Friday, May 16, 2014

App of the Week - LastPass

It seems like every week there's a new "threat" we have to worry about. The latest Heartbleed and Internet Explorer vulnerabilities are just 2 of the latest examples requiring us to be vigilant with our passwords. "Change your password" they tell us, but that's easier said than done. Mozilla did a study of volunteers that saved passwords in Firefox some time ago. From the volunteers, more than 30% used less than 3 different passwords. People are still using common passwords like 123456 and password. But even more complicated passwords involving substitutions such as "dr4mat1c" and phrases like "Iloveyou" are getting easier for hackers to crack as computers get faster and the software they use more sophisticated. According to InstantCheckMate, an expert hacker can crack the average password in under 3 minutes. So what's to be done?

Safest Passwords

The safest passwords to use are those that are completely random, use combinations of numbers, letters and special characters and are 8 characters or more. "d2#-.6hGr,!oP2" would be a good example. Next, you need to use a different one for each website. Plus, you shouldn't write them down, put them in a spreadsheet or word document (even if they are mixed with bogus ones or translated in some way), and definitely don't write them on the front of your laptop with a sharpie like a friend of mine! This is where you need help in the form of a Password Manager.

Password Manager

A password manager is a small app or program which helps you remember all your passwords, and more importantly, which password goes with which site. There are many different password managers and since you're trusting it with your most sensitive information, it's important to pick a trustworthy one.

One that we used to recommend is RoboForms which has been around for years, but technology changes so rapidly we have changed our recommendation now to LastPass.

LastPass

TechnoRV loves LastPass. Here's why:

  • It is secure, used by millions of people, and is FREE!
  • It will automatically generate a REALLY complicated password for you
  • It will remember which website a particular password belongs to. When you next visit that site it will fill in both the username and password for you
  • It will "learn" your passwords as you visit your websites and enter your information
  • You can store all your important information such as safe combinations, medical and financial information as encrypted "Secure Notes"
  • You Can enter your credit card information, shipping and billing addresses and save them as a profile which it will then automatically fill in the correct fields for you when you're internet shopping.
  • There's a paid version which runs on your Smartphone and gives you access to your LastPass vault
  • You can access your LastPass vault from any computer connected to the internet

When you use LastPass, you only have to enter your master password once to "unlock" your digital safe. Just make sure your master password is a good one. Phrases of random words with substitutions is a good idea, for example Beer*W1ne-Cider!.

Is LastPass Safe?

First of all, nothing in life is guaranteed, except death and taxes. Having said that, I'm comfortable with their level of security (a hacker is welcome to my overdraft!). It's up to you what level of security you deem acceptable.

Here's some of its security features:

  • AES 256-bit encryption with routinely-increased PBKDF2 iterations (techno-speak for pretty awesome)
  • All sensitive data is encrypted and decrypted locally before syncing with LastPass which means that if someone hacks the LastPass servers, they will only be able to see your heavily encrypted (scrambled) data.
Just a couple of safety tips. In LastPass settings, be sure to tell it to log you out when your browser closes and after a set period of inactivity. You can also disable logins to your account from everywhere except the United States.

How To I get LastPass

Simply visit www.LastPass.com and sign up. You'll then download a file which will load a plug-in into your browser (we recommend using Google Chrome). You'll then have to sign-in with your LastPass username and password and start browsing.

Summary

We use LastPass all the time and think it's great. Both Tracey and I share the same LastPass account so we can always get to each other's information. This is important because if something happened to me I want Tracey to be able to access all our financial sites. More importantly, it's dynamic, so when we have to change passwords, LastPass always has the latest version. I can truly say it has made at least one aspect of our life a lot easier.




3 comments:

  1. What if you use a password manager such as LastPass and then later choose to use a different password manager. Will LastPass hand off the passwords for various sites so the new manager can access them? Presumable the user will not know the specific random passwords generated by LastPass. Or will he?

    ReplyDelete
    Replies
    1. I also have been using LastPass for several years now. I can't answer about your request of "handing off the passwords. But I do know that you the user have complete access to all your passwords, and you can view them all if you wish. I like Phil, highly recommend LastPass.

      Delete
  2. Hi Myron, you can export your passwords from LastPass as a CSV (comma delimited file). Most other password managers will accept this format, as long as you get the heading names correct. You can always look up your passwords in LastPass.com, even if you don't have the app loaded on your computer, that way you can "teach" your new password manager your passwords (this is how I moved from 1PassWord which I used to use on the Mac).

    ReplyDelete