Lastpass Customer? This is what you need to do

If you’re a Lastpass customer you may already be aware that they were breached late last year and their customers password vaults were stolen. If you aren’t familiar there are some great articles out there that explain what happened. Just Google “Latest Lasspass breach”. Sorry, there are too many good articles to list here.

A few people have reached out to me and wondered what they should be doing about this as a customer of Lastpass. I thought that was a great question and below I’ll outline the priority (based on my personal opinion) of what you should do to protect yourself from this breach.

Keep in mind that the list below is not comprehensive but will be a good starting point. Each person’s risk will be different from others, and it depends on the strength of your master password for Lastpass and what you kept in it.  Ultimately, whatever you stored in your Lastpass you’ll need to update and change that informationIt’s best to assume someone already has this information.

  1. Change your Lastpass master password now, assuming you haven’t moved on to a different solution yet.  The longer the password the better.  I recommend a minimum of 24 characters. You need to do this first otherwise anything else you do will be useless since a threat actor (bad person) can log in again and view all the changes you made.
  2. Increase you Password iterations to over 1,000,000. (As of today, industry recommendation is 600K). Password iteration is a method to further make you master password more complex and more difficult to crack.  Keep in mind the bigger the number the longer it takes to unlock your vault. I have mine over a million and it takes a second longer to open my vault, so it’s not too bad. The setting is located in Account Settings > Advance Settings.
  3. Change your main email password(s).  Like a lot of people, many of the services you signed up for are tied to your main email account(s), and often times reset passwords are sent to this email address.  At this point, and for any other accounts you’ll update, you’ll need to generate new backup codes, create new security question/answers, enable 2 factor authentication (if you haven’t already), and refresh your authenticator code generator.  The reason you’ll need to do this is I’ll assume that a threat actor may have logged in and copied the old information and may saved it to use to later.
  4.  Only after your email accounts passwords have been updated and protected you’ll need to change the passwords for these services next:
    Financial institutions: Such as Banks, Brokerage, Loan and tax services, and sites/services that hold your money, credit, and debt.  If credit and debit card info was stored in Lastpass you’ll need to request new cards as well.
    Health provider/services:  These can include medical, dental, vision, etc. services. The information on these accounts can be used to verify your identity.
    Utility Services – Information from these online accounts (Electric, gas, water, etc) may be used to verify your identity.  You may noticed that some places may request a utility bill as proof of residence or identity.
    Shopping and eCommerce:  Any shopping sites or services that stores your payment information (Amazon, eBay, Etsy, Doordash, Uber, etc).
  5. Eventually every password you stored in Lastpass before the breach will need to be updated, the sooner the better.  Use that time to check whether those services/accounts are important or useful otherwise close/delete/deactivate those accounts. This will help reduce your online footprint.  It’s difficult to verify that those services will  be permanently delete or remove your data, so I recommend that you should manually delete any profile information (phone number, address, etc) or change it to gibberish if possible before you “delete” or deactivate those accounts.

I’m sure there are a lot more things you can do to further protect yourself from the Lastpass data breach, but I hope this will help those who are looking for some structure or prioritization recommendations in their efforts to protect themselves.

Stay safe.

Switched to the Darkside

For the longest time I can remember I’ve been an Android phone user, but I recently switched to the new iPhone 14 Pro and I’ve been using it for 3 weeks. The reason for this switch was that I was looking for a more compact and smaller smartphone and the Samsung 21 Ultra and similar size phones I’ve been using have gotten unwieldy.  It’s due to being busier as my kids are now in sports and we are constantly driving them to practices and games.  Having a large phone sloshing around in my shorts or fumbling it in my hands while carrying equipment and camping chairs is annoying.

After the switch to the iPhone I really appreciate the smaller size phone.  It’s much more pocketable and it fits in my cupholder in my car, finally.  Switching to iOS wasn’t a big deal as I have other Apple devices throughout our household such as our iPads.

