LastPass Breach and Tips from Steve Gibson

With the latest breach at LastPass I was eager to listen to Steve Gibson on his latest Security Now Show #512 and see what he advised.

  • What may have been lost were email addresses, password reminders, per user salts, and authentication hashes. None of the bulk encrypted data was lost.
  • lastpass-01
  • Under Password Iterations (Advanced Menu)  – change it from 5000 to a random number of five or six digits with no zeroes and the first digit should be greater than two – like 59463. Note – even though you get a message from Lastpass not to go above 20000, I didn’t experience any significant delay.
  • Lastpass also adds a per user random SALT – which makes the account even more secure.
  • Lastpass is also protecting us by preventing anyone from logging in from a new computer or IP address and will require confirmation via email.
  • Steve still recommends changing your Lastpass password in case everything was stolen and you had a weak password to start. It’s interesting that Steve changed his password even though I know he had a very secure password.
  • Steve still recommends using Lastpass.
  • Two factor authentication  would help if somehow they did figure out your password.
  •  Steve also recommends writing down you Master Password and keeping it somewhere safe – like your wallet, but make a change to it so that it’s not exactly the same.
  • Leo LaPorte also adds a long number to his password to make it even more secure or you can also just add extra characters to the end of your password to make it harder to crack.
  • If you haven’t already, setup two-factor authentication in LastPass.
Advertisements

About Tom Terrific

Interested in MANY things.
This entry was posted in LastPass. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s