These types of attacks are typically motivated by financial gain, and if that’s the case here, the cyber criminals will first target your financial accounts with the passwords they obtain. This is yet another reason to ensure that you have two-factor authentication enabled wherever it is offered. Why prioritize my email and financial accounts?Įmail is often used for password resets, therefore gaining access to your email account is tantamount to gaining access to those accounts registered under your email address. Monitor your financial accounts for fraudulent transactions. Reject any two-factor prompts that you did not initiate. Instructions for changing your HarvardKey password.Įnsure that two-factor authentication is enabled on these accounts. Otherwise, your passwords stored in LastPass may be at risk, and we recommend the following four steps:Ĭhange your LastPass master password, using 12+ randomly selected characters (from the full 94-character set) or 5+ randomly selected words (e.g., “method frame carpet green willow”).īegin changing your stored passwords, prioritizing your email, financial, and Harvard accounts. If your master password was strong (i.e., 12+ randomly selected characters or 5+ randomly selected words), then it is highly unlikely that your LastPass vault can be accessed. Since the cyber criminals now have a copy of customer vaults (as they were in November 2022), they are probably attempting to crack these master passwords to gain access to the passwords stored within.
This attack was not specific to Harvard, but rather affects much of the LastPass customer base.Ī LastPass password vault is encrypted with a master password known only to the account owner.
On December 22, LastPass notified their customers of a cyber security incident that may put your stored passwords at risk: a copy of their customer password vaults was stolen in November 2022. Update : The Information Security and Data Privacy team has selected 1Password as the preferred password manager for the Harvard community.
0 kommentar(er)
