With LastPasssPassword Manager,
you have to remember only one password and it is the master password to
access your password vault. That is why they advertise it as “Last
password you have to remember”, you got your answer that you’ll have to
remember only the master password while Lastpass takes care of all your
other passwords and even forms. This review of Lastpass password manager
for Windows, will tell you if you can trust it and use it.
It took a whole lot of months for me to decide to go for a password manager. Prior to that, I was storing all my passwords in an excel sheet that was renamed to look as a garbage document with no extension. Whenever I forgot password for any particular site (I was not using hard passwords at that time), I changed the extension and opened it in Microsoft Excel. But I was still afraid that someone might figure it out and all my data would be stolen.
I needed a free password manager so I went through the available options. The first one I used was a desktop version and I had to enter master password every time I had to login into any of the web services. Plus the fear of getting hacked and unknown people using my login data was too much for me to keep using the desktop password manager application. I researched a bit and found Lastpass, a cloud based solution.
Cloud Based Password Manager
Being a cloud based password manager, I had the option of accessing it from anywhere and on any computer in the world. I just had to remember my email ID and Lastpass master password to use it from other computers. This looked perfect so I went with it, with fears about the security lapses it might be having. What if somebody hooked up to Lastpass servers? But then, it is possible that someone can hack any site and steal the credentials. It is happening with many sites – LinkedIn, Yahoo and even Amazon!
It is a risk but it still makes your daily computing, much easier. You get stronger passwords and you don’t have to remember them. There are some problems too – which we will discuss in a while. As a cloud based free password manager, Lastpass is good – if not perfect. Speaking of perfect, nothing is 100% perfect when it comes to the Internet. Hackers keep on trying with different techniques and there is always a possibility of security breach that can reveal all you data to bad guys. What security measures does Lastpass take, then, to avoid being compromised? Let us check them out in the next section.
Security in LastPass Password Manager
Lastpass claims that no one knows your master password as it is not stored “as is” anywhere. It is hashed and the value of hash is stored so that Lastpass knows that you have stored the correct password. I do not know if any other word or combination can provide same hash (in which case, storing only hash is not much fruitful as others with similar has can access your vault). I invite you to comment on whether two different passwords/passphrases can result into same hash.
Lastpass claims it uses AES 256 bit encryption to store your other passwords in cloud. In their own words,
You have to remember. Nothing is 100% secure! A few years back, the LastPass website had faced a security breach. Then again, last year, a bug in LastPass’s Internet Explorer plug-in had exposed passwords of some users.
Features of LastPass
Before I talk of Lastpass features, let me inform you that there are both free and paid versions of Lastpass. In this article, we are talking only about the free version of Lastpass, the cloud based password manager.
The feature I like the most is the password capture. When you sign up with a new website, Lastpass prompts you to ask if you wish to save that password. If you say yes, you will get a dialog box to save the credentials and whether to autofill or autologin. If you have more than one account for a website, you can still store passwords separately on Lastpass. In other words, it supports multiple accounts for almost all kinds of websites. That helps a lot but make sure you do not select “autologin” (when saving password) as it will not give you a chance to select what credentials to use. If you already selected autologin and are not able to use other accounts, you can open Lastpass Vault and uncheck autologin.
Another feature is that it can capture entire process of signing in. For banks and similar institutions, the login process are bit different. Lastpass allows you to capture all the sign in process so that you can auto login there too. Once you have the Lastpass account, I recommend you view the Tutorials so that you know what all you can do to make your sign in easier.
Lastpass also has password generator. It auto detects when you are creating password and offers you suggestions if you go for it. The new passwords can be customized with symbols and numbers and you can also set a size for them. The best part is, once you have saved it, you do not need to remember it!
Finally, Lastpass lets you import your passwords from other password managers. It supports a variety of formats so that you do not have to manually transfer data. Simply select import and select the file from other password managers and all data will be imported without human intervention. Similarly, Lastpass also allows export of data just in case you wish to move to some other password manager like RoboForm etc.
Problems With LastPass
I did not find any problems with Lastpass except that some sites create problem while auto-signing in. Some sites have captcha and there, you have to close the Lastpass dialog after it fills the password. After closing the Lastpass dialog, you can manually enter captcha. Since the captcha changes every time you login, I do not think there could be any way to capture such logins.
Lastpass support is readily available on Twitter. Their handle is @Lastpass and they offer fast response. The above review of Lastpass is meant as a support in choosing a cloud based password manager for you. If you have any thoughts, please share.
