On December 22, LastPass issued a press release stating that backup copies of LastPass customer vaults were accessed and downloaded by a malicious actor.
These password-protected customer vaults are unique to every individual LastPass user, and contain all the usernames, passwords, notes, and sites that LastPass stores.
Considering this disclosure, we are focusing on the best practices that should be put into place if you are using LastPass or any other password manager.
Following the recommendations below, you will ensure that your passwords from the backup copies are no longer valid as well as make it more difficult for others to access your accounts by adding the security feature of multi-factor authentication.
If you are using another password manager, we recommend following the best practices above with your password manager account.
There are dozens of quality password management tools on the market, and NO PRODUCT IS IMMUNE TO SECURITY THREATS.
Even in light of this recent incident, using a password manager is still strongly recommended.
Using the product correctly, with periodic password changes, never reusing passwords, and adding MFA is more important than the specific product used for password management.
We know that most LastPass users were on the free version and today may be a good time to consider purchasing a password manager product.