Member-only story
What can we learn from the LastPass breach?
It’s about reducing risk.
LastPass disclosed that they were compromised via a third-party solution. Encrypted LastPass password backups were stolen. These are some lessons learned about how we can protect ourselves.
Choose a strong master password
If we can type our master password super fast, it’s probably not that strong. We want a long, complex password that’s not easy to guess or brute force. This is the first line of defense for protecting all our other passwords.
Change all passwords every so often
LastPass disclosed the breach resulted in encrypted backups being stolen. If we change our passwords often (our master password and account passwords), we have some protection. If a backup is decrypted, the password might be obsolete.
Enable MFA/two-step verification for all accounts
If an account password is breached, having MFA on that account reduces the risk of the account being taken over.
Use stronger MFA when possible
Having some MFA is better than nothing. Having an authenticator MFA is better than a text message MFA.
