Given that LastPass has been in the news for a data breach, our clients' have been asking questions about the security of the service. In order to address the concerns we've received, Robert, our IT and Cyber Security Specialist has written this information for you to consider.
It was only a matter of time as with all security breaches it’s not a question of if, but when.
LastPass got hacked so now it’s time for a reality check.
What does this mean to me?
Hopefully for most of us, not much.
Even if you did not use LastPass, this is a good time to reflect on your password hygiene and consider using better passwords. Also, consider using a password manager of your choice.
I am going to do my best to not put you in a tech coma and get to the point.
When evaluating your personal risk regarding passwords it comes down to 2 things.
1. Did you ever use the password (or a derivative of it) anywhere else?
2. How unique, long and complicated is your password?
We tend to use words that are in our daily lives or past experiences (vacations, favorite places, pets) as a password base. Add on a few numbers and an exclamation point and voila! It’s a password.
The worst passwords are the ones that you create your own, vs. one that can be generated by a password manager. Such as Hawaii50! vs. Y&Zn4YPc2
Change a few things on this password for each site - such as a different number or letter at the end, but it’s really the same password.
I bet you thought, oh crap, that’s me.
If I am describing YOU, it’s time to change your passwords - NOW and yes, use a password manager.
Use a master password for your password manager that does not include personal elements.
Your master password can be made from a phrase you can recite such as:
My password starts with something I can remember in 2023! = MpswsIcri2023!
You can use the chart below to gauge the risk of an attacker breaking in using a password via a brute force attack.