Please note that this Security Challenge and breach alert functionality discussed in this post has been updated. For updated information please visit our blog post from 8/5/2020.
Hardly a day goes by without hearing about another company that's experienced a breach. And every year, millions of people are victims of hacked accounts and online fraud. At home and at work, these security threats are often driven by dangerous password habits. According to Verizon's 2017 DBIR, a startling 81% of breaches involved weak, reused, and compromised passwords!
Keeping you safe with breach alerts
For years now, we've offered automated breach alerts to help users identify the passwords they need to change. By working with a partner that aggregates data breaches as they're happening, LastPass users have comprehensive, time-saving tools that alert them when their personal information has been compromised. With access to a database of billions of compromised credentials, LastPass users have the information they need, in real-time, to protect themselves from the aftermath of a breach. Our new partner for this service, PasswordPing, uses a combination of manual research and customized tools to continuously gather credentials that are exposed on the Internet and Dark Web. While a specialized research process is required, all the credentials indexed by PasswordPing were publicly exposed and at risk of being used for malicious purposes. By making LastPass customers aware that their credentials are no longer secure, we can prevent a wide range of related maladies: from malware to identity theft.What you should know about breach alerts
All LastPass users enjoy the security benefits of breach alerts. Now powered by PasswordPing, both LastPass account email addresses and the emails stored in the vault as usernames are checked against the database of emails leaked in known breaches. LastPass users are protected with:- Checks for LastPass account emails: To trigger LastPass to check your credentials, simply go into your vault and click “Security Challenge” in the left hand navigation pane. Once you run the challenge, you will be alerted if any of your credentials are compromised.
- Security Challenge reports: The LastPass Security Challenge provides an audit of your password security, identifying weak, reused, old, and vulnerable passwords. After launching, users are presented with a list of all email addresses found in the vault. By default, every email address in the vault will be checked against PasswordPing's database. When matches are found, alerts are sent affected email addresses. Users can opt-out by unchecking specific email addresses, or skipping the breach check entirely.
- Email notifications: When matches are found, notifications are sent to the affected emails, so users can update the passwords.