Aug 28, 2014

Worried About the JPMorgan Chase Hack? 6 Steps to Take Now

News broke that US law enforcement is investigating a hack of JPMorgan Chase and four other financial institutions. Though it remains unclear what was compromised and how it affects consumers, the sophisticated cyber attack appears to have resulted in the loss of sensitive information, including account information.

Given the potential scope of the hack, our  recommendation is to be as proactive as possible. Take action now and practice good online security habits so you can mitigate the fallout from this cyber attack and prepare yourself moving forward.

Here are 6 actions we recommend taking today:

Change Your Passwords, Now.  

Go directly to the websites of any financial institution where you have an online account, starting with JPMorgan Chase if applicable, then any banks, investment accounts, employee benefit accounts, and others that house financial assets. Use the password generator in LastPass to create a new, strong password for each of these accounts, saving the new password to LastPass as you submit the change on the website.

Use a Unique Master Password for Your Password Manager.  

Your LastPass Master Password should be a unique password that you do not reuse on any of your other online accounts. If you’ve used your Master Password for other accounts, now’s a good time to change it.

Avoid Clicking Questionable Links. 

Phishing attacks are a common way to get you to divulge sensitive information. If you receive an email to reset your bank’s password, just open a new tab or window in your browser and enter the web address for your bank, logging in there directly rather than clicking through the link.

Check Your Security Challenge Results. 

The LastPass Security Challenge gives you a comprehensive report on your password hygiene so you know where to take action. Located in the Tools menu of the LastPass browser icon, the Security Challenge alerts you to any weak or duplicate passwords, and tells you if any of your accounts were known to be affected by hacks of other online services - including this latest hack of JPMorgan Chase.

Enable Credit Monitoring. 

There are a range of credit monitoring and identity fraud detection services on the market. In LastPass, you can set up a Form Fill Profile and enable free credit monitoring alerts to receive real-time notifications if there’s any activity on your credit report. Should you be alerted to suspicious activity, you can request your free annual credit report.

Monitor Account Activity. 

Remain vigilant and watch for suspicious activity on your accounts, especially your financial, email, and social networking accounts. Watch for transactions you didn’t approve, emails you didn’t send, and posts you didn’t make- any of these could be an indication of unauthorized access to your accounts.

With an increasing number of cyber attacks affecting consumers, it’s more important than ever to be vigilant in protecting your identity and digital life, and to manage your passwords with the same care and diligence that you would the keys in your physical life.

Aug 26, 2014

LastPass Update for Android Prepares for Chrome Mobile Changes

We’re excited to announce that we have released an update to our Android app with improvements to our app autofill feature to accommodate changes that Google Chrome mobile will be rolling out in the next few weeks. For our Premium users, this means you will continue to be able to directly autofill logins in Chrome mobile!

For those of you who have been running Chrome Beta on your Android devices, you likely noticed that a recent update to the browser disabled LastPass’ ability to autofill directly into the browser and complete your logins for you. In an effort to employ stricter security policies, Google has moved to disable JavaScript injections on Chrome mobile, which LastPass relies on to automatically fill in your credentials as you log in to websites on the mobile browser.

After diligent work in investigating the new architecture, we have been able to update our functionality to be compatible with Google Chrome’s changes. LastPass will still be able to detect when you’re on a login page while browsing on Google Chrome, and you can continue to autofill usernames and passwords directly into the login fields with the LastPass prompts. You’ll continue to benefit from the ease of one tap to securely log into a site.

The update is now available in the Google Play Store. If you are interested in trying the LastPass Android app you can download it and try it out for 2 weeks for free. The upgrade to LastPass Premium is $12 per year for unlimited mobile sync and access to other Premium features.

Aug 25, 2014

Sharing Now Available in LastPass Android App

We’re excited to announce that LastPass for Android users will now be able to utilize the password and note sharing feature directly from Android devices. You will now be able to take full advantage of the secure sharing of sensitive information between LastPass users even while you’re on the go.

Partners, family, and friends co-managing online accounts, such as financial accounts or your TV streaming service, will be able to take advantage of easily sharing access to those logins.

This feature also allows you to send other LastPass users private information saved within LastPass Secure Notes. Passport numbers, PIN codes, bank account numbers, or any information stored and shared within a note are encrypted and securely synced.

From your vault, you can tap on a site or note name, and select "Share". For sites, you can choose whether or not you want the recipient to be able to view the password. You'll be prompted for the email address of the LastPass user you want to share with, and once sent the login or note will be synced between both vaults.

Think of it as a secure alternative to texting or emailing your sensitive personal information.

The updated Android app, which is included in the LastPass Premium service for $12 per year, is now available on the Google Play Store. Users can try the Premium service for free for two weeks.