Regarding the LastPass Data Breach
You should always use a password manager. There is no question that the combination of a password manager with a strong master password and long, random, unique passwords for each online account is one of the best things you can do to protect your data. My favorite password manager is Bitwarden.
A couple of years ago, I used to recommend a different manager called LastPass. For a long time, LastPass was the simplest and most convenient password manager, and I know that many of my clients have used it. However, when LastPass changed its free tier to restrict accounts to a single type of device, I switched to Bitwarden and haven't looked back.
LastPass recently disclosed a cyber attack that resulted in a devastating data breach. If you have a LastPass account, even if you haven't used it recently, your password vault has been stolen by a threat actor. Although your passwords are encrypted, it isn't entirely unrealistic that they could be cracked and accessed by the threat actor.
Actions to Take Immediately
If you haven't already, create a free Bitwarden account. Make sure you use a long, complex, unique master password. Write it down and keep it someplace secure.
Follow these instructions to import your data from LastPass. Once you have verified that your data has been accurately imported, follow these instructions to delete your LastPass account.
Now for the hard bit. Because your vault has been stolen, it is imperative that you change all of your passwords. That's right, for every account that you kept in LastPass, you should change the password to a new, long (at least 12 characters), complex, unique random password in Bitwarden. Every website will have a different procedure for this, and there is no easy way to automate it.
You may be wondering what the point of continuing to use a password manager is in light of this data breach. The important thing is that you are using randomly-generated passwords that are effectively impossible to remember, and the password manager is remembering them for you. Despite this setback, your accounts are still significantly more secure when you use a password manager than if you use easy-to-remember passwords or, heaven forbid, you reuse the same password on multiple websites.
Please feel free to reach out if you have any questions.
Comments are closed.