Friends, LastPass — the award-winning password management tool that I have loved and recommended for years — was hacked, and it’s bad. What’s more, I don’t think the company is being forthright.
Please watch this video to learn everything we know so far.
Don’t have time to watch? Here’s the summary. Bad guys have our vaults with all our passwords. LastPass says if you have a great LastPass Master Password, the bad guys probably can’t get in. If your Master Password is one you’ve used other places or if it’s kind of easy to guess, you may be screwed. And the bad guys might start trying to phish users with fake emails to coax you into revealing it.
What can you do to protect yourself against the LastPass hack?
Quick answer: Not a lot.
The only surefire thing you can do is to change all your passwords. And, according to a brilliant nerdy colleague of mine, we should all change our Master Password just in case it IS somewhere even though LastPass swears it isn’t.
Other than that you just have to sit back and hope that your Master Password holds up so they can’t break into the backup versions of the vault that the bad guys have. And cross your fingers that LastPass is telling the truth that there’s no other way that the vaults can be broken into.
What I’m going to do
I’m going to change the passwords on my bank, credit card and other critical accounts, plus my Master Password. And then I’m just going to wait to see what happens. In the meantime, I’m going to investigate alternative tools that allow me to share passwords with others, which is critical for the way we operate here at Nerd HQ. I may or may not switch, depending on how things go. But I will definitely worry.