In August 2022, LastPass, a popular password manager service, announced that it had suffered a security breach that could potentially expose users’ email addresses, password reminders, and other sensitive information. While the company has stated that no master passwords or encrypted user vaults were compromised, the incident has understandably left many LastPass users concerned about the safety and security of their accounts.
UPDATE: The news has become more concerning as time has gone on. Recent reports state that a senior developer working from home was the entry point (via unpatched media server) to the exposure of Last Pass vaults including back ups of past vaults. The back ups breach might be the most concerning as it has not been shared how far back back ups have been exposed. So the issue becomes that old vaults with old master passwords (possibly weaker) could be broken where the vault contents could be ultimately exposed. So ultimately changing your master password does not guarantee your vault is safe.
If you are a LastPass user who has been affected by the breach, it is important to take action to protect your account and any other accounts that may be linked to it. In this article, we will discuss what to do if you are a LastPass user involved in this incident, including steps you can take to secure your account and mitigate the risk of further damage.
Change Your Master Password
The first and most important step you should take if you are a LastPass user affected by the breach is to change your master password. Your master password is the key that unlocks your encrypted vault of passwords and other sensitive information, so you must choose a strong, unique password that cannot be easily guessed or cracked.
When choosing a new master password, it is important to follow best practices for password security. Your new password should include a combination of:
- Uppercase letters
- Lowercase letters
Avoid common phrases in your new password and do not use the same password for multiple accounts, as this can increase the risk of a security breach affecting multiple accounts at once.
Enable Multi-Factor Authentication
Another important step you can take to secure your LastPass account is to enable multi-factor authentication (MFA). MFA is a security feature that requires users to provide an additional layer of authentication beyond just their username and password, such as a fingerprint scan or a code sent to a mobile device. This helps to ensure that only authorized users can access your account, even if your password is compromised.
LastPass offers several different MFA options, including:
- Biometric authentication (touch ID or face ID)
- Authentication apps (Authy, Google Authenticator)
Enabling MFA can be done through the LastPass settings menu, and the process is straightforward to follow.
Audit Your Passwords and Remove Inactive Accounts
In addition to changing your master password and enabling MFA, it’s also a good idea to audit your passwords and remove any inactive accounts from your LastPass vault. This can help to ensure that your passwords are strong and up-to-date and that you are not leaving any old or unused accounts vulnerable to security breaches.
To audit your passwords, you can use the LastPass security challenge feature, which analyzes your passwords and provides recommendations for improving their strength and security. You can also use the LastPass auto-change feature to automatically update weak or compromised passwords across multiple sites.
Stay Informed and Be Vigilant
Lastly, it’s important to stay informed and vigilant when it comes to the safety and security of your LastPass account. LastPass has stated that it is taking steps to investigate the breach and improve its security measures, but it’s also essential for users to remain up to date on any new developments or security risks that may arise.
One way to stay informed is to sign up for LastPass security notifications, which will alert you to any potential security risks or breaches affecting your account. You can also follow LastPass on social media or check their website for updates on the breach and any related security issues.
In addition to staying informed, it is also important to be proactive when it comes to the security of your account. This includes using caution when clicking on links or downloading attachments from unknown or suspicious sources, regularly checking your LastPass activity log for any suspicious activity, and reporting any suspicious activity to LastPass customer support immediately.
Consider the security of any other accounts or services that may be linked to your LastPass account, such as email accounts, online banking accounts, or social media accounts. Make sure that these accounts also have strong, unique passwords and enable MFA wherever possible to reduce the risk of a security breach.
What to Do If You Are Unable to Access Your Account
If you are unable to access your LastPass account due to the security breach, there are a few steps you can take to regain access and protect your account:
Reset your master password
If you have forgotten your master password or are unable to log in to your account, you can reset your master password using the LastPass account recovery feature. This will require you to verify your email address and answer some security questions to confirm your identity.
Contact LastPass customer support
If you are still unable to access your account after resetting your master password, you should contact LastPass customer support for assistance. They may be able to help you regain access to your account or provide further guidance on how to protect your account and any linked accounts.
Consider migrating to a new password manager
If you are concerned about the security of your LastPass account or are no longer comfortable using the service, you may want to consider migrating to a new password manager. There are several other password manager services available that offer similar features, such as:
Secure Your Data Today
The LastPass security breach was a concerning incident for users of the password manager service, but there are steps you can take to protect your account and mitigate the risk of further damage. By changing your master password, enabling multi-factor authentication, auditing your passwords, staying informed and vigilant, and taking action if you are unable to access your account, you can ensure the safety and security of your LastPass account and any linked accounts or services.
C Solutions IT specializes in IT security solutions that can help you keep your information secure. If you’re concerned about your data, don’t hesitate to contact us today for assistance.