Overall, the iPhone switch isn’t all perfect. There are a few things that annoy me when compared to my previous Android devices.  First, the gesture navigation on Android is much better. Edge swiping to go “back” is consistent throughout Androidand it makes using the device one handed so much easier.  Second, notification access and management is much more simpler on Android. Lastly, Apple still uses the lightning port for charging.  This is the most annoying for me as we’ve completely switch to USB C at home. Chargers in my car has USB C and my laptop charges with USB C.  I rely on wireless charger when it’s available, and I refuse to buy a lightning cable out of principle and stubbornness.  Fortunately, the iPhone 14 Pro has good battery life, and so far haven’t needed an emergency recharge when I’m out and about.

Will I stick with iOS for the long term?  The jury is still out on that one.  But as of now I’m enjoying my iPhone and it’s simplicity and, more importantly, it’s compact size with all the flagship features other smaller Android phones don’t have.

I’m still around

It’s been over two years since I posted anything. I’m sure there’s no need to explain what happen since, but I’m still around. Life is slowly getting back to normal.

I’ll be back. I promise.

Water Upgrades

If you’ve ever washed your glassware and let it dry and end up getting a white cloudy substance that coats it? That’s the dissolved minerals in your water which is referred to as Hard Water.   You may see it on your faucets, shower doors, and anything that can get wet from your water at home.  Our previous home was not far away, so we use the same water company and the hard water broke one of our coffee makers within a year, and it also broke our ice maker from our fridge. The mineral buildup was difficult to scrap off. Using harsh chemicals wasn’t an option.  I ended up getting a water conditioner (rather than a true water softener).  The conditioner didn’t soften the water. The conditioner gives the minerals an ionic charge that prevents it from clinging to itself.  You still get those white spots, but it was much easier to clean off.  Wiping it with a paper towel was all that was need to clean it up.

I recently installed a water softener for our new house.  It’s awesome and it has been great. I wish I did it when we were living at our old house.  South San Jose is notorious for its hard water.  According to the USGS Website water with dissolved calcium and magnesium of 7 gpg (grains per gallon) or 120 ml/L (milligram per liter) is considered hard water. According to our water provider, Great Oaks Water, their water hardness is 18 gpg (grains per gallon) or 307.8 ml/L (milligram per liter.)  That’s the over 250% over those values.

If you’re struggling to clean up the water spots from your faucets and dishware or your appliances getting clogged up with mineral deposits I highly recommend a softener.  There are other benefits such as softer skin and hair.  I find myself using a lot less lotion, soap, and shampoo.  I have a Fleck 5600STX 64,0000 Grain system that I purchased from Amazon, and I got a plumber to install it.  The system requires me to add a 40 pound bag of salt each month.

 

Lawn Trouble

When we finally moved into our new home we noticed the grass was dying.  It seems the previous owner might have stopped watering it after we went under contract.  I had no knowledge of how to care for a lawn, so I did the next best thing.  Watch a bunch of Youtube videos on how to do it.

I got some tools, lawn soil, and grass seed.  I raked away the dead grass and turned up the dirt where there was no grass.  I added some new lawn soil, spread and mixed in the grass seeds into the soil.  I watered it everyday and I started to notice some of the seeds beginning to germinate, but I was disappointed at the rate and sparse growth.

One early morning my wife noticed that we had a few little birds hanging out in our backyard.  Curious to see what they were up to I opened the sliding door to my yard and when I took a few steps onto the lawn, and in that moment, several dozens of little birds flew away.  I was shocked. These little birds were feeding on all the grass seeds that I have spread over my lawn past two weeks.  So back to the Youtube videos.

I spent about 10 bucks at Lowe’s and bought a plastic decoy Great Owl to be used to scare rodents and birds.  I was hoping they had a more menacing raptor but from what I read these Great Owls are quite the predator.  I set the plastic Owl on the kid’s play structure and moved it around the backyard every few days.  I’m not sure if this decoy is working or if the cold weather is keeping the birds away.  Anyhow, over the next two months the grass began to grow and it’s been looking a lot greener.

The pictures below will show the 3 month difference.

Dead grass
Dead Grass
Green grass
Green grass

New Year and New Changes

It looks like my yearly blog post is due.  I’ve been meaning write more posts but I’ve been busy and being lazy.  2019 was a busy year to say the least.  My family and I bought a new home and sold our old one.  It was quite the ordeal, but in the end it was all worth it.  In December I got a promotional opportunity at work which I accepted and will start in a week. The most exciting news was the birth of our 4th child, a daughter.  It was a total surprise as we choose not to know the sex of the baby during the pregnancy.  We currently have 3 wonderful boys, so we are thrilled to have a daughter.

