The LastPass security incident requires action from all LastPass users. It is an unfortunate situation which has affected over 25 million users. For more details about the data breach, read Sound Support’s thorough article, LastPass Security Breach: Here’s What to Do.

*If you’re not a LastPass user, scroll down the page to your section.

Steps To Take If You Are A LastPass User:

1. Change your LastPass Master Password to a new strong, unique password. Strong passwords contain 12 characters or more and are unique. Unique means that each password is used on one website and one website only. Do not reuse passwords you've used previously. For instructions, read the LastPass blog post: Change Your LastPass Password.

2. Enable multifactor authentication for your LastPass account if you haven't already. For instructions, read the LastPass blog post, Manage Multifactor Options in Account Settings. Choose either the Microsoft or Google Authenticator.

3. Change all passwords listed in LastPass to new strong, unique passwords.

• Priority: Change passwords of high value accounts:

  • Your Apple account (iCloud)

  • Email

  • Financial

  • Healthcare

  • Government (i.e. tax, driver license, social security, etc.)

  • Social Media

• Secondary: All other accounts

4. While changing passwords for your accounts, also turn on two-factor authentication (2FA) if the option is available. 2FA is highly recommended. It is an additional layer of security which makes it more difficult for unauthorized users to gain access to your account. When enabled, you will be required to enter both your password and a temporary code each time you log in to your account. The temporary code is sent via text message to your mobile phone or via email.

5. Decide if you wish to continue using LastPass or switch to another Password Manager.

Steps To Take If You Are Not A LastPass User:

As the tech landscape keeps evolving, it's crucial that we secure our online accounts with strong, unique passwords. Here's how and a tool to help you.

1. Update the passwords for all your online accounts to 12 characters or more. Strong passwords are long and unique. Unique means that each password is used on one website and one website only. Do not reuse passwords you've used previously.

2. As it can be challenging to come up with passwords, a free web tool such as the 1Password Strong Password Generator can help make the task a little easier. For password type, chose either Random or Memorable Password.

If you select Memorable Password, check both boxes: Capitalize and Full Words. Add your own numbers, symbols and other types of punctuation.

3. While changing passwords for your accounts, also turn on two-factor authentication (2FA) if the option is available. 2FA is highly recommended. It is an additional layer of security which makes it more difficult for unauthorized users to gain access to your account. When enabled, you will be required to enter both your password and a temporary code each time you log in to your account. The temporary code is sent via text message to your mobile phone or via email.