LastPass Security Update
LastPass Security Update
Due to the most recent security breach at LastPass, ASU no longer recommends the use of LastPass to manage personal account information. The incident occurred in November of 2022 and was linked to a prior security breach in August of 2022. Ultimately, an unauthorized party gained access to customer account information such as company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses. Regretfully, the infiltrator was then able to obtain users’ encrypted data. Though the company maintains that users’ encrypted data is secure, if the infiltrator were to crack a user’s master password they would have access to all of that user’s encrypted data, such as usernames, passwords, and other personally identifiable information.
If you were a user of LastPass during the security breaches, it is highly recommended you change the usernames, passwords, and any other account information you had stored.
Password Advice
When creating a strong password, the length of your password is the most important aspect to consider. Additionally, you don’t want to reuse the same password on multiple sites. For this reason, it would be ideal to also make it easy to remember. One way to make a long password easy to remember is by using a full sentence, including spaces if allowed. Or you can create a passphrase, which is a phrase made up of 5 or more random words, separated by spaces or special characters.
Enable two-factor authentication or multifactor authentication when available. And for personal accounts, if the option exists, use your Google, Apple, or Microsoft account to log in. This way, if your password is compromised, you have an added layer of protection.
Resources:
Notice of Recent Security Incident