Friends, LastPass — the award-winning password management tool that I have loved and recommended for years — was hacked, and it’s bad. What’s more, I don’t think the company is being forthright.
Please watch this video to learn everything we know so far.
Don’t have time to watch? Here’s the summary. Bad guys have our vaults with all our passwords. LastPass says if you have a great LastPass Master Password, the bad guys probably can’t get in. If your Master Password is one you’ve used other places or if it’s kind of easy to guess, you may be screwed. And the bad guys might start trying to phish users with fake emails to coax you into revealing it.
What can you do to protect yourself against the LastPass hack?
Quick answer: Not a lot.
The only surefire thing you can do is to change all your passwords. And, according to a brilliant nerdy colleague of mine, we should all change our Master Password just in case it IS somewhere even though LastPass swears it isn’t.
Other than that you just have to sit back and hope that your Master Password holds up so they can’t break into the backup versions of the vault that the bad guys have. And cross your fingers that LastPass is telling the truth that there’s no other way that the vaults can be broken into.
What I’m going to do
I’m going to change the passwords on my bank, credit card and other critical accounts, plus my Master Password. And then I’m just going to wait to see what happens. In the meantime, I’m going to investigate alternative tools that allow me to share passwords with others, which is critical for the way we operate here at Nerd HQ. I may or may not switch, depending on how things go. But I will definitely worry.
Beth so glad I read and listened to this. I was going to invest and make the switch to LastPass but my gut kept telling me no. I am sorry that you and others are now victims and having been a former victim of credit card fraud and stolen data thru the OPM (govt) several years ago the only advice I can give you is always verify suspicious emails by calling the company and asking if they sent it, put some flags on your bank and credit cards so that companies need to request additional information before processing a transaction, and most importantly, check your credit report frequently. You’re absolutely correct LastPass’ lawyers found a loophole to mitigate their risk with the “if you followed our recommendations” phrase. Accountability unfortunately is very expensive and the company is trying to do damage control. Kudos to you as an influencer to call them on it.
Hey Beth:
Have you settled on a good alternative? I’m looking at 1Pass, but wanted your opinion. Thanks.
Ugh. I don’t know what to do about my account. 1Password is great and always on the top of the lists. So it’s a good choice.