Want to Up Your Online Security? Follow These Steps Now.

If you haven’t seen the recent reports of Mat Honan’s devastating hack, it’s a powerful tale and one worth reading in its entirety. It’s in part a cautionary tale about the current security practices of online services, but given that and other recent breaches, his situation raises bigger questions about what we can learn from the situation and how we can prepare ourselves moving forward.

There are two overarching messages we want LastPass users, and the web community at large, to take away from the story:

  • Proactiveness and preparation are key in mitigating risks of attacks, and
  • Protect your email account like your online life depends on it, because it pretty much does these days.

And a password manager like LastPass can help with both. Here’s how:

  1. Change the password for your email account(s), now. We have seen alarming statistics on the number of leaked passwords out there, including leaked email username and password combinations. A password generator like the one built into LastPass allows you to create unique, long, strong passwords for each of your online accounts. The LastPass security challenge can also help you identify any weak and duplicate passwords still lurking in your vault. One account’s password compromised = all accounts compromised that use that password, or that give access to the password reset functions for other accounts.
  2. Protect your email account(s) with multifactor authentication if possible. Google has increased efforts to encourage all Gmail users to set up multifactor authentication. If your email service offers the option, enable it as soon as possible. You’ll ensure that just knowing the password for your email account will not be enough to let someone in.
  3. Replace answers to “security questions” with obscure, non-personal responses. Truthfully answering security questions can put you at risk for social engineering. Use a password generator or create bogus answers that you can then store in a note in LastPass – if you do ever need to reference it, you’ll have access to the bogus answer, but you’ll ensure that your personal information can’t be used against you.
  4. Set up multifactor authentication for your LastPass account, now. By adding multifactor authentication to your LastPass account, you’re requiring another piece of secure data to be entered after you submit your master password, but before you can gain access to your stored data. So even if your master password is somehow captured, by a keylogger or even by someone you thought you could trust, you’ll keep them locked out because they won’t have that second piece of login data.
  5. Create a “security email address” for your LastPass account. Although protecting your primary email address(es) should be a high priority, you can set up an obscure email address to be used in the case of account recovery, multifactor authentication resets, and other critical changes to your LastPass account.
  6. Run the Security Challenge, and get proactive about your security fitness level. Located in the Tools menu of the LastPass addon, the Security Check allows you to keep an eye on weak and duplicate passwords, and reminds you of ways to improve your overall online security (such as #4 above). Take full advantage of LastPass security options, like autologoff on browser idle and restricting IP address to certain countries.

Remember, LastPass is just one tool you should have in your arsenal, but one that can help you be proactive and mitigate potential risks. You should also be following standard practices like avoiding the use of open WiFi, running up-to-date antivirus software, avoid using public computers, and always backup your data – but that’s a post for another day.

We highly recommend all LastPass users follow the above steps, and as soon as possible. We also call on your help in spreading the word about secure password management to family, friends, and coworkers who would benefit from the ability to achieve higher security standards while making their online life easier. If you want to recommend LastPass, you can do so here: https://lastpass.com/friendemail.php and receive Premium as a thank you!

The LastPass Team


  • john says:

    or better yet, create a stronger password! i made mine with passwordturtle.com . they make you passwords from common english phrases so theyre easy to remember and secure. i highly recommend them.

  • Love your products and Premium version with Android!
    Any way to have different settings for home & away?
    Like the ability to have a stronger profile/setting when I leave my home office.

  • Amber says:

    Strong passwords are arguably more important, but security by obscurity would be a benefit in the case of that Gmail feature.

  • Anonymous says:

    I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your personal information isn’t up for grabs. It would be nice to see more of the leading companies in their respective verticals start giving their users the perfect balance between security and user experience. I know some will claim that 2FA makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I’m hoping that more companies start to offer this awesome functionality. To me this should be a prerequisite to any system that wants to promote itself as being secure.

  • Eba says:

    The google authentication based login should be improved. There should be an option to send the 6 digit authentication code via phone to a backup phone number.