Apr 272014

Lastpass What is it

Lastpass is a cross-platform “Trust No One” password manager, That means no one can access you data not even employees of Lastpass. Lastpass is free to use in desktop web browsers but if you want access on a mobile platform you will require the premium version which cost $12 a year.

How to Install

Download the extension for your browser https://lastpass.com/misc_download2.php then create an account, you need to create a strong master password as this will be used to secure your data.

Once installed you will see an asterisk symbol net to the address bar, once logged in you can access various settings along with your vault which is where your passwords are stored. When you login on a website you can click the asterisk symbol which should appear in the login boxes and if you have saved any details you can select them otherwise type in your details, you should then get a bar appear at the top asking if you want to save your details (say yes).

Secure passwords

Lastpass can be used to generate very secure passwords, there is an option to do this from the drop-down menu on the password field. You can set password length, special characters, how many digits are used as well as an option to avoid ambiguous characters so its easy to read if need be. I recommend a password length of at least 16 characters if the site allows it.

The passwords in your vault are synced to all your computers and mobile devices. Lastpass vault is stored in an encrypted form that cannot be read without your master password. There are options to increase security further and i recommend the following: Only allow logins from your country, Disable logins from Tor network, kill other sessions on login, keep track of login and form history, automatically log-off when all browsers are closed (0 mins) and automatically log-off after idle (15 mins). You will also find an option to use multifactor authentications, this requires a second form of authentication the first time you login on a new device. There are several methods of multifactor authentication, i use Google authenticator.
Lastpass provides a QR code that can be scanned using the Google authenticator app.

Password audit

Lastpass can run an audit on all your passwords and report how secure everything is, it checks to see if you are using the same password more than once and also any that require strengthening. They have now added an option which reports if the site was affected by heartbleed and whether you should change your password.