If you use LastPass as your password manager, you need to make sure it’s updated right now. For most people, the update will be automatic. But if you’ve disabled automatic updates, you’re going to need to go in there and do it yourself. Go ahead — check and make sure it’s currently running version 4.33.0. We’ll wait.

All of this urgency is because the latest LastPass update fixed a security bug that potentially revealed login credentials that had previously been entered on a site. The bug was discovered and reported by security researcher Tavis Ormandy on August 29 and the company released their fix on September 12.

“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times,” LastPass wrote in a blog post about the fix. “This exploit may result in the last site credentials filled by LastPass to be exposed.”

They also noted that while the bug was specific to Chrome and Opera, they sent the update to all browsers.

What are password managers?

Passwords managers — like LastPass — allow users to create and securely store as many unique, strong passwords as they need. With one strong password, you have access to all of your accounts — no more trying to remember passwords and definitely no more reusing of passwords. Some even include a password generator, so you don’t have to worry about coming up with strong passwords yourself.

What does this teach us about good online security practices?

It would be a mistake to read this and think “Guess it’s time to ditch LastPass! I knew password managers were sketchy!” LastPass, like all online services, was created by humans. And sometimes humans make mistakes or miss a step or unknowingly create security gaps. You don’t stop using a lock on your door just because you forgot to lock the door once, do you?

There’s also no evidence that this bug was exploited, which signals that LastPass’ system for identifying and taking care of possible security problems is working the way it’s supposed to work.

If you’re still a little nervous about the whole password manager thing, there are other steps you can take for good online security. One is to set up two-factor authentication for as many accounts as you can. That way — unless you’re the victim of a SIM swap — your accounts have another layer of protection. Two-factor authentication requires a code sent via SMS or email in addition to a password to access whatever program or account it’s protecting. It’s one more step between a cyber criminal and your data.

The war between average humans and cyber criminals is a perpetual back and forth, with security researchers standing between and fighting back the hordes. No tool is completely infallible, but staying aware and keeping up with best practices is how you win the battles.