Maybe you have heard by now that Lastpass was hacked. You can also read about it here. If you use Lastpass, your passwords were not revealed. However, your email address and master password hint were taken. This exposes you two ways: 1) you may get bogus email that looks like it’s from Lastpass, and 2) if your hint is too descriptive, some hacker may be able to figure it out.
The first thing you should do is change your master password and your new hint should be cryptic enough so that some stranger cannot guess the password. Second, with any email you get from Lastpass, verify the sender, but more importantly, do not click on any links in the email. Go directly to the Lastpass website to make any changes that are requested.
This, of course, raises the question of the safety of using services like Lastpass, Dashlane, 1Pass, etc. My feeling is that they are still worth it for a few reasons:
1) Most importantly, the passwords themselves were not compromised with the hacking. This is because they are encrypted.;
2) Using one of these services, it’s easy to have different passwords and stronger passwords for every site. This is one of the best things you can do to protect yourself online. Using the same password over and over really exposes you to fraud and identity theft.
3) Keeping a list of passwords on paper can work but then you have to travel with it, which is a risk. Also, I have witnessed with many people, the list gets out of date. Alternatively, keeping you passwords on your computer or your mobile device in a document or in your contacts exposes you to tremendous risk if you are hacked.
I use Dashlane, and for now, I’m sticking with it. For me the pros outweigh the cons. If I ever change my mind, I’ll let you know.
Finally, if you do not use one of these services, here is a short video on creating secure passwords. Also, you may have heard about something called two-factor authentication. Here is a article about it. It’s something you may have already used if you’ve ever signed up for a service and had a code sent to your phone that you then entered on the website.