I’m not making any promises, but I’ll try to at least make another post before this year ends.  Since moving into our new home I’ve been busy dealing with home issues and home upgrades.  I’ll try to write something up about them on this blog.

Passed my CISM Exam!

After about 3 months of studying I finally took my CISM exam and passed. It was tough. It was a lot tougher than I expected even with all the studying I put in. The CISM focus on mainly on management, so it required a different style of thinking compared to many of my other technical certifications I’ve taken.

If you’re thinking about getting your CISM certification I highly recommend the following book. It’s a lot easier to read than others, and it comes with a great practice test software.

(The book is not an ad nor do I get anything out of it for mentioning it. It’s just a great resource if you’re studying for the CISM exam.)

Hard Drive Encryption

I have an old desktop at home that my wife and I use. It’s going on 5 years and it does everything we need from photo editing and gaming. But one of the things that bothered me is that my hard drive isn’t encrypted. As a cyber security professional it bugged the hell out of me. Over the past few weeks I had to buy a TPM (Trusted Platform Module) chip that was compatible with my old motherboard. For those tech nerds, I know I don’t need one, but I wanted to use Bit Locker encryption without using a USB stick and PIN every time I boot up my computer. Anyhow, I bought one on Amazon, and I spent 4 hours trying to get it to work, but it turned out to be incompatible even though the manufacture stated it would work. So I ended up returning it. After some Googling efforts I learned that I needed a TPM module with a specific firmware version that worked with my motherboard. So I scoured eBay and found a seller who had one in stock. After a week-long wait I got my TPM chip and now my desktop hard drive is encrypted.

For those who aren’t familiar with hard drive encryption I’ll try to break it down as simple as I can.

For people who have a desktop computer it tends to be their primary computer where they store everything on it from personal family photos to work related documents. Most desktops don’t have encrypted hard drives as most manufacturer don’t believes it’s a necessary feature. This means that, for some unfortunate reason, if someone stole your desktop all the information on the hard drive on that computer is easily accessible. Even if you have a 25 character password for your Windows login. If a thief was interested in the contents of your drive they can pull out the hard drive and plug it into a different computer system and read all the files stored on it. This can be scary if you store sensitive information on it such as your social security number, credit card information, and other personal information.

Most modern laptops today have encrypted hard drives as they’re more mobile and easier targets of theft compared to desktops. Thieves will have a very hard time accessing the information of your laptop due to it’s encryption. Unlike desktops, the hard drive is bound to the motherboard. So if a thief pulls the hard drive and plugs it into another computer they wouldn’t be able to access any information on it. They would need to have special encryption key stored within the original motherboard. There’s a special chip call a TPM where that key would be stored.

Again, I don’t want to get too much in the details but having encrypted hard drives is critical in keeping your information secure even if it’s a desktop computer. If you have a Windows computer and your C drive has a padlock image that looks like the one below it means your drive is encrypted. If not, then it’s no encrypted.

Go ahead, and check on your Windows laptop or desktop computer. Is it encrypted?

Poop In the Toilet

One of the biggest milestones as parent is seeing your child poop or pee in the toilet for the first time.  My second oldest son has finally done it.  He’s over 3 and half years old and up until yesterday I didn’t think he was ever going to stop wearing his diaper.

Now that he’s a “Big Boy” I guess my wife and I will have to plan a Disneyland trip; an incentive for his potty efforts.

Avengers Infinity War

The hype is real.  10 years in the making with some great and not-so-great films leading up to the arrival of Thanos to gather all the Infinity stones to be come a god.  This movie can only be truly appreciated if you invested in previous Marvel movies. They somehow managed to squeeze all these star studded casts and characters without bogging down the plot or create some weird disorienting story line.  It’s hard to talk about the movie without spoiling it. All I can say is that I enjoyed the movie from the opening screen till the end credits.

Rating: ★★★★★★★★★½