Quick—how many passwords do you have? Incredibly, the average person now has 192 unique passwords, so it makes sense to use a password-management tool instead of trying to keep track of them all.

Problem: The leading password manager LastPass has had two data breaches.

Password managers store passwords in an encrypted vault safe from ­hackers. Most feature browser extensions so when you create a new account at a website, the tool stores your new ­credentials. On subsequent site visits, the tool logs in for you. Password managers prompt you to create unique, strong passwords for your online accounts. And you have to memorize only one master password to access your password manager. You enter that one password in tandem with a multifactor authentication step such as a onetime code texted to your phone.

According to LastPass, scammers did not obtain any customers’ passwords, but they did capture data about the websites its customers visited. Scammers can use algorithms and software programs to try usernames and passwords to gain access to the correct combination.

What now: You may decide that LastPass is no longer a good choice or that you don’t trust password ­managers at all—but most experts still recommend using one. If you feel otherwise, don’t start jotting your passwords down or let your browser “remember” passwords. Instead…

Buy a hardware encryption device such as Ubiquiti, which you have to plug into your computer to access your accounts…or an encrypted thumb drive where your passwords are stored.

Create an encrypted Excel sheet to store your credentials.

Consider a LastPass alternative. Do Google searches to see if they’ve been breached, and decide if their security meets your needs. Two well-regarded options: 1Password and Bitwarden.

If you’re leaving LastPass: Migrate all your data onto the new password-management tool, then change every password. In fact, periodically changing every password should be a normal part of staying organized.

Related Articles