On Tuesday 16th June 2015 LastPass sent emails out to all it’s subscribers asking them to change their master password as they had in the previous few days detected suspicious activity on their servers.
The report states that no ‘Vault’ data was leaked out, however it is believed that email addresses, password reminders, and possibly password hashes were leaked.
LastPass are requesting all their users change their master password with immediate effect, and as an added precaution any login from a new device or IP address is likely to trigger an extra level of login verification utilising email to further confirm the users identity – it is not clear for how long this extra measure will remain in place.
The procedure for changing your LastPass master password on a Windows machine using Firefox is:
1. Log in to LastPass on your laptop using Firefox.
2. On the left look for ‘Account Settings’ and click it
3. At the top make sure ‘General’ is highlighted (if not click on it)
4. Look for a button marked ‘Change Master Password’
5. Click the button and follow the instructions to change your password.
The procedure for changing your password on other Operating Systems and and browsers should be broadly similar.
Just make sure your new master password is hard to hack / guess – usual rules apply, minimum ten characters (but make it longer if you can), to be a mix of upper & lower case, numbers and special characters.
Should I be worried about my data?
The chances of you losing any important information are almost zero as your data is encrypted on your PC / device before it’s sent to LastPass so even if the hackers got hold of your data file they wouldn’t be able to decipher it unless they happen to guess your password, which if you’ve used a secure one is highly unlikely.
Incidents such as this are bound to lead to fears over the security of password mangers such as LastPass, but in out opinion LastPass still remains one of (if not) the best managers available, the fact that they do not store either your password, or data in anything other than an encrypted format means that the only person capable of decrypting the data is the one that knows the password. so long as your password is not easy to guess all should be good.
With this in mind it MIGHT not be necessary to change your master password, but we wouldn’t recommend it – it’s so easy to change why not do it just to be safe. Besides, changing your password regularly improves your security anyway. As a wise man once said – “Treat your password like your toothbrush – change it every three months, and never share it”
One last thing to be aware of – the people that stole the data have your email address – if you receive an email asking you to change your password, it could be a phishing email from the hackers – DO NOT click on any link that suggests you change your password. Instead, log in to your LastPass vault in your usual manner and change your password from there.
This post is a chimpytech production – please visit our website at www.chimpytech.com for great technology tutorials.