As most LastPass users have learned, on June 15, 2015, LastPass posted a notice on its website saying, “our team discovered and blocked suspicious activity on our network.” The company goes on to say that it found no evidence that any encrypted user vault data was taken. But it does recommend that users change their passwords and use multifactor authentication. Also, if anyone is dumb enough to use their LastPass master password as a password on other accounts, they should change their password immediately.
For anyone not familiar with LastPass, this is a password manager program that stores all of your passwords in a secure vault on the Internet. The vault is protected by a password known only to you.
Is LastPass still secure? I can only go by what security experts say. And my favorite expert, Steve Gibson, says he still trusts it. That is good enough for me.
But, that said, I did change my password and set up multifactor authentication.
Multifactor authentication simply means that you use two or more techniques to prove that you are really you. Usually this involves a password and a cellphone. I set up LastPass to use the Google Authenticator app on my iPhone. Now when I access my LastPass vault from a new computer, I need to enter my master password and then enter a code that appears in the Authenticator app on my phone. A little more inconvenient, yes, but my password vault is very valuable to me, and I want to protect it as much as possible.
Changing the password on LastPass is straightforward, but adding multifactor authentication was a bit tricky. In the near future I will provide a guide on how to do this.
There was a time not long ago when a password manager was simply a convenience. Now, when people have several dozen passwords to keep track of, and each must be long, random, and different, a password manager has become a necessity. If you are feeling a bit uneasy about LastPass, be sure to use one of the other highly rated password managers: 1Password or Dashlane.
— Rich Malloy