LastPass is a password manager app that allows you to protect your online accounts much more effectively. It acts as a virtual vault for passwords to accounts saved in LastPass. When you log in to an account, the app can automatically input your login information, not only speeding up the process but also eliminating the need to memorize the password to that account.
LastPass employs several security measures to protect your login credentials, one of the most crucial of which is the master password. Your master password is what you use to log in to the app and access its settings and your passwords, making it the only password you actually have to memorize. This master password is used to encrypt your password vault, and without the master password, any stored information in your vault is inaccessible.
If you want your LastPass master password to be as secure and effective as possible, then it should have the following characteristics:
- Long – Some websites would recommend using passwords with at least eight characters, but for your master password, you'd be safer with one that has a minimum of 12.
- Obscure – Your master password shouldn’t be composed of common words (e.g., “password”) or keyboard paths (e.g., “12345” or “qwerty”), or a combination of these.
- Not personal – It shouldn’t contain personal information, such as your nickname, pet’s name, or birthday. These details can be mined from various online sources like your social media accounts, and are relatively easy for hackers to guess.
- Uses different characters – Your master password should contain letters in both upper and lower cases, numbers, and special characters.
- Unique – Your master password should not have been used for any other account. Should the need to update it arise, make sure the replacement has not been used in the past, whether for LastPass or another account.
If you want your LastPass master password to be as secure and effective as possible, then it has to follow password best practices
How can you create a strong master password?
Try the following strategies to ensure that your master password is as hard to decipher as possible:
Use a random but memorable sentence
This method helps you craft a “passphrase” that is made up of seemingly random characters but is easy to remember. Follow these steps:
- Create a sentence composed of eight or more words. If you can add numbers and special characters to the sentence, do so (e.g., “When he was younger, my friend Sam could eat 20 tacos in one sitting.”). Alternatively, for the sake of making things easier to remember, recall a favorite quote that has numbers and special characters (e.g., “There can be a hundred people in the room, and 99 don’t believe in you, but one does.”).
- For every word in your sentence, retain only the first letter and remove the rest. Keep all the numbers and special characters. (e.g., whwymfsce20tios)
- Change some of the letters’ case and replace others with special characters or numbers. (e.g., whWyMf5cE20+I0$)
String random words together using the Diceware method
Diceware was created to frustrate hackers by crafting passwords from highly arbitrary components. Here's how to do it:
- Create a phrase using four or more random words. Avoid familiar phrases (e.g., “winner takes it all”) and grammatical constructions (e.g., “I love you so much”). The more uncommon the words and the combination, the better. (e.g., “iota genre panda aspic”)
- Change some of the letters' case and add numbers or special characters to make the resulting password harder to crack. You can also replace the spaces between the words with letters, numbers, or symbols. (e.g., %oTa&g3nRE&PAnD@&a$P1C)
How can you maximize your LastPass account’s security?
LastPass supports two-factor authentication, which requires you to provide an additional piece of information to LastPass in addition to the master password when logging into your account. Implementing this feature prevents hackers from accessing your passwords stored in LastPass, even if they somehow managed to steal or guess your master password.
LastPass supports a wide array of verification methods so that users can choose the one that's most convenient for them. If you choose to use an authenticator app, you can use LastPass's own app, or you can use apps by third parties like Microsoft, Google, Salesforce, and Symantec.
Once enabled, after you enter your master password to log in, you’ll either receive a push notification to your phone to approve or deny the login request, or be prompted to enter a code displayed in the authenticator app on your phone.
A strong master password is important, but it’s just one of several things you need to strengthen your business’s cybersecurity. At Fidelis, we offer a host of services that will help you maximize your defenses against multiple cyberthreats. We can also help your organization implement LastPass for Business.
Learn how your staff can help boost your cybersecurity by downloading our free eBook today.