You have probably heard about the LastPass breach that occurred in August of 2022. It seemed to be nothing to be concerned about on the surface. However, LastPass just released a notice seen here that is a bit more disturbing.
The bad actors got more data than originally thought. The “Zero Knowledge” architecture LastPass uses relies on your master password to act as the decryption key for the password vault. Not even LastPass knows that password so theoretically your data is still encrypted and safe. This breach illustrates how even high-profile companies like LastPass can still be victims of cybercrime. We all need to be ever vigilant and make sure our safeguards are as strong as possible.
What should you do now?
Although it was not mentioned or recommended in the LastPass news announcement, taking a couple of extra steps to ensure your account is as safe as possible isn't a bad idea. Here are a few things you can do below:
1. Enable multi-factor authentication, or double check it is still on. This is critical for any sensitive website, data or password vault.
2. Change your master password. Using at least 12 characters makes this password much harder to crack. Changing your master password to LastPass initiates an automatic re-encryption of all the vault passwords.
3. Make sure your new master password is one you haven't used anywhere else. The uniqueness of your master password will help to keep the keys to the castle safe from the bad actors.
Should I still use a password manager?
Yes! Password managers are still one of the best ways to store the multitude of passwords you have. They create complex, randomly generated passwords that are very difficult to break and give you a convenient way of accessing them. Good cyber hygiene goes a long way toward keeping your password vault safe. In regard to that, we will be rolling out our own managed password vault service very soon for your business needs. It will include some unique and very useful features to help keep all your websites and passwords as safe as possible.
If you have any questions or wish to learn more about keeping your business safe, please contact us. We are happy to provide a free security analysis and help you with recommendations.