In the past week LastPass disabled nearly a thousand LastPass accounts due to users reusing their LastPass master password with Yahoo Voices and Billabong, both of which were hacked and had public releases of username and the associated passwords.
All the disabled users broke all rules for protecting themselves, the three most important being:
- Never use your LastPass master password for any site or purpose. Your master password is very important. Treat it as such.
- Use LastPass to generate random passwords for every site you use. That way when these sites are hacked you get to laugh about it instead of stress and scramble. LastPass provides a security check to help you validate this.
- Utilize the (free) multifactor security options LastPass provides.
We know it's tempting to reuse passwords, that's why we built LastPass. Using LastPass you can get the convenience of a single password (your LastPass master password) without the security problems created when you actually reuse passwords.
Multifactor is your second line of defense, it allows your master password to be compromised without your account being compromised. LastPass provides two free and four Premium options. You can also trust your devices and your computers so you're only prompted for them when you use a new computer. This allows the convenience you love with the security on top. We'd recommend Google Authenticator (free) or Yubikey (Premium).
Reusing passwords? Not even once.