The breach of two popular password managers has left users wondering what they need to do to better protect their passwords against cyber criminals.
In the past few months, Last Pass and LifeLock both announced that their customers’ personal data had been compromised. The password manager companies warned their customers that bad actors may have access to customer password managers and encouraged users to take steps to protect their passwords across the internet.
We wrote about the breach several weeks back, but today we’re sharing four important steps that you and your organization can do to protect yourself in the wake of these breaches – and even more importantly, to protect yourself in the event of future breaches.
- Change your master password
If you are a Last Pass or LifeLock user, you should have already changed your master password. If you haven’t, please do that immediately. If a bad actor can obtain your master password, they’ll get access to all the usernames and passwords for your online accounts.
Make sure the password is strong. Best practices dictate the password should be at least 12 characters long, contain various symbols, and be impossible to guess.
Store your master password in a physically secure place, such as a safe, because you are the only one who has access — as a security measure, password managers do not store your master password.
- Change your passwords at the site level
Last Past and LifeLock users should operate under the assumption that their passwords and vault data are in the hands of an unauthorized party who plans on exploiting that information.
If you use one of the compromised password managers, you should change all your passwords individually at the site level. Change your individual passwords “in order of importance,” starting with the most critical, like sites that include your financial and banking information, internal employee credentials, and medical information, then moving on to email, social media accounts, etc. Take advantage of this opportunity to make sure these passwords are strong and unique.
- Don’t reuse passwords
Using the same password on multiple accounts is a problem because if any one of your accounts gets compromised, then all your accounts are as good as compromised.
Stolen credentials are often posted on the Dark Web where bad actors can purchase them. You can bet that the bad guys will be trying those stolen credentials in every place they can think of.
Bonus Tip: Don’t use similar passwords on different sites.
- Enable Multi-Factor Authentication (MFA)
Enable MFA on any site that offers it. If a bad actor does get access to your password, they won’t be able to gain access without a second verification source, typically your phone. We’ve covered MFA in great depth in this blog entry. Implementing MFA can protect your organization from the vast majority of cyberattacks – if you haven’t gotten serious about MFA in your organization, please take action immediately. It’s a simple tool that massively improves your security.
If you have questions about cybersecurity, or if you’d like to have a conversation about your business IT strategy in general, my team and I are here to help.
Please reach out to us via email at info@weareproactive.com or 704-464-3075 extension 3.
Dedicated to IT security and productivity,
– Steve
About Steve Kennen
Steve Kennen is the President of Proactive IT and an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for businesses. A seasoned entrepreneur and technology veteran with over 25 years of experience, Steve leads the team that keeps our clients secure and their business operations running smoothly.