You’ve heard it again and again: You need to use a password manager to generate strong, unique passwords and keep track of them for you. And if you finally took the plunge with a free and mainstream option, particularly during the 2010s, it was probably LastPass. For the security service’s 25.6 million users, though, the company made a worrying announcement last week: A security incident the firm previously reported on November 30 was actually a massive and concerning data breach that exposed encrypted password vaults—the crown jewels of any password manager—along with other user data.

The details LastPass provided about the situation last Thursday were worrying enough that security professionals quickly started calling for users to switch to other services. Now, nearly a week since the disclosure, the company has not provided additional information to confused and worried customers. LastPass has not returned WIRED’s multiple requests for comment about how many password vaults were compromised in the breach and how many users overall were affected.

Actions to be taken

LastPass users should go through their vaults and take extra steps to protect themselves—including changing all of their passwords.

Start by turning on two-factor authentication for as many of your accounts as possible, particularly high-value accounts like your email, financial services, and highly used social media accounts. This way, even if attackers compromise the passwords for the accounts, they can’t actually log in without the one-time code or hardware authentication key you’ve added as the “second factor.” Next, change the passwords for all of those sensitive and high-value accounts. And then change all the remaining passwords stored in your LastPass vault.

LastPass Replacement

Personally I suggest Bitwarden, it’s free and it has a great integration with all browsers and devices: bitwarden.com

After Installing BitWarden, head over to LastPass Delete Account Page and choose delete account, before deleting your account it will let you export current passwords, export your accounts, save them in a safe place and follow delete process.

Once you are done, get back to Bitwarden Vault, there you have option to import the passwords you exported from LastPass. Once you import them, it will sync it with all your devices.

Continue Reading Original Article

Continue Reading at wired.com