If You Do One Thing Today To Improve Your Online Security, Do This

The week is winding down and we’re sure you’re getting excited for the weekend, so here’s just one, simple step you can take today to increase your online security:

Update the password for your email address, and make it a secure one.

It may be old advice for some of you, but if you’ve been putting off the process of strengthening your passwords, don’t delay any longer in making your email account’s password as strong as it can be. Do. It. Now.

Why? It’s a known tactic that hackers target sites with weaker security, to then harvest email addresses and passwords that they can test against other, more popular (and important) sites. With rampant password reuse, it gives easy access to critical accounts where you’ve used the same login details. There have been an unending stream of database breaches in the last several months, and the login information for tens of millions of people have been posted on the web.

For most people, their email account is a window to their personal, financial, and even work life, so it’s critical to (1) use a unique password and (2) to use as long, strong of a password as you can manage, which means it can’t be guessed and isn’t dictionary-based.

LastPass can obviously help there, by generating a long, secure password for you, then remember it so you don’t have to – it’s as easy as a few clicks. Now you really don’t have an excuse!

There are many more elements that go into being proactive about protecting your data, but it’s a good starting step. If you’re looking for even more ways to increase your online security, check out our round-up of security tips & tricks from the past week:

11 Ways to Make Your LastPass Account Even More Secure via How-To Geek
10 Online Security Tips for Gen Y via Mashable
Turn on Two-Factor Authentication via Lifehacker

And now you can relax just a little bit more this weekend!

The LastPass Team

Graphic courtesy of Lifehacker.com


  • Erik Bates says:

    I really wish that financial institutions would step it up a bit more. I once had a retirement account that required a 4-digit numeric PIN to access.

    Really made me feel safe.

  • Sophia Burns says:

    I remember only two passwords: LastPass and Google. Obviously they are not the same… and super strong.
    The rest of my sites, accounts, etc are all fully randomized. THANKS LP for making me life so much easier – and safer!

  • Jeb says:

    @Erik : One and only good solution for you –> http://xkcd.com/936/
    Combine 4 or 5 words wich do not make any “sense” together, but do for you.

  • Bjoern Wein says:

    Well, one of the problems with lastpass is that even with double authentication through a physical device, the email password is the weak link.

    If I have double authentication enabled, I can always disable it through the lastpass login window, e.g. if I have lost the physical authentication device. But in the end that leads to one-stop authentication only – if my email password is compromised, all my passwords with lastpass are compromised, right?

    • Amber says:

      The security email address does help in that situation – it can be enabled in the LastPass settings dialog and ensures that multifactor authentication emails (and other notifications for critical account changes) are directed to a secondary, more obscure email account.

    • Anonymous says:

      if my email password is compromised, all my passwords with lastpass are compromised, right? – No, not at all.

  • Tom O'Neal says:

    I would also suggest using something like Google Authenticator. I have it on my gmail and LastPass account and now my Google Account generates a random password for each device or service that wants to use it. I can see a list of them, when each was last used and revoke access whenever. I highly recommend it.

  • Erik Bates says:

    I want to make my password a complex, nonsensical, random, crazy super secure password. Really, I do. Every other password I have is unique, long, and complex. But there’s a catch with my email:

    When you’re trying to log-in to a Chromebook using your GMail password, LastPass can’t help you there.

    Granted, my GMail password is sufficiently long, uses upper- and lower-case letters, numbers, and symbols, and is unique.

    Any suggestions, oh password gurus?

    • Amber says:

      Jeb below has a good point – use a “passphrase” that you can still add to LastPass (via LastPass.com or the browser addon, or the mobile apps, etc) but that’s easier for you to type out without LastPass’ help with autofilling. Something memorable but not guessable, and super long. LastPass also has a “pronounceable” option in the password generator, which would make remembering that generated password a little easier.

    • John says:

      There are many ways that you can create a password that is sufficiently complex as to be an effective digital lock. A good place to go to learn how to make very good, complex passwords is the Password Haystacks page on Gibson Research’s website (https://www.grc.com/haystack.htm). It is a great resource for learning about and constructing good, secure passwords.