You may choose to go beyond LastPass’ recommendations by resetting all stored passwords to reduce outstanding risk to an even further degree.
We will continue to monitor the situation closely and update our recommendations accordingly if new information becomes available. Please be sure to review our updated guidelines on how to safely make use of an online password manager like LastPass and expect to see attempts to phish your master password in the coming weeks and months. entered it by mistake into a phishing website). Further, if any of the below items are true in your case, it would be prudent to reset all passwords stored within your vault and your master password:ġ - You reuse your master password on multiple websites.Ģ - Your master password is less than 12 characters (16+ recommended) or lacking complexity (special characters, numbers, mixed-case).ģ - You have reason to believe that your master password may have been compromised (e.g. Even if they are protected by two-factor, resetting them once a year is advantageous in the event of an unknown compromise. If this is not possible for some of those accounts and they are stored in your LastPass vault, it would be prudent to proactively reset the passwords for those select accounts.
banking, accounts used for Stony Brook business) have two-factor authentication enabled. We continue to recommend that all high-risk accounts (e.g. With this in mind, LastPass is not recommending changing the passwords of the accounts stored inside of your password vault and for many, this may be the appropriate recommendation however, we would like to modestly strengthen their current recommendation based on what we currently know and reinforce some important caveats in their notice.
They have confirmed that the data stolen is strongly encrypted and the data within it can not be accessed if your master password is strong and remains confidential. LastPass has provided details and instructions directly to those affected. We, of course, have been following the situation closely. As you likely already know, LastPass has been in the news recently for being the latest victim of a sophisticated security breach.
0 kommentar(er)