LastPass review
It took a whole lot of months for me to decide to go for a password manager. Prior to that, I was storing all my passwords in an excel sheet that was renamed to look as a garbage document with no extension. Whenever I forgot password for any particular site (I was not using hard passwords at that time), I changed the extension and opened it in Microsoft Excel. But I was still afraid that someone might figure it out and all my data would be stolen.
I needed a free password manager so I went through the available options. The first one I used was a desktop version and I had to enter master password every time I had to login into any of the web services. Plus the fear of getting hacked and unknown people using my login data was too much for me to keep using the desktop password manager application. I researched a bit and found Lastpass, a cloud based solution.
Cloud Based Password Manager
Being a cloud based password manager, I had the option of accessing it from anywhere and on any computer in the world. I just had to remember my email ID and Lastpass master password to use it from other computers. This looked perfect so I went with it, with fears about the security lapses it might be having. What if somebody hooked up to Lastpass servers? But then, it is possible that someone can hack any site and steal the credentials. It is happening with many sites – LinkedIn, Yahoo and even Amazon!
It is a risk but it still makes your daily computing, much easier. You get stronger passwords and you don’t have to remember them. There are some problems too – which we will discuss in a while. As a cloud based free password manager, Lastpass is good – if not perfect. Speaking of perfect, nothing is 100% perfect when it comes to the Internet. Hackers keep on trying with different techniques and there is always a possibility of security breach that can reveal all you data to bad guys. What security measures does Lastpass take, then, to avoid being compromised? Let us check them out in the next section.
Security in LastPass Password Manager
Lastpass claims that no one knows your master password as it is not stored “as is” anywhere. It is hashed and the value of hash is stored so that Lastpass knows that you have stored the correct password. I do not know if any other word or combination can provide same hash (in which case, storing only hash is not much fruitful as others with similar has can access your vault). I invite you to comment on whether two different passwords/passphrases can result into same hash.
Lastpass claims it uses AES 256 bit encryption to store your other passwords in cloud. In their own words,
“We’ve taken every step we can think of to ensure your security and privacy. Using an evolved host-proof hosted solution, LastPass employs localized, government-level encryption (256-bit AES implemented in C++ and JavaScript) and local one-way salted hashes to give you complete security with the go-anywhere convenience of syncing through the cloud. All encrypting and decrypting happens on your computer – no one at LastPass can ever access your sensitive data.”I highlighted the last sentence above as it raises doubts that someone has to clear (preferably from Lastpass). If all encryption and decryption happens on my computer, does it make my password vault vulnerable by leaving traces of its actions?
You have to remember. Nothing is 100% secure! A few years back, the LastPass website had faced a security breach. Then again, last year, a bug in LastPass’s Internet Explorer plug-in had exposed passwords of some users.
Features of LastPass
Before I talk of Lastpass features, let me inform you that there are both free and paid versions of Lastpass. In this article, we are talking only about the free version of Lastpass, the cloud based password manager.
The feature I like the most is the password capture. When you sign up with a new website, Lastpass prompts you to ask if you wish to save that password. If you say yes, you will get a dialog box to save the credentials and whether to autofill or autologin. If you have more than one account for a website, you can still store passwords separately on Lastpass. In other words, it supports multiple accounts for almost all kinds of websites. That helps a lot but make sure you do not select “autologin” (when saving password) as it will not give you a chance to select what credentials to use. If you already selected autologin and are not able to use other accounts, you can open Lastpass Vault and uncheck autologin.
Another feature is that it can capture entire process of signing in. For banks and similar institutions, the login process are bit different. Lastpass allows you to capture all the sign in process so that you can auto login there too. Once you have the Lastpass account, I recommend you view the Tutorials so that you know what all you can do to make your sign in easier.
Lastpass also has password generator. It auto detects when you are creating password and offers you suggestions if you go for it. The new passwords can be customized with symbols and numbers and you can also set a size for them. The best part is, once you have saved it, you do not need to remember it!
Finally, Lastpass lets you import your passwords from other password managers. It supports a variety of formats so that you do not have to manually transfer data. Simply select import and select the file from other password managers and all data will be imported without human intervention. Similarly, Lastpass also allows export of data just in case you wish to move to some other password manager like RoboForm etc.
Problems With LastPass
I did not find any problems with Lastpass except that some sites create problem while auto-signing in. Some sites have captcha and there, you have to close the Lastpass dialog after it fills the password. After closing the Lastpass dialog, you can manually enter captcha. Since the captcha changes every time you login, I do not think there could be any way to capture such logins.
Lastpass support is readily available on Twitter. Their handle is @Lastpass and they offer fast response. The above review of Lastpass is meant as a support in choosing a cloud based password manager for you. If you have any thoughts, please share.
No comments:
Post a Comment