Tips for Hardening Your LastPass Account

LastPass is a great service, one I don’t mind paying for because I know the value obtained and time it saves, it’s worth it. It’s nice to be able to generate reliably secure passwords with easy and save them to a secure encrypted online vault.

The security of the LastPass Master account will be of the utmost importance, as these are the keys to the kingdom. Therefore, enabling a few features in LastPass can make your account much more secure. Some of these features might require additional setup outside LastPass, additional hardware/service, like the Yubikey, and/or Premium/Enterprise subscription, which can occur costs.

Country and Tor Restrictions

To start, let’s allow only logins to your LastPass account from select countries. Countries you know you will require access to your LastPass account. Also, disallow logins from VPN/Anonymous proxies and Unknown locations.

Click Show Advanced Settings if you don’t see the options in the screenshot below.

Disallow logins from Tor networks is a separate option.

LastPass Security Options

Adjust your security preferences as you see fit.

Two Factor Authentication

Enabling Two Factor Authentication (2FA) to have a physical device like YubiKey or virtual authenticator apps like LastPass Authenticator. Free accounts can use only virtual tokens.

LastPass Multifactor Options

Without providing the access code and credentials, access will be denied to the vault and account.

LastPass supports an array of 2FA methods. LastPass’s own authenticator. Salesforce. Google and Microsoft authenticators. Grid, a paper password type system. Smartcards, fingerprint readers, and more.

Session Management

LastPass has settings for auto log-off of other devices on login, preventing a session trail.

Proactive Steps

Click the Destroy sessions button under the Tools heading, this will open another tab to Your Active LastPass Sessions page.

Feb 9th, 2019 • Posted in Best Practices, Management, Security
No comments yet.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>