LastPass, like pretty much all password managers, uses a master password that unlocks your account and gives you access to your account information, personal information, and also all the passwords that you’ve stored inside of it.
Now, according to LastPass, your data is encrypted and decrypted on a device level, meaning that not even the company has access to it. But recently, there was a bit of a scare in which users reported that they were getting notifications and emails of login attempts to their accounts.
LastPass has since reassured users that no passwords were breached, but this isn’t to say that it would be impossible to breach, so if you’re a LastPass user who’s a bit concerned about this, then maybe it’s time to enable two-factor authentication (2FA) if you haven’t done so already.
Turn on 2FA for LastPass
- Log into your LastPass account
- Click on Account Settings at the side
- Select “Multifactor Options”
- Choose the 2FA service you want to use. In this example we’ll be using Google Authenticator
- Click the pencil icon next to Google Authenticator
- Under “Enabled”, click the drop-down menu and select “Yes”
- Click “View” next to Barcode
- Launch Google Authenticator (download it for Android or iOS if you haven’t done so already)
- In the Google Authenticator app, tap the + button and tap “Scan a QR code”
- Point your phone’s camera to the barcode shown in LastPass
Once you’ve added LastPass to Google Authenticator, what this means is that whenever you restart your computer or try to log into your LastPass Vault, you’ll be prompted not just to enter your master password, but you’ll also have to enter the one-time password generated by Google Authenticator.
This added layer of security ensures that should anyone ever guess your master password, they still won’t be able to log into your account unless they have access to your phone and the one-time password.
LastPass claims that they already have security measures in place that are meant to thwart bad actors, but it’s always a good idea to try and do something on your own end to better secure your account.