In August of 2022, the popular password manager LastPass suffered a security breach that left users at risk. The cybercriminals behind the attack stole users’ vault data and breached the company’s cloud storage service. While LastPass announced that no customer data was accessed, the incident left many users hesitant to use a password manager. If you’ve experienced a password manager breach, you might not know what to do next. In this article, learn what to do if your passwords have been compromised.
What should you do if your password manager is breached?
So your password manager was breached. What now? How can you protect your passwords and accounts after they’ve already been compromised? Your first instinct might be to simply delete your account and try to move on. Unfortunately, that won’t protect your data from cybercriminals. The best way to move forward is to export your passwords, find a new password manager, and start fresh with new passwords.
If your small business passwords were breached, learn more about overcoming cybersecurity challenges for small businesses.
Export your passwords
If your password manager has been hacked, the first thing you should do is export your passwords. This might sound simple, but it’s important to keep your data secure after you download them. Make sure you don’t download your file as readable text, also known as plain text. Even if you delete this readable file, people with bad intentions can recover it and access your passwords. Only store your file in an encrypted format.
Import to a new password manager
Now that you have an encrypted file with all of your passwords, you can import it into your new password manager. Depending on how and why your original system was breached, you might consider switching to a cloud-based service. Password managers that have multi-factor authentication are also more secure. The import process should be straightforward, but if you run into any issues, your new service should be able to help if you contact their tech support.
Once you’ve imported your passwords, make sure to permanently delete your encrypted file. Simply moving it to the Recycle Bin means that it can still be accessed and de-encrypted. You’ll want to make sure this file is gone for good.
Change your master password
Normally, switching one password manager out for another would be simple. But since cybercriminals now have your data, that complicates things. Changing your master password is the best way to protect your passwords, and in turn, your accounts. Unfortunately, changing the passwords on your old password manager won’t help now. The only way to protect yourself now is to change the passwords in your new password manager.
Learn more about how to create a strong password here.
First, change the master password. Then, change the passwords for critical accounts, such as banking, tax information, government programs, and other important services. After that, you can work your way through the rest of your passwords. If you have a credit card linked to accounts, don’t forget to change those passwords too.
Should you abandon password managers?
While you might feel skeptical about password managers after being hacked, you shouldn’t abandon them because of a single incident. Online security is constantly evolving, and never perfect. Despite criminal interest and security breaches, password managers are still the best way to keep your passwords safe. Now it’s time to find a good password manager that makes you feel secure.
The importance of cybersecurity
As we go forward into a world run on the internet, it’s time to take cybersecurity seriously. By taking steps to secure your data, protect your devices, and manage control of your network, you can help keep your digital spaces safe.