Please note that this Security Challenge functionality discussed in this post has been updated. This functionality is now part of our Security Dashboard and dark web monitoring. For updated information please visit our blog post from 8/5/2020.
Ready to take your security to the next level? In our first post for Cyber Security Awareness Month, we discussed how to set up LastPass to protect your digital profile. Now that you're more familiar with some of the basic components of LastPass and how it can help protect you, let’s dive into the features and settings that will boost the security of your LastPass vault and help you better secure your digital profile.
Move Old Passwords to LastPass
If your passwords aren’t in one place, it’s hard to keep tabs on your overall password security. Once you’ve started using LastPass, be sure to move all credentials into your vault. That means exporting from your browser and turning off your browser autofill. Or, if you have a .txt or Excel doc somewhere with a list of all your accounts, enter them into LastPass and permanently delete the file.
Why? If passwords are lurking in unsecured places, it’s a lot easier for opportunistic thieves to find them, whether it’s a malicious extension in your browser or an angry soon-to-be ex-boyfriend looking through your phone. With everything backed up and encrypted in LastPass, that’s one less thing to worry about.
Run the Security Challenge
With all your passwords in one place, it’s much easier to get the whole picture when it comes to your password security. With the LastPass Security Challenge, you can audit all your passwords and identify the ones that are in urgent need of updating. Once you’ve identified the weak, reused, and otherwise insecure passwords, you can go about replacing them with new, generated ones created and stored by LastPass. Keep an eye on your score and aim to get it as high as you can!
Turn on Two-Factor Authentication
When you’re logging in to an account, such as your online banking, have you ever had to enter a code that’s texted to you? Then you’re already familiar with the idea of two-factor authentication. By asking you to provide a second piece of information when you’re trying to access something, there’s less chance of a malicious attacker being able to access something they shouldn’t.
The same is true of LastPass. You can – and should – protect your account with two-factor authentication. Even if your master password were somehow stolen, the thief would still need the two-factor authentication data to access your account.
Set Up an Emergency Contact
If you have family depending on you, it’s important to create a back-up plan for them to get access to your passwords should something happen to you. Without access to your logins, simple things like paying the mortgage, keeping up with bills, and executing your final wishes could be unnecessarily difficult for them. It’s not an easy topic to discuss, but it’s wise to think through emergencies.
With LastPass, you can set up Emergency Access and designate one or more people as your recipients. Should it be necessary, they can then request access to your vault. After the time period you specify (during which you can decline the access, if needed), they’ll be given access to your vault.
Enable a Security Email Address
Sometimes, security by obscurity can be a helpful strategy. With the security email address feature in LastPass, you can enable a secondary email address solely for LastPass security alerts. Depending on your settings, these alerts may occasionally be sent with details of password or username changes, and important account updates. If you’re worried about your primary email address ever being compromised, the secondary email address ensures you have a dedicated inbox for LastPass that no one else should know about.
Link a Personal Account
A password manager like LastPass can help protect you both at home and in the workplace. But if you’re using LastPass at work, it’s a good idea to keep personal and business separate. For LastPass business accounts, an admin can delete an account at any time, which would also delete any passwords stored in the vault.
That’s why we recommend always creating a separate, personal LastPass vault. You can then link the personal vault to the business vault, giving you can convenient access to both throughout the workday. They remain separate and private, though, and the admin can’t see what’s in your personal vault (though what you do on company devices, including the sites you access, is likely still being monitored).
Take some time this month to start using these LastPass security features, and you’ll be safer for the effort.