How to delete your LastPass account

 

As most are aware, LastPass has been hacked and the hackers have you vault. Gaining access to the vault may be exceedingly difficult but the link below provides a method to delete your account.

https://www.tomsguide.com/how-to/how-to-delete-your-lastpass...

--
John from PA

Thanks

Thanks. I've printed out the instructions should I decide to backup, then delete my LastPass data and account.

For now, I'm sticking with the free LastPass account, although I have changed and strengthened my Master Password.

The other things that I do as a Line 2 and 3 of defense are to have alerts set with my financial accounts and credit cards, and also to use 2FA with all accounts that offer them, as annoying as they can be if my cell phone is turned off or being recharged in another room.

IMHO

My guess is that if the hackers have your vault info, what's the point of deleting the vault now? It's kind of like closing the barn door after the horses have run out.

And I seriously doubt that if you delete your vault that the company really deletes it from all their backups, etc. so it's still "out there".

--
I never get lost, but I do explore new territory every now and then.

my understanding

is LastPass has been hacked, and the contents of the vault are never available, and, LastPass does not have the contents of the vault.

I could be wrong, but that's my understanding.

How many times has amazon, bank of america, etc. etc. been compromised? But it's not the same such as in 2000, when a kid in our marketing department literally downloaded 500k+ people's SS and DOB onto a USB drive, and lost it at a conference. Those days are long gone.

Another analogy that may or may not be similar. If my home has been broken into 3X, in order to prevent theft, I'll incinerate the entire contents as a precaution lol

Most people who have firearms have it inside of a safe, so that fire, thieves, etc.,, can't get them.

There are a lot of phishing and smishing going on and sometimes we need to stop and evaluate things for ourselves.

that's right

KenSny wrote:

My guess is that if the hackers have your vault info, what's the point of deleting the vault now? It's kind of like closing the barn door after the horses have run out.

And I seriously doubt that if you delete your vault that the company really deletes it from all their backups, etc. so it's still "out there".

The co. doesn't have this information themselves, meaning, you can't ask LastPass to send you a copy of what's in your vault. They don't know. Just as you can't call your IT Admin to email your password to you, they don't know it. They can delete your account, or they can reset your password, but that's it by design.

The 2 Best Actions For Continuing LastPass Users

Without your LastPass Master Password (the encryption/decryption key, which doesn't leave the device you're using, thus not available anywhere else), only those with a weak Master Password really need to worry. If you fear yours is vulnerable to being cracked, by all means, go revise your Master Password ASAP, then all stored passwords for every site, starting with those high value targets related to finances and PII (Personally Identifiable Information).

The 2nd important step is to open your LastPass Vault via a web browser so you can access your Options Menu. Under General Options, scroll down to (or select) Advanced Options, where you're looking to raise the Number of Iterations from earlier defaults of 500 or 100100, to something significantly higher (310000 was a recently recommended value from a knowledgeable source). Follow subsequent instructions, which need only a short time to complete and expect to log back in when prompted.

it is all about following

it is all about following directions, isn't it? If u set it up properly u have a lot less worry.

Interesting read from some experts

--
John from PA

Some more commentary about LastPass

See https://www.usatoday.com/story/tech/2023/01/19/password-mana....

Interesting point that prior to 2018 many people may have had a very short and somewhat insecure master password and that password carried over to the newer versions of LastPass. Those vaults may be relatively easy to crack.

--
John from PA

The problems and merits of LastPass

In case anyone is interested in an article on the LastPass issue that provides a good discussion of the subject, and personal recommendations for action(s), I suggest going to:

https://askleo.com/lastpass-breach-2022-my-recommendation/

The author is a professional programmer who has been using LastPass himself for years. He has a mailing-list blog and a web site (AskLeo.Com) that covers a wide variety of computer-related subjects. I have found his articles very useful for some time.

FWIW, Leo is a Microsoft Alumni who focuses on Windows machines, but he also does a monthly podcast in partnership with the operator of MacMost.Com, who specializes in Apple subjects. I do not have a Mac, but I do have an iPhone and an iPad, and I have found MacMost.Com to be a really, really useful source of info and tips for those devices.

So AskLeo has been directly and indirectly beneficial for me in multiple areas.

- Tom -

--
XXL540, GO LIVE 1535, GO 620

Not all user metadata was encrypted

It seems that a significant amount of user metadata wasn't encrypted. About the only thing missing is your mother's maiden name. Significantly; they got an unencrypted list of all of your websites stored in the vault, making phishing significantly easier.

From https://blog.lastpass.com/2022/12/notice-of-recent-security-... "...the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.  

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data..."
Mark

Good info., was not aware of

Good info., was not aware of this. Hopefully Keepass is/stays secure.

Keepass

sunsetrunner wrote:

Good info., was not aware of this. Hopefully Keepass is/stays secure.

Keepass is a great password manager for folks with just one device or for folks with multiple devices willing to have Keepass on a USB stick. I just added it to my PC as a backup to bitwarden and really liked its ability to import my old LastPass vault. The Keepass vault is not in the cloud which is a plus from a security standpoint but a minus if using it on multiple devices unless kept on a USB stick. At least, that's my current understanding of the issues involved.

Since I want my manager available on more than one device, I use the free version of bitwarden as my login aid to websites.

Both the Keepass and bitwarden are recent additions after a strenuous effort in upgrading/strengthening individual passwords from LastPass and removing old logins no longer needed, then dropping my LastPass account.