Important Update on the LastPass Security Incident
Back in August 2022, LastPass, a password management software company, experienced a security incident. At that time, it appeared that information within LastPass was still safe and there was no reason to take any action. The Truepoint team has been a LastPass enterprise user for many years, and we have frequently encouraged clients to use this software. Now that we’ve been able to fully assess the situation, we have the following updates and guidance.
What does this security incident mean for Truepoint?
While LastPass has not contacted Truepoint regarding a security breach of information, we are taking proactive steps to cease use of LastPass and migrate to another password manager named 1Password. We take cybersecurity very seriously as a firm and hold our team members to high standards while adhering to the best practices related to information security. Our IT team has performed the due diligence to assess the situation and make the recommendation to move to 1Password immediately.
What does this mean for Truepoint clients?
If you use LastPass, we recommend that you change your master password and consider a new password management program like 1Password. If you aren’t currently using a password manager, we highly recommend taking the action of starting to keep your passwords secure using one of these programs. Additionally, for any accounts that offer multifactor authentication (like text codes), we strongly recommend establishing this additional level of security.
How is 1Password better than LastPass?
Research by the security community revealed that LastPass doesn’t encrypt the entire file that contains your data. Only passwords are encrypted, thus leaving website addresses exposed. Using this information, attackers could launch phishing campaigns to trick people into providing their login information. Additionally, until 2018, LastPass was not as stringent with their requirements for Master Password security; the 12-character password requirement is fairly new to the organization. Users with older accounts may have much shorter and less secure passwords.
1Password works similarly to LastPass but is currently widely considered to be much more secure. Two key items that stood out to our team: the security of both passwords and other information, and the ease of use for the individual.
As we learn more information, we will be in touch. Related to this topic and cybersecurity in general, we are in the early stages of planning for a Truepoint Lunch & Learn (in person and via Zoom) in March. Please be on the lookout for details as those plans develop.
In the meantime, please contact your Truepoint team with any immediate questions or concerns.