Online Passwords And LastPass

Previously:
Passwords: computer login
Passwords: e-mail
Passwords: Google Accounts & Windows Live ID
Password: password managers

lastpasslogoLastPass will help you manage all of your online passwords. You should learn about it, install it, and use it every day. This is seriously good stuff.

LastPass is a free program that memorizes each password typed into a web site and automatically fills it in when you return to the same site. Once it’s up and running, the master password for LastPass is the only password you have to remember.

The feature that makes this genuinely exciting: your passwords are stored online (safely). You can use LastPass on more than one computer – an office computer, a home computer, a notebook, a netbook – and your passwords will be automatically filled in on all of them.

The program works with Internet Explorer, Firefox, and Chrome; it works on Windows, Mac, and Linux; and there are optional ways to connect with your passwords from an iPhone, Blackberry, Windows phone, or Android phone. Your passwords will be equally available on all the platforms, all guarded by the strong master password.

Although it requires a certain amount of trust to put all your passwords in one place, the architecture of the program is clever and reassuring. There is a strongly encrypted file on your computer with your passwords; it is the encrypted file that is then copied online, to sync with other computers and devices. Your passwords are only decrypted on your local computer, never on the LastPass online servers. (In fact, LastPass does crytographic magic to ensure that your passwords cannot be decrypted on their servers under any circumstances, even if their servers were stolen.)

After installation, you’ll create your online account and strong master password. The program then imports any stored passwords from Internet Explorer and Firefox, plus Roboform, KeePass, and several other password programs if you’ve been using them.

You’ll see a small button appear in Internet Explorer, or something like it in other browsers. The button turns red when you’re logged into LastPass, and provides access to many program features from a dropdown menu.

lastpass1

You’ll seldom have any reason to click on the button. Instead, when you log into a password-protected web site for the first time, LastPass will display a bar at the top of the page asking to memorize the password.

lastpass2

The next time you visit the site, the user name and password will be filled in, on every computer logged into your LastPass account.

If you come to trust it – and I have – you can step up your online security in an important way: you can use a different, complex password at every site. As long as the program remembers them, you can use passwords like Us24JSyo and koT43Ie9 with confidence. Why not? Those were generated by LastPass, by the way, using a feature that automatically creates a new complex password on demand when you’re creating a new online account.

Housekeeping chores are primarily done in a web browser in “My LastPass Vault,” where passwords can be displayed, edited, and categorized.

lastpass3

There are additional features for security and portability. The program can be loaded onto a USB drive; passwords can be exported to a text file to allay any fear that the program might not be available someday; and passwords can be shared with friends securely. Some people demand the security of two-factor authentication, where a password has to be matched with a second form of identification – physical possession of a SecureID token or the ability to receive a text message, for example. LastPass intends to support more methods of two-factor authentication in the future but already supports Yubikey, a popular USB key that takes security up to a very high level indeed. (Basically, no one could log into your LastPass account and gain access to your passwords unless they knew your master password AND had physical possession of the Yubikey on your key ring.

roboform It’s worth noting that Roboform has been doing the same kind of password management chores for years and has earned a devoted audience. It is testing the same kind of online syncing, although it is not yet part of the official Roboform product. I’ll be honest: I haven’t used Roboform. Every time I’ve looked at its web site and screen shots, I’ve seen clutter and clumsiness, not inspiration. When I looked at LastPass, I was instantly attracted to it, a feeling that has only deepened as I’ve used it.

Mainstream media, serious web sites, and bloggers have all declared LastPass to be an essential, reliable utility. I’ve been using it for the last couple of months and it truly feels like a game-changer, the answer that so many of you have been looking for.

I encourage everyone to consider it! Like any program, you should plan to spend some time learning about the program and how it works after it’s installed. Once you’re up and running, you’ll quickly begin to feel far more relaxed online without the pressure of remembering dozens of passwords.

If you start using it, you just have to promise to do me a favor: don’t forget your master password!