Jan 8, 2013

New Year, Better Security with LastPass: 3 Steps to Take Today

With 2013 here and already moving forward, it's a great time to review where your online security stands with LastPass!

To get you started, here are three tasks you can accomplish in less than 15 minutes:

1. Run the LastPass Security Challenge


This one may be old news if you've been a long-time LastPass user, but for those who are new to the service or haven't heard of it, the LastPass Security Challenge provides you with an evaluation of your stored passwords. Located in the Tools menu in your LastPass icon, you can run the security check at any time to see your weak and duplicate passwords.

With our newest feature, LastPass Sentry, you can also perform a check of all of your stored data to see if you have any accounts that may have been affected by a breach of another site or service. If so, now's a good time to update those passwords, and update the passwords for any sites that were using the same password.

2. Update the password for your email account(s)


The last few years have seen increasing numbers of database breaches, with unprecedented amounts of consumer data being leaked online, including email username and password combinations.

For most people, their email account is a window to their personal, financial, and even work life, so it's critical to (1) use a unique password and (2) to use a unique, strong password, which means it can't be guessed and isn't dictionary-based. A password generator like the one built into LastPass allows you to create strong passwords for each of your online accounts.

To update your email account password, login to the account itself, navigate to your account settings page, and find the "change password" option. Once on that page, LastPass should prompt you to fill the current password for your email account, and offer the "Generate" button for you to generate a new, secure password. Be sure to confirm the changes on the site, and to LastPass when prompted.

3. Check out multifactor authentication options


Multifactor authentication refers to a second piece of data that must be submitted after submitting your email and master password, before allowing access to your account. This means that even if someone compromises your master password, they can't gain login to your account without the second form of authentication.

LastPass offers several options for multifactor authentication. Some are part of the basic free version of LastPass, while others are offered as a Premium feature, including Google Authenticator, YubiKey, Sesame, Grid, and a small selection of fingerprint readers.

Stay proactive throughout the year!


Although following the above steps is a great start, and using LastPass will help you mitigate potential risks, remember to follow standard security practices like running up-to-date antivirus software and always backing up your data.

What are your security goals for the year? What tips would you like to see from us?

12 comments:

  1. I would like it to flag the accounts with duplicate or weak passwords, and the next time I go to that website, to prompt me to change the poor passwords. I have about 150 sites I should update, I'm not going to spend several hours doing that, though I should. But I would do that each time I visited a site and was prompted that I needed to make a better password.

    ReplyDelete
    Replies
    1. Great suggestion, we'll look at adding this improvement!

      Delete
    2. I agree with this excellent suggestion !
      +1 for sure

      Delete
    3. I agree with this excellent suggestion !
      +1 for sure

      Delete
    4. I would still like to increase the font for my vault.

      Delete
    5. I agree with this excellent suggestion !
      +1 for sure

      Delete
  2. I'd like to see you post some advice about emails and user names. Since many accounts, including banks and Google, use emails as a way to recover passwords, I want to find strategies for using my email addresses more strategically.

    ReplyDelete
  3. Web sites like Puget Sound Energy and Chase bank have a pop up screen to log in now and LastPass no longer works on the sites. Is it me or LastPass?

    Thanks, Michael

    Please Help: Michael1@fidalgo.net

    ReplyDelete
    Replies
    1. Hi Michael: You may need to "force-save" these logins, financial sites can be particularly tricky. Please try the steps in our video tutorial: https://www.youtube.com/watch?feature=player_embedded&v=LmYQM0bhNg4

      For further help, please reach out to the team: https://lastpass.com/supportticket.php

      Delete
  4. I have already enabled the Google Authenticator for LastPass.

    Is it possible, to link both Yubikey & Google Authenticator to the same LastPass account????

    I have tried this, but Yubikey is not registering the information in LastPass account.

    Any information on this????

    ReplyDelete
    Replies
    1. Only one multifactor authentication method can be enabled for an account at a time. Please disable Google Authenticator if you wish to use YubiKey with your account.

      Delete