Having unique, complicated passwords for each of your accounts is an essential element of electronic security.  However, remembering all of your passwords can be a difficult task for many people, which is why so many people use online password managers, which store all of your passwords for you.  These companies, however, are tempting targets for identity thieves.  A few days ago, online password manager company LastPass announced that it had suffered a data breach in which customers’ email addresses, password reminders and encrypted master passwords were taken.  Although the encryption of the master passwords may be sufficient to protect those passwords, this data breach is a major problem.

TIPS

If you are a customer of LastPass, the company is advising you to use multifactor authentication by which a one-time code is sent as a text message to the user’s smartphone to use in addition to their password when they log into their accounts from a device not recognized as belonging to the user.

LastPass customers should also be wary of any emails they receive that appear to come from LastPass asking them to update or provide personal information as these emails will undoubtedly be from the identity thieves who hacked LastPass seeking the personal information to gain access to the accounts of their intended victims.

Although password manager companies can be very useful, I still think that you can protect yourself by using the password strategy I described in June 18th’s Scam of the day without the risks of using a password manager company.