[Reading time: 2 minutes]


Since my recommendations on how to deal with the recent LastPass breach (here, here, and here), I’ve continued to receive feedback and questions. Thanks to everyone who got in touch.

Looking back on these questions, I see the emergence of a dirty little secret:


Despite the breach, you are not going to reset every single password that you had stored in your LastPass vault.

In response…

I can tell you that you must do it. [OR]

I can accept that you won’t do it.


So, if you won’t reset everything, will you do the next best thing?

Of all the information that you stored in your password vault, up to 95% of it is probably of little value to all but the most determined cyber criminals.


So, focus at the 5% of data that could be valuable.

The passwords to your ‘crown jewel’ accounts could be valuable to the bad guys – e.g. email accounts; online bank accounts; social media accounts; work accounts.

Even if you can’t see an obvious value right now, a bad guy accessing one of these accounts could cause you a problem in the future.

This may be a low likelihood event. But it could have a high impact.


So, tonight and for the remainder of this week, instead of spending 5 minutes trying to find something to watch on Netflix*, give someone else the remote control while you get on with the job of resetting the passwords on some of these accounts. You’ll have done a couple before the end of the opening credits.


How do you eat an elephant?

One bite at a time.


* Don’t forget to reset this password too – Your login credentials are worth a few dollars!