You are not connected. The newsletter may include some user information, so they may not be displayed correctly.

It's "Change Your Password Day" LastPass & Password Hygene

It's "Change Your Password Day" LastPass & Password Hygene

Wednesday, 6 March 2024‍

 

It's "Change Your Password Day - February 1st"

 

Password Hygiene:  How Passwords Effect our Digital Lives

by Robert Leist

 Given that LastPass has been in the news for a data breach, our clients' have been asking questions about the security of the service.  In order to address the concerns we've received, Robert, our IT and Cyber Security Specialist has written this information for you to consider.

 

It was only a matter of time as with all security breaches it’s not a question of if, but when.


LastPass got hacked so now it’s time for a reality check.

What does this mean to me?

Hopefully for most of us, not much. 


Even if you did not use LastPass, this is a good time to reflect on your password hygiene and consider using better passwords. Also, consider using a password manager of your choice.

I am going to do my best to not put you in a tech coma and get to the point. 


When evaluating your personal risk regarding passwords it comes down to 2 things.
 

1. Did you ever use the password (or a derivative of it) anywhere else? 

2. How unique, long and complicated is your password?


We tend to use words that are in our daily lives or past experiences (vacations, favorite places, pets) as a password base. Add on a few numbers and an exclamation point and voila! It’s a password.

 

The worst passwords are the ones that you create your own, vs. one that can be generated by a password manager. Such as Hawaii50! vs. Y&Zn4YPc2

Change a few things on this password for each site - such as a different number or letter at the end, but it’s really the same password.

I bet you thought, oh crap, that’s me.


If I am describing YOU, it’s time to change your passwords - NOW and yes, use a password manager.

Use a master password for your password manager that does not include personal elements.

 

Your master password can be made from a phrase you can recite such as:


My password starts with something I can remember in 2023! = MpswsIcri2023!


You can use the chart below to gauge the risk of an attacker breaking in using a password via a brute force attack.


But what if my password manager is hacked like LastPass?

A hacker is not going to try and break into the stolen encrypted vault items themselves as that will take billions of years assuming it is encrypted using 256-bits, but they might try and set up a system to guess the master password to unlock the vault items. This is where it is important to have a strong unique password.

If you used LastPass and think your master password was weak or reused, it’s time to change all the passwords in your vault and set up a stronger master password.  

At the end of the day, most of the risk also comes down to how much risk there is to your finances and the threat to your digital identity.

At a minimum - My recommendation is to change all financial site passwords, cell phone carriers along with any email account passwords as this is your digital identity.

If you are a LastPass user, I also recommend changing your master password in the unlikely event that the hackers correctly cracked the password; it will prevent future access to your vault. 

 

Enabling 2 factor authentication on sites is always a good idea. Most sites require it now if the login comes from an un-trusted source. This will add another layer of security for each account. You can also set it up on LastPass as well using the LastPass Authenticator.  

 

Considering hackers have the names, email addresses and URL info of LastPass customers, it is 100% likely that fake emails and text messages are going to be sent out that will contain enough customer information to fool people into clicking a link in the fake text or email - providing the bad guys with access to something.

Be wary of text messages and e-mails that have an urgency to perform an action on your part by clicking a link or calling a number.

 

NEVER follow links in email or texts to any website where you must log in. Site login pages are often spoofed. 

 

Is LastPass still safe to use?

YES!

 

When I evaluated it, I did so using the assumption it could be hacked.

The security used to protect the vault items is still strong.

 

It's up to you to do your part by doing the following:

1.  Use a STRONG password

2.  Use UNIQUE passwords for each site - NEVER reuse passwords

3.  Use a UNIQUE MASTER PASSWORD as described above

What is protecting your digital identity worth to you?

 

If you are concerned or just need help setting up LastPass or any other password manager, give our office a call - Robert can work with you to determine what will work best for your needs.

 

Office:  425-670-2551

 

‍Want to Learn More about LastPass?

 

Watch this webinar from Robert and Laura Leist that talks about the security of the system AND all of the types of data you can store in LastPass - it's not just password information - and if you are not doing this; you should be.  Your family will thank you.


Eliminate Chaos Facebook
Eliminate Chaos Instagram
Eliminate Chaos Twitter
Eliminate Chaos Youtube

Contact Us


Sent to: To stop receiving our newsletter - unsubscribe

This email contains pictures, if you don’t see them, view it online  

Prepared for: | Newsletter 80 | March 2024

‍© 2024 Eliminate Chaos LLC. 
You may reprint this article in its entirety with the following credit:
© 2024 Eliminate Chaos - Reprinted with permission from Laura Leist of Eliminate Chaos.