Jul 16, 2012

Stop using the same key for every lock!

Would you use the same key for every lock in your life? Would you hand that key out to every company you ever interact with? Now imagine that making copies of keys are free and instantaneous, storage of the keys with nearly every company is unsafe, and the keys can be used remotely even from other countries. Do you see the insanity of reusing passwords yet? Friends don't let friends reuse passwords. 

In the past week LastPass disabled nearly a thousand LastPass accounts due to users reusing their LastPass master password with Yahoo Voices and Billabong, both of which were hacked and had public releases of username and the associated passwords. 

All the disabled users broke all rules for protecting themselves, the three most important being:
  1. Never use your LastPass master password for any site or purpose.  Your master password is very important.  Treat it as such.
  2. Use LastPass to generate random passwords for every site you use. That way when these sites are hacked you get to laugh about it instead of stress and scramble. LastPass provides a security check to help you validate this.
  3. Utilize the (free) multifactor security options LastPass provides.
We know it's tempting to reuse passwords, that's why we built LastPass. Using LastPass you can get the convenience of a single password (your LastPass master password) without the security problems created when you actually reuse passwords.

Multifactor is your second line of defense, it allows your master password to be compromised without your account being compromised. LastPass provides two free and four Premium options. You can also trust your devices and your computers so you're only prompted for them when you use a new computer.  This allows the convenience you love with the security on top. We'd recommend Google Authenticator (free) or Yubikey (Premium).

While LastPass is doing its best to protect people when we see these public releases, there are many more sites that are hacked that aren't exposed. If you're reusing passwords invest a few hours today to prevent days of heart ache when the next site is hacked.  

Reusing passwords?  Not even once.