Let’s face it — remembering passwords is really tough. We spend more of our time online than ever before, which means more login details.
Mix together work passwords, with social networks, music streaming sites, and all your utilities and you’ll be struggling to remember which is which… and then we all end up taking shortcuts, like reusing passwords.
A password manager like LastPass can help you improve your security by securely storing all of your passwords in a vault, and can be accessed on multiple devices. Securely storing your passwords isn’t enough though to protect you against security breaches and hacks which are happening more frequently than ever.
With LastPass’ Security Challenge you can improve your “security hygiene” by having LastPass analyze your passwords, look for compromised email addresses and passwords, and make suggestions on how to improve your overall password security.
Import Into Lastpass
The first step is to import all of your accounts into LastPass (if you haven’t already). Getting started with LastPass is fairly straightforward as they guide you through the process of importing your passwords.
It’s worth taking the time to make sure you import everything, even the old accounts that you may have forgotten about. Just because you don’t use them anymore doesn’t mean that a breach on that site wouldn’t hurt you later on.
Visit the LastPass Security Challenge Website
Once you have created a LastPass account and imported all your passwords it’s time to face the Security Challenge. Head to the website and click Show My Score for the analysis to begin.
The security-focused side of you might initially be thinking that uploading all of your passwords to LastPass’ servers is rather insecure — and that’s exactly why you don’t have to.
Enter Your Master Password
Entering your Master Password at this stage allows your LastPass vault to be decrypted locally to analyze your passwords. Your Master Password is the password that you have chosen to protect all your LastPass data. To prevent unauthorized access to your LastPass account you should make this password unique and complex — the beauty of LastPass is that you only need to remember one password rather than hundreds.
Check For Compromised Accounts
LastPass helpfully maintains a list of known security breaches and while it’s running the Security Challenge, it looks at the email addresses in your vault and asks you if you’d like to check to see if any of them have been exposed in a breach.
If LastPass spots a match then they will send you an email confirming which account was compromised and in which breach. Although this is an optional test there is no reason not to take advantage of it.
Once LastPass has analyzed your passwords and usernames you’ll be presented with the results page. Right up at the top is a summary of your scores broken down into three categories; Security Score, LastPass Standing, and Master Password Score.
Your Security Score is a measure of how secure your vault is overall based on a number of criteria:
- Password strength
- Total of duplicate passwords
- Multifactor Authentication
- Compromised Passwords
Not that you can be deducted a point if you permit offline access, allow unrestricted mobile devices access to your vault, or if you have trusted devices that you have set to bypass multifactor authentication — if you have it enabled. Those options are all customizable and the choice to either enable or disable them is largely down to your own preference of security versus convenience.
Improve Your Score
You aren’t left alone to try and figure out why your score was less than the perfect 100%. LastPass breaks down four steps to improving your score; changing compromised passwords, changing weak passwords, changing reused passwords, and a friendly reminder to change old passwords. By expanding each section you’ll be presented with the sites that LastPass has recommended you change.
View Your Detailed Stats
The “Improve Your Score” section prompts you to focus on the most urgent areas of your password security, but that doesn’t mean those are only areas to take a look at.
In the Detailed Stats section you can view each password in your vault, along with a rating on the password strength meter, anything below 50% on this meter is considered weak, and ideally you should be aiming for something around 80% or higher.
In order to help you speed through some of these password changes, LastPass has an auto-change feature for certain sites. If the website is listed with “Auto-Change Password” then in a click of a button LastPass will open the site, change the password to an auto-generated one, and save it in the vault for you.
One of the biggest risks with any hack where passwords are leaked is if you have reused passwords on several sites, leaving yourself vulnerable to the hackers.
The Security Challenge reminds you that duplicate passwords are a bad idea, and even breaks down which sites you have reused passwords on.
In the screenshot you can see that each of my duplicated passwords has an amber bar at 46%. If I were to change just one of those passwords so that they were both unique, then the score would improve for both, and as long as I have chosen a secure password then the meter should be pushed into the green.
Multifactor Authentication For Bonus Points
Multifactor authentication is one of the best ways to secure your accounts. It adds an extra layer of protection to your account by requiring that you provide some time sensitive information that can show that it is really you accessing the site. Most of these authentication methods are in the form of a generated number either sent to you by SMS or by using an authenticator app.
Not only should you be using this on every site where it’s available, but LastPass also strongly suggests doing the same to protect your LastPass vault — after all, it is your digital safe, storing all of your passwords.
If you want some easy points to improve your security score, enable multifactor authentication for LastPass and you will be rewarded with 10% on your Security Score.
Auto Generate Secure Passwords
After putting in the time to sort out your old passwords, I’m sure you’ll be wondering how you can prevent your score dropping every time you sign up for a new website. Two ways to keep that score high is either to make sure that you create secure passwords or to have LastPass do the legwork for you.
Since LastPass works on most devices and web browsers you aren’t likely to be without it, so you don’t actually need to remember your passwords any more, which means they can be total gibberish.
LastPass can auto generate passwords to a length that you set (the default is 12 characters) this means that you have a secure password that no one is likely to guess stored safely in your vault and you never need to try and remember the long string of letters, numbers, and symbols.
Better Now Than Never
I was burnt in the 2013 Adobe hack where I had used the same password for multiple accounts including my then main mail provider, Outlook. Three years later my account is still regularly hit with attempts to log in from countries all around the world, but a newer, more secure, unique password along with two factor authentication is keeping them out.
Using LastPass was my first step to securing my passwords and knowing exactly what I had and where, but the Security Challenge and my relentless need to improve my score, helped me to get to grips with my lack of password hygiene.
You only have to look at the news to know that one day you may be unfortunate enough to end up caught in the cross-hairs, and when you do you’ll be glad that you took the time to use LastPass’ Security Challenge to up your game.
Have you ever been stung by a security breach? Do you use a password manager? Show off your high Security Challenge scores in the comments below!