If you’re a LastPass user, you’re being prompted to install an updated toolbar. You’ll be installing LastPass version 2.0, with a few interesting new features and improvements to the browser interface.
Passwords are as important to your security as antivirus software. LastPass gives you the confidence to use complex passwords and to choose a different password for each site that requires authentication. It takes some time to learn to use LastPass basic functions effectively, and even then you might only be scratching the surface. In the next few articles I’ll give you an overview of the program and call attention to some features that you might have overlooked.
Let’s start with the basics for people who might not be familiar with LastPass.
LastPass is a free program that memorizes each password typed into a web site and automatically fills it in when you return to the same site. Once it’s up and running, the master password for LastPass is the only password you have to remember.
LastPass can be installed on any platform. It works on Windows, OS X, and Linux; it works with Internet Explorer, Firefox, and Chrome; it can be installed on iPhones and iPads, Android devices, and Windows phones.
After installation, you create an account with a strong master password. The program gives you a running start by importing stored passwords from your Internet browsers. (The fact that it can do that tells you something about the security of those passwords.)
A small button appears in your web browser which turns red when you’re logged into your LastPass account. When you log into a password-protected site for the first time, LastPass will display a bar at the top of the page asking to memorize the password.
The next time you visit the site, the user name and password will be filled in.
The magic: your passwords are encrypted and stored online, then synced with all other devices logged into your LastPass account. When you memorize a password, it is immediately available everywhere that you use LastPass. Your notebook computer knows all the passwords memorized on your office computer.
You can also look up a password or log securely into any password-protected site from the LastPass web site on any computer, anywhere.
The architecture of LastPass makes it a completely secure place to put all your passwords.
- Your passwords are stored on your computer in a file that is heavily encrypted. Your master password is the private key used for the encryption; if your master password is reasonably complex, it is the kind of encryption that simply cannot be broken without the private key.
- The encrypted file is synced online with LastPass servers.
- When you install LastPass on a second computer, the encrypted file is downloaded to that computer and you supply the private key – your master password – to decrypt it on that computer.
- When you access the LastPass web site and open your data (the LastPass “Vault”), a copy of the encrypted data is downloaded to temporary storage on that computer and decrypted with your master password. When you log off or close the browser, the decrypted data immediately disappears.
Look at that again with an eye to security. Your master password is never transmitted to LastPass. The company cannot – emphasize cannot – decrypt your passwords. Period. If hackers break into the LastPass servers, they cannot decrypt your passwords, if you have chosen a reasonably complex master password. If the government seizes the LastPass servers, it cannot decrypt your passwords.
Yet your passwords are available to you on every device you own. It’s ingenious and reassuring and safe. Here’s more information about the technology behind LastPass.
When you install LastPass, the login screen has two important choices.
- On a trusted computer – a home computer used only by you, or a work computer protected by a strong login password – you can check the box to “Remember Password.” Your LastPass master password will be used to log into LastPass automatically whenever you open your Internet browser. Never use this option if your computer might be accessed by anyone you don’t trust! If your computer is secure, this makes LastPass much easier to use and spares you typing the master password over and over.
- Uncheck the box to “Show My LastPass Vault After Login.”
If you’re trying LastPass, I encourage you to watch the short videos on the LastPass website for help getting started. When everything works, it’s intuitive. When you arrive at a login screen, LastPass displays a bar across the top of the browser window offering to fill it in with your memorized credentials.
Although the LastPass developers work valiantly, the program will not automatically detect every prompt for a password. There are too many ways to design web sites and some of them do not trigger LastPass to appear.
Most of the time, you can get LastPass to fill in the prompt on difficult pages by right-clicking on the login box and clicking on LastPass / Autofill. If LastPass knows where you are, it will display credentials for that site and fill them in when you click on them.
In the most difficult cases, you can obtain the memorized password by going to the LastPass Vault and doing a search for the site in the search bar at the top. When you find the site, click on Edit / Show Password. Highlight the password with Ctrl-C, then switch to the web page and click on Ctrl-V to paste it into the password field.
That’s not all. LastPass has grown to the point where it can handle a lot more of your secure information. We’ll look at secure notes next.