I have several layers of protection on my most important accounts. In short, I use the following secure features:
- Each account has a unique random password which is generated and stored in my Lastpass Vault
- Lastpass requires Email authentication to login to a new device
- The email I use for Lastpass has two factor authentication with my personal phone
So in order to steal my data you would need to:
- Randomly guess the password for my email account. If you make too many wrong attempts, any half decent website will lock your account for a few minutes. This means repetitively entering in passwords will not work. If my password is 10 digits long, where any character can be one of 96 possible characters on a US English keyboards, you are looking 6.65e19 possible combinations (66.5 quintillion in American English). If the website allows 3 wrong passwords in a 5 minute period, it would take over 2.1e14 years to guess every possible password on that one website. It doesn’t just lock out from that one device, it blocks ALL attempts from all clients for those 5 minutes. Random guessing and checking is simply not going to work.
- Randomly guess the password for my Lastpass account. Same math. This is not going to work.
- In the highly unlikely event where you randomly guessed my Lastpass password, and also my email password, you also need to have my personal phone on your person in order to access my account.
Don’t even try. It’s not worth your time.