LastPass
This week I finally bit the bullet and researched online password managers. The sad fact is that I’ve been using the same two passwords – one for secure sites like banking and one for social sites like Facebook – my entire online life and that’s just bloody stupid.
After doing some research on the whole world of password management, I realize I had some requirements:
- Free
- Portable
The service I decided on was LastPass – which has plugins for major web browsers – and holds your password vault online rather than your own physical location. To use the product you simply install the plugin for your web browser, log into the LastPass plugin, and then surf as usual. When you go to a website that you log into, LastPass offers to save the site – with username & password – and then whenever you go to that site in the future it attempts to log you in. Additionally, whenever you change your password on a saved site, LastPass confirms that you want to save this new password so there is no manual updating of the LastPass system. They also have mobile apps you can purchase (as a Pro user) or a mobile website for a basic user.
I went through and changed all my passwords using a password generator – so none are identical or similar variations – and now rely on the LastPass system to log me in. I used it exclusively today and it worked brilliantly. It also has a password generator built into the application that’ll create a random string of characters based on your specifications whether it be special characters or specific character counts. It’s interface is intuitive and simple – which is good because I goofed and changed my mind so often I had to be able to do the process repeatedly without much work or I would have abandoned it.
In case you worry worts are already shaking your heads before visiting the site to check it out, here’s the security info [via Lifehacker] on the whole shebang:
The short version of LastPass’ safety and privacy setup, and its technology is that the only thing stored on LastPass’ servers is a heavily encrypted bundle of your passwords and the sites they belong to—a form of host-proof hosting. They don’t have the encryption key to your passwords (only you do), and the encryption and decrypting all takes place on your own computer, where a backup copy of LastPass’ records is always kept. If LastPass became evil, or got hacked, the nefarious doers would have to buy one of Google’s server farms to break into its users’ passwords.
