LastPass, an online password storage database, announced yesterday via their company blog they’ve been hacked. The silver lining is that the hackers only accessed user email addresses, password reminders, and encrypted versions of their master passwords. This means the passwords for other accounts that are stored in LastPass are safe—unless master passwords are weak and responses to password reminders are easy to glean (e.g., what city were you born in?). If you utilize LastPass, be on the lookout for updates on what you can do to get through this data breach.
Recent hacks of cybersecurity organizations are proof that cybercrimes are not 100% avoidable. Despite this, there are measures that you can take to make a hacker’s job more difficult. The simplest way is by creating strong passwords.
Setting and maintaining strong passwords is a simple task that can prevent big problems. Consider these strategies for creating and maintaining passwords that are difficult to crack:
- Passwords should be at least 8 characters long. The longer the password, the harder it is to guess or crack. Consider using a pass-phrase of 4 or 5 words strung together.
- Passwords should contain a combination of characters including upper- and lower-case letters, numbers, and special characters. Again, the longer the better.
- You should never use the same password for your login, email, protected systems, financial accounts, etc.
- Change your passwords frequently. One recommendation is to create new passwords every 60 to 90 days. Ask your support team what the recommended policy is for your company.
- Never use passwords that are easy to guess, such as pet names, addresses, birth dates, etc., and be sure to select password reminders that don’t rely on information easily accessed through social media and public records. A public records check will return a wealth of information that malicious users can use to access your accounts.
Also, remember that choosing a strong password isn’t enough on its own. You also have to protect that password. Here are a few ways to ensure no one finds or accesses your password:
- Never keep your passwords in a file on your computer; they are easy to locate if someone wants to find them.
- Never write your passwords down and keep them in your desk.
- Treat your passwords the same as you would your social security number or bank account information – in other words, keep it safe!
Protecting your personal and company data is a shared responsibility between all employees, not just your IT department. For more education on how you and your company can reduce various cybersecurity threats, visit the Cyber Threats section of your portal or contact your Client Services representative.
Marlia Fontaine-Weisse is the Content Manager for Preparis.