acquired information to exfiltrate user data.
LastPass has led users to believe these incidents were separate, but many industry experts believe this was one continuous attack that was never correctly contained. LastPass did confirm that the bad actors breached their password vault, exposing sensitive information like passwords and secure notes. LastPass claims its “zero knowledge” architecture will keep users safe because password vaults are encrypted with a master key, but the situation remains complex for those affected by this incident.
Although LastPass has stated they have taken measures to prevent future attacks and improve its security protocols, many users remain skeptical about the password manager’s safety and reliability. LastPass does not encrypt entire files, which means URLs and IP addresses are left exposed even if passwords are encrypted. This presents a whole new avenue of attack through phishing campaigns. Today, hackers are more determined than ever to gain access to systems and steal as much data as possible. Attackers could easily use the information they obtained from the breach to target users with more tailored cyberattacks, such as phishing.
What Should LastPass Users Do Now?
Whenever sensitive details like passwords are exposed, there is always a chance of them being exploited. This is why LastPass users should take extra security precautions as soon as possible. LastPass users should consider taking the following steps to ensure their data is secure:
Change Your Master Password
The importance of securing your LastPass account cannot be overstated. A strong and unique master password is the first defense against unauthorized access to sensitive information. We recommend choosing a master password different from any other password you use. When creating a master password, create one that is long and complex. A strong master password should include uppercase and lowercase letters, numbers, and symbols.
Regularly changing your master password can help protect your account from any threats that may take place in the future. This can include new hacking techniques, more vulnerabilities in the LastPass system, or even a completely separate data breach on another website where you use the same password or one very similar.
Change All Your Passwords for Accounts Stored in the Vault
Suppose you have online passwords stored in LastPass. In that case, you should certainly change those because a data breach can potentially compromise the security of your passwords, making them vulnerable to hacking or other forms of unauthorized access.
Creating a priority list of which accounts to change the passwords for first can be helpful. Start with the most critical accounts, such as email and financial accounts, and then move on to less critical accounts. This will ensure that the most sensitive information is protected first. LastPass keeps track of when your password was last changed, which will help you track what accounts have not yet had a password change.
One of the most critical accounts to change the password for is your email account. Many of your accounts likely use email to reset your passwords. If a bad actor gains access to your email account, they can potentially reset the passwords for other accounts and gain access to them. Your financial accounts contain sensitive personal and financial information, and you must protect them from unauthorized access. While the password-changing process can be time-consuming, depending on how many accounts you have stored in the vault, it is a must if you move forward with the password manager.
Enable Two-Factor Authentication
Enabling two-factor authentication can be an effective way to protect your accounts from unauthorized access further. This type of authentication requires an additional step to verify your identity. This can be in the form of a verification code sent to your phone or an authentication app. This extra step is essential because it gives your accounts an extra layer of protection that a bad actor would need to bypass before gaining access.
With Two-Factor Authentication enabled, a bad actor would need your username, password, and the verification code sent to your phone to gain access. It’s easy to set up Two-Factor Authentication with LastPass. You must go into your account settings, select the Two-Factor Authentication option, and follow the instructions. A minute or less of your time can save you from hours of headaches. With the possibility of another breach, enabling this feature to protect your accounts is highly recommended.
Consider Switching to a Different Password Manager
Another way to protect your sensitive information is to switch to a different password manager. Even though LastPass has alerted users about the breach and taken steps to address the issue, it may be best for some users to switch to a different password manager. There are several password managers available. Each one has its own unique features and offers different levels of protection for your accounts.
Do some research and find the one that best suits your needs. Make sure to verify its security measures before transitioning your passwords over. When switching to a new password manager, it is important to ensure that you take the necessary steps to secure your accounts. Ensure you follow the best practices for creating secure passwords and enable two-factor authentication when available.
The LastPass breach should remind all users that security measures must be taken to ensure that every account remains secure. LastPass users with less secure password vaults are more vulnerable in the aftermath of these breaches. Hackers have plenty of time to crack passwords, and nothing stops them from doing so. If you had passwords saved in a LastPass vault, you should consider them compromised and act cautiously. You should strongly consider whether or not you want to store your new passwords in LastPass. Ultimately, this decision is up to you. Whatever choice you make, make sure to do what’s best for the security of your accounts.