1. Improve your password habits
Strong passwords are the first line of defense against cyberattacks. But strong passwords can be hard to remember, so it’s no surprise many people reuse one password for multiple accounts.
Even a strong password becomes weak when reused. One compromised, reused password puts your other accounts at risk. A password manager helps eliminate password reuse.
A password manager like LastPass makes it easy to create strong, unique passwords with a built-in password generator, plus manage, synchronize and access their passwords across all their devices and all browsers.
2. Go beyond two-factor authentication
While a strong password protects an account, a hacker could still gain access through phishing or social engineering. Additional layers of authentication provide extra roadblocks to protect yourself and your business.
Multifactor authentication (MFA) adds another step to the sign-in process. LastPass MFA authenticates users based on their physical location, IP address, biometry (fingerprint, face scan), or sending a push-notification or secure code to your phone.
MFA is especially essential for high-risk accounts or applications involving financial or legal data. Businesses should also engage MFA for non-cloud apps like VPNs, workstations, and more.
You can go further with the LastPass Authenticator app, which allows you to enable MFA while also going passwordless. Best of all, users and admins can also enable MFA through the authenticator of their choice, from YubiKey to third-party supported authenticators.
3. Keep your software updated
It’s easy to press “remind me later” on software updates. But cyber attackers target old application vulnerabilities because a single weak spot is a pathway to your business’ most sensitive information.
Educate employees on the importance of software updates and notify them when new software updates are released. Proactively, set up their machines to auto-update OS updates.
Passwords also require regular updates – 87% of services don't even know if they have had a data breach*. LastPass allows businesses to vet and spot reused and leaked employee passwords within a convenient security dashboard.
4. Recognize and report phishing attacks
Phishing, smishing (text or SMS), and vishing (voice call) attacks are getting increasingly elegant and harder to recognize – until after your data has been stolen.
Educate employees and family on the essentials:
- Double-check a sender’s email address.
- Look for poorly written or misspelled email copy.
- Never accept MFA requests they didn’t initiate.
- Report suspicious emails to IT.
Password managers like LastPass also won’t allow you to autofill credentials on scam or mirror websites.
5. Be careful what and how you share it
Someone you know asks for your login credentials to an app they need to access. The easiest way to share this password – in your mind – is to share it via text message, email, or Slack.
This is risky to do. It’s unsafe to share plaintext passwords through unencrypted methods because anyone accessing the channel you shared them in can steal (copy-paste) them. Moreover, you can’t limit how your password is distributed elsewhere by sharing this way.
LastPass is the safest way to share passwords with family, friends, and coworkers, as you’ll be sharing them with trusted users through an encrypted network.
LastPass Families and Business admins also have greater control over sharing to ensure that only some users can access certain credentials.
For families, that could include sharing entertainment credentials with the whole family while only sharing financial passwords with their spouse. For businesses, admins can ensure team members can access the passwords they need, so low-level employees can’t login to sensitive applications.
6. Monitor passwords risks
How do you know if your old passwords meet modern security requirements? Do you know if your personal info has been compromised and is being shared and sold on the dark web?
LastPass provides you with tools to keep you, your family, and your business out of the dark and aware of your password health, behavior, and risks.
The LastPass security dashboard is a your digital security command center. From it you can monitor the strength of your passwords and remain alert of username-password combinations and email addresses which have been found to be compromised on the dark web.
From the dashboard, LastPass Families and Business admins get a holistic, overhead look at their entire account, where they can oversee and address users’ password behaviors. If a risk is identified, they can work to address and remediate as soon as possible.
IDC Inforbrief commissioned by LastPass: Enabling the Future of Work with EPM, Identity and Access Controls, 2022
LastPass: Psychology of Passwords, 2022