Log in through the extension

LastPass is best experienced through your browser extension. Install LastPass for Firefox to automatically login to sites as you browse the web.

Install LastPass Close

Password cybersecurity checklist

Take control of your digital life

The risks of poor password habits are too high. LastPass created this checklist to help your family and business improve cybersecurity awareness.

Free trials for personal and business plans. No credit card required.


Understanding and outsmarting password (mis)behaviors


of people still reuse the same password for multiple accounts.


of data breaches are caused by weak or reused passwords. 


of people change their password after a password breach.

1. Improve your password habits

Strong passwords are the first line of defense against cyberattacks. But strong passwords can be hard to remember, so it’s no surprise many people reuse one password for multiple accounts.

Even a strong password becomes weak when reused. One compromised, reused password puts your other accounts at risk. A password manager helps eliminate password reuse.



A password manager like LastPass makes it easy to create strong, unique passwords with a built-in password generator, plus manage, synchronize and access their passwords across all their devices and all browsers.

2. Go beyond two-factor authentication

While a strong password protects an account, a hacker could still gain access through phishing or social engineering. Additional layers of authentication provide extra roadblocks to protect yourself and your business.

Multifactor authentication (MFA) adds another step to the sign-in process. LastPass MFA authenticates users based on their physical location, IP address, biometry (fingerprint, face scan), or sending a push-notification or secure code to your phone.

MFA is especially essential for high-risk accounts or applications involving financial or legal data. Businesses should also engage MFA for non-cloud apps like VPNs, workstations, and more.


You can go further with the LastPass Authenticator app, which allows you to enable MFA while also going passwordless. Best of all, users and admins can also enable MFA through the authenticator of their choice, from YubiKey to third-party supported authenticators.

3. Keep your software updated

It’s easy to press “remind me later” on software updates. But cyber attackers target old application vulnerabilities because a single weak spot is a pathway to your business’ most sensitive information.

Educate employees on the importance of software updates and notify them when new software updates are released. Proactively, set up their machines to auto-update OS updates.


Passwords also require regular updates – 87% of services don't even know if they have had a data breach*. LastPass allows businesses to vet and spot reused and leaked employee passwords within a convenient security dashboard.

4. Recognize and report phishing attacks

Phishing, smishing (text or SMS), and vishing (voice call) attacks are getting increasingly elegant and harder to recognize – until after your data has been stolen.

Educate employees and family on the essentials:

  • Double-check a sender’s email address.
  • Look for poorly written or misspelled email copy.
  • Never accept MFA requests they didn’t initiate.
  • Report suspicious emails to IT.  


Password managers like LastPass also won’t allow you to autofill credentials on scam or mirror websites.

5. Be careful what and how you share it

Someone you know asks for your login credentials to an app they need to access. The easiest way to share this password – in your mind – is to share it via text message, email, or Slack.

This is risky to do. It’s unsafe to share plaintext passwords through unencrypted methods because anyone accessing the channel you shared them in can steal (copy-paste) them. Moreover, you can’t limit how your password is distributed elsewhere by sharing this way.


LastPass is the safest way to share passwords with family, friends, and coworkers, as you’ll be sharing them with trusted users through an encrypted network.

LastPass Families and Business admins also have greater control over sharing to ensure that only some users can access certain credentials.

For families, that could include sharing entertainment credentials with the whole family while only sharing financial passwords with their spouse. For businesses, admins can ensure team members can access the passwords they need, so low-level employees can’t login to sensitive applications.

6. Monitor passwords risks

How do you know if your old passwords meet modern security requirements? Do you know if your personal info has been compromised and is being shared and sold on the dark web?

LastPass provides you with tools to keep you, your family, and your business out of the dark and aware of your password health, behavior, and risks.


The LastPass security dashboard is a your digital security command center. From it you can monitor the strength of your passwords and remain alert of username-password combinations and email addresses which have been found to be compromised on the dark web.

From the dashboard, LastPass Families and Business admins get a holistic, overhead look at their entire account, where they can oversee and address users’ password behaviors. If a risk is identified, they can work to address and remediate as soon as possible.


IDC Inforbrief commissioned by LastPass: Enabling the Future of Work with EPM, Identity and Access Controls, 2022

LastPass: Psychology of Passwords, 2022

Learn more about proper password practices


Tips for Creating Strong Passwords

Learn how to create passwords which protect your accounts – and how the LastPass password generator does it best.

Blog Post

Getting to Know Your IT Admin

Learn more about what you IT admin does and how you can help them improve business security.

Blog Post

Phishing tips to keep you secure from scams

Familiarize yourself with phishing scams so you can stay safe at work and home.


How to Create and Manage a Cybersecurity Culture

One the best ways to reduce the risk in your organization is to create a culture of cybersecurity – but a secure workforce starts at the top, with leadership setting the tone.


LastPass Password Generator

Instantly generate a secure, random password – from anywhere, on any device – with this LastPass online tool.

Prioritize your cybersecurity

Security is just a few clicks away. Fortify your passwords and sensitive information with LastPass to protect your digital life.

Free trials for personal and business plans. No credit card required.