Does the LastPass Hack Affect Me?
Do you use LastPass password manager? Are you certain your Master Password is super strong and unique? The latest update from LastPass means you need to check.
LastPass is a password manager that assists users with creating difficult passwords and then keeping them in a “vault”, so users don’t have to remember each and every unique password they’ve ever created.
This helps users stop using “unique” passwords like Password123, passWord234, and P@ssw0rd345 on their various accounts, and provides the user with a much more secure online experience.
This past August, LastPass notified customers of “unusual activity” that they had detected within their “development environment.” In that update, they stated that their investigation had shown no evidence of any unauthorized access to encrypted vault data (users stored passwords) or user’s personal data.
Updates about their investigation were provided in September, November, and December, and then again, this week.
In light of the latest update by LastPass, we have been receiving lots of questions, so we wanted to provide an update ourselves on the steps you should take.
Do you need to act? Ask these questions to decide:
-
- Is your LastPass Master Password strong and unique?
- Is your master password “hash Iteration value” set to at least 600,000?
- Are the passwords in your vault all strong and unique?
- Are you using multifactor authentication (a.k.a. MFA or 2FA) on LastPass and other important accounts?
Did you answer No or Unsure to any of these questions? If so, there are steps you need to take.
Steps to take:
-
- Check your hash iteration value. The default “hash iteration value” is 600,000, so unless you changed it, or have been using LastPass for a significant amount of time, you should be fine.
- However, to check it, you can use this link: How Do I Change My Password Iterations for LastPass
- Check your Master Password. Because of the way LastPass functions, the MOST IMPORTANT portion is your master password.
- If your Master Password is not unique or strong or at least 12 characters, you are at risk regardless, and we need to take steps to secure your environment.
- Check that all critical accounts have unique, strong passwords with 2FA in place.
- If that’s not accurate, then we need to take steps on that, as well.
- Check your hash iteration value. The default “hash iteration value” is 600,000, so unless you changed it, or have been using LastPass for a significant amount of time, you should be fine.
These breaches typically make a company far stronger.
Why? Because it forces us to stop and take a look at things we typically don’t take time to think about.
It also forces us to bring systems up to date, thus helping to make the company stronger.
LastPass is the largest solution on the market, so they have the largest target on their backs. Now, they’re on high alert, so I still feel confident in utilizing the solution.
If, however, you want to explore an alternative, we can. It’s important, though, to recognize that they could be next.
Still have questions or concerns? Reach out to PCA Technology Solutions to ask how we can help to improve your company’s security.