Guidance for LastPass Users Affected by Security Incident

Jan. 5, 2023

In August 2022, LastPass, the University's vendor for password management, experienced a security incident. During this incident, an unauthorized party was able to gain access to certain elements of LastPass user information. 

Given the additional information published in December 2022, the Office of Information Technology is recommending that LastPass Enterprise and Premium users take the following precautions:

  • Update your master password if it is shorter than 12 characters, has been reused on other sites, and/or is rated anything other than strong or very strong in the LastPass Security Dashboard. See this article for more master password best practices.
  • Change your passwords on sensitive accounts you have saved in your vault (e.g., banking, medical, email, etc.) and add multi-factor authentication where it’s available. Check out the 2FA Directory for information on popular sites that support multi-factor. 
  • Consider updating the remaining passwords in your vault. 

Please note that we will continue to monitor the situation and reassess the future viability of the product for use at Princeton.