There are a lot of stories in the news now about vulnerabilities in LastPass.
While it is true that there are some vulnerabilities it doesn’t mean that LastPass is completely broken. LastPass is MUCH MUCH MUCH safer than storing your passwords with your web browser.
The key is for you be smart too.
You can’t rely entirely on software to protect yourself.
How to Protect Your Login Credentials
- Update your LastPass Extension (should be automatic but good to check)
- Enable multifactor authentication on Lastpass
- Enable 2 factor authentication on your most important accounts (most banks require this anyway)
- Use obscenely strong passwords (I recommend 22 characters or more)
- Use a very hard but easy for you to remember password on LastPass
- Install (and Pay for the full version of) Malwarebytes (this will protect you from websites and other malware)
- Be smart about browsing (This sounds simple but there is a lot of click bait out there – read more below)
- Be smart about email (read more below)
Smart Web Browsing
- Skip the clickbait – this includes almost any advertisement – especially on the side or bottom of something you actually wanted to read
- Hover on links – especially if they are suspicious and see where they go, most browsers will show the address to you.
- If something that looks like a trick pops up (and says your computer is infected) STOP
- Save a shortcut to your Task Manager on your task bar – (CTRL ALT DELETE can sometimes be hijacked too)
- Stop your browser and anything that looks related to your browser
- When you restart your web browser DO NOT allow it to restore all windows. Just start from scratch
- If something unexpected pops up, don’t click on it
Smart Email Browsing
- If it is from someone you know and they are asking you to do something unexpected – STOP. Call them or delete it.
- If it looks suspicious delete it (if you are using gmail or another robust email system report it as spam or phishing if appropriate)
- Hover on links before you click on them to see where they go.
Many people think email is hacked when it is simply fake. A hacked email account is completely different from fake emails.