Around a month ago my long-time client Steve Dasseos of http://tripinsurancestore.com asked me to review the password management service LastPass for him and let him know whether he should encourage all his employees to use the service. LastPass is a utility program that helps you keep track of the various passwords that you use all over the Internet without ever losing them, provided you have a master password to control the LastPass interface. Once you install the program (and the associated Google Chrome or Firefox plug-ins and add-ons) it automatically takes an inventory of all your login information and arranges them in a proper order. In case it is unable to locate the login details of a particular website it asks you when you’re trying to login whether it should save the information for you for that particular website. It can also generate a new, very strong password for you and save it for you in case you find it difficult to come up with highly secure passwords. Although I don’t advise this – you should always create your own passwords and store them somewhere safe, just in case.
Along with passwords it also saves your credit card information, your address, and any other information that you regularly enter using Internet forms. Here is a video explaining why you should use LastPass.
The information that you store in LastPass is as secure as possible (you can never be 100% sure) as it uses AES 256-bit encryption with routinely-increased PBKDF2 iterations (basically it means, very, very secure).
There is a free version and a paid version. You can also use the service on your mobile phone.
Why would you use LastPass?
Personally, the biggest reason why I would use LastPass is to create different passwords for different websites but still log into them without any problem. So far, this is what I had been doing:
- Come up with a strong password for a website
- Store the password in an Excel sheet that is secured by a master password
- Open the Excel sheet whenever there is a need to log into the website
- Quickly go through the list of scores of passwords that I have stored
- Enter the password and login
As you can see, it involves multiple steps and sometimes these steps can be a deterrence. Although there is no substitute for full security (especially when hackers can get access to your sensitive financial information and steal money from you or destroy your online reputation), if there is an easier alternative, why not use it?
When you start using LastPass you don’t need to track individual passwords. All your passwords are saved under individual website names. When you click on the relevant field, the related drop-down appears on its own and you can click the appropriate website and all your login information appears magically. Why this is cool? Sometimes in order to avoid logging into a website again and again (for instance Facebook, if you’re checking your messages 10-15 times everyday) you keep yourself logged in and hence leave yourself vulnerable to hacking. If you know that you can easily login back without much fuss, you can log out immediately after checking your messages and doing whatever you do on that particular website.
Another problem is sometimes we create a single password that we think is quite strong and then we use that password across multiple websites, sometimes, across all the websites we use. It is recommended that every website should have its own password but we don’t care much unless something really shitty happens. The problem with using a single password is if a person has access to that particular password, he or she has access to all the websites you use. Having different passwords for different websites means that even if one account is compromised, your other accounts are safe.
The same goes with your credit card information. Sometimes, if you do lots of online shopping, you leave your credit card details somewhere easily accessible. Instead, if you use LastPass to store your credit card details (as mentioned below, these details are stored locally, fully encrypted) you just need to click an icon and all the details are filled in.
Are you giving access to all your passwords to LastPass?
Does LastPass have access to all your passwords? No, and I think this is the strongest point of using this tool. All the information that you are storing is encrypted and decrypted locally before it is synced with your LastPass account. The data always remains with you.