If you’ve taken my advice and started using LastPass to protect your online accounts, then you recently received this unwelcome email from the LastPass Team.
You may be wondering if it gives me pause about using a password manager and specifically using LastPass. It does not. The message from the LastPass team isn’t good news, but I’m comforted knowing that they quickly recognized it and notified users on the steps they should take to protect themselves.
If you are using LastPass it is almost certainly the case that you’re perfectly safe unless all of the following are true:
- Your password is short and simple
- You are not using Multi-Factor Authentication (MFA)
- Your password hint is really helpful
- You ignore the advice from LastPass to change your master password
If you are using MFA, you’re safe. If your master password is long, you’re also safe, but you really should change your Master Password. I use MFA and have a very, very long master password, but have decided to change it because it just isn’t that hard. As I’ve shared before, compromises are going to happen. If data is on a device (and this includes printed letters on paper), risk of compromise exists. We do everything possible to protect ourselves from a compromise, but we also make sure we can recover if things go wrong.
If you want to be 100% safe, you’ll have to start living off the grid in every aspect of your life. Your personal data won’t be safe, but you won’t care if it gets compromised and you’ll likely never know.