Thus, I recommend you change passwords to any “important” account that you had stored in LastPass at the time of the breach.
Phone number for lastpass support password#
Assuming LastPass has done encryption properly, and assuming your original master password was sufficiently secure, then access to your account information is highly unlikely. There’s no clear indication of how likely it is that they’ll be successful. Vaults containing your passwords are “in the wild”, and hackers could be trying to decrypt them as we speak. That’s because the damage has already been done. While we’ve increased our security moving forward, none of what we’ve done so far addresses the damage done by the breach. Change passwords for “important” accounts LastPass has instructions here: Change your master password.
Phone number for lastpass support update#
Make sure to also use this opportunity to create or update any account recovery options associated with your account. Then, even if you were at 600,000 iterations, change it to 600,001 to force re-encryption. Select a new, secure, master password, and change it. It’s unclear if changing your master password alone is enough to force your entire database to be re-encrypted, 1 but apparently changing the password iterations will. Particularly if your password iterations were less than 600,000, it’s time to change your master password. LastPass has instructions here: Change your password iterations for LastPass.
Updating that setting resolves this issue. The result is the encryption used may be somewhat more vulnerable to some forms of attack. While LastPass did change the default some years ago, older accounts were created using a lower number and were never instructed to update. (Screenshot: )Įnsure that this setting is 600,000 or larger. You’ll find it in the advanced settings in your LastPass account online. There is an obscure setting in LastPass called “password iterations” that controls the quality of the encryption used by the tool. The problem is, thinking that way often leads to lax security. I simply run into too many people who believe for a variety of reasons that they are not valuable enough for an attacker to care about. I discuss this in more detail in Why You - Yes, You - Are a Target of Hackers. No matter how much you use or think you don’t use the internet and online services, the risks posed apply to everyone. “Minimal exposure to external threats” is misleading Be particularly wary of phishing attempts, which may use information from the breach to create convincing but fake emails. Regardless of which password manager you use in the future, change passwords to important (and even not-so-important) accounts and consider adding two-factor authentication to those as well. Ensure that LastPass’s “Password iterations” setting is 600,000 or more, change your master password, and add two-factor authentication to LastPass.
0 kommentar(er)
