Oct 17, 2014

Halfway There! Have You Improved Your Security This Month?


The past two weeks have quickly passed, and that means we’re now halfway through National Cyber Security Awareness Month. To kick off the month we challenged you to put your passwords to the test by running the LastPass Security Challenge and taking steps to improve your security score. That means generating new passwords to replace weak ones, or trying multifactor authentication, or updating your master password to an even stronger one. Have you made progress? You’ve still got two weeks, let’s see how high you can make your score!

https://lastpass.com/index.php?securitychallenge=1&lang=en-US&fromwebsite=1&lpnorefresh=1

And as we pause to think about ways we can better protect ourselves online, we’re sharing more tips below from STOP.THINK.CONNECT and StaySafeOnline.org, reminding you how to protect your data, your machines, and your community, this month and all year long:


Keep a Clean Machine

  • Keep security software current: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
  • Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
  • Protect all devices that connect to the Internet: Along with computers, your smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
  • Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information

  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site. 
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password. (Hint: Use the LastPass password generator.)
  • Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. (Hint: LastPass will remember each unique password for you.)
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. (Hint: LastPass helps you securely manage your passwords & other important records.)
  • Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit how and with whom you share information. 
 

Connect with Care

  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often the ways cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark as junk email. 
  • Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine. 
  • Protect your $: When banking and shopping, check to be sure the site is security-enabled. Look for web addresses with “HTTPS://,” which means the site takes extra measures to help secure your information. “HTTP://” is not secure.

Be Web Wise

  • Stay current. Keep pace with new ways to stay safe online. Check trusted websites for the latest information, share with friends, family and colleagues and encourage them to be web wise.
  • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
  • Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

Be a Good Online Citizen

  • Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.

Find a downloadable version of the above tips and more great resources at StaySafeOnilne.org.

Oct 16, 2014

What Does Your Password Say About You?

A deeper dive into the passwords from the recent Gmail leak reveal some interesting psychology on why we choose the passwords we do. For one thing, the generated passwords are very easy to spot when you take a look at the data, because they’re so rare. That means most of us are still creating our own short passwords rather than using a password generator. And when we create those passwords, we default to words, phrases, or variations of familiar patterns, because they're easier to remember.

Check out what our follow-up analysis of the Gmail data reveals:

Oct 13, 2014

6 Ways to Lock Down LastPass on iOS


LastPass offers many security features to help you protect your account and be safer online. Did you know there are also mobile settings to help you better secure your LastPass app? Check out these 6 mobile security features for iOS today:

1. Use Multifactor Authentication


As we’ve mentioned before, multifactor authentication adds another layer of security to your LastPass account by requiring a second login step before allowing access to your vault. Usually this means entering a code or otherwise proving that you are who you say you are.


LastPass is compatible with many multifactor authentication options that are also available for mobile use. Apps like Duo Security, Toopher, Transakt, and Google Authenticator all install on your mobile device and allow convenient mobile access, while still maintaining the security benefits of running multifactor authentication with LastPass.

2. Add a Fingerprint Prompt with Touch ID



With the release of iOS 8, LastPass now supports Touch ID verification as an alternative to the master password reprompt on the iPhone 5S and 6. This means that when you turn on master password reprompt options, account-wide or on a site-by-site basis, you can use Touch ID as a replacement to entering the master password when using the LastPass Safari extension (and we continue to expand this new feature!). In situations where the app would prompt for the master password, you’ll instead be prompted to authenticate with your finger. For more on setting up and using this feature, check out our video tutorials.

3. Restrict Access to Specific Mobile Devices


Whenever you login to the LastPass mobile apps, LastPass remembers that mobile device for you. On your desktop, you can see this list by opening your LastPass Vault, launch Settings, and view the Mobile Devices tab. Any smartphone or tablet you’ve used with the LastPass app will be listed there, with a unique identifier for each device.


LastPass then lets you restrict your logins on mobile devices to just that list. So, let’s say you have an iPhone and an iPad that you use regularly. After logging in to those devices, you could launch your account settings and check the option to restrict login to those two mobile devices only. If someone were to ever try logging in on another mobile device that isn’t on the list, they won’t be able to complete the login. And if a device is ever lost or stolen, you can disable it in your Mobile Devices settings, or you can delete it completely to remove it from the list of permitted devices.

4. Require a PIN Code when Returning to the App



In the LastPass iOS app, you can open the settings menu to toggle the “Use PIN Code” option. Enabling the PIN reprompt options allows you to protect your LastPass app by requiring a PIN code every time you multitask away from and then back to the app. It’s more convenient than constantly re-entering your master password, but more secure than leaving your app logged in and unprotected.

5. Logout Automatically When You’re Not Using the App



To ensure your LastPass app logs out when you’re no longer using it, you can go to the app’s settings menu to tap “Never logoff when idle” and set a time limit. If you’re using the app and then multitask away for a while, your session will end and you’ll be logged out when the designated amount of time has passed.

6. Safely Remove Data by Clearing the Clipboard

 


If you’ve been copy-pasting any data from the LastPass app to other apps on your phone, you can open the LastPass app settings to tap “Clear Clipboard”, to ensure that the last thing you copied will not be usable.

Try out these features today by downloading the LastPass app from the App Store, and subscribing to LastPass Premium.