The most important thing you can do to improve your security is to use LastPass. It’s more convenient and more secure than a notebook in the desk drawer or any password system that relies on your memory. Once you have confidence in LastPass (or any password manager), you can use unique random passwords (the ones that look like this: g88*GZ&&HwRx) for every website. There will be far less of a chance that you’ll be hacked by someone running algorithms to guess your password, and you won’t have to worry about other accounts if one of your passwords leaks out in a large-scale hack of a big company.
LastPass is a free app. Sign up for it at www.lastpass.com. On a computer, most of you will use the Chrome extension that puts a LastPass icon in the upper right corner. There are LastPass apps for iOS and Android phones and tablets, and you can always get to your information from the LastPass website. Most individuals have a free account; there are a handful of features that might make you want to pay a few dollars for a premium account. LastPass makes money from its business and enterprise services.
LastPass has a long history. It is tested and secure. In the next article I’ll talk about the pros and cons of using Google Chrome to manage your passwords instead of LastPass – perhaps a bit easier than LastPass and definitely a step up from storing your passwords on Post-its. There are other password managers (Dashlane, 1Password) and many of them are just fine. They work similarly to LastPass. If you’re interested, you can read an exhaustive comparison of all the leading password managers at The Wirecutter. If you’re already using something else, keep using it. But let me cut through it: if you’re starting from scratch, LastPass should be your choice.
We’re going to talk about how password managers work, and some of the specific LastPass features that make it wonderful.
How LastPass works
LastPass is a place to write down your passwords and save them so you can find them later. It’s a notebook where you can look things up, with a design that’s perfect for passwords and confidential information. It’s more convenient than the notebook in the drawer because it’s easy to search for things and you can get to it easily from all your devices.
All password managers work in the same way. Your private information is stored in a vault that only you can open. There is a master password used to open the vault – a unique complicated password that only you know. You can’t open the vault without it. (In another article we’ll talk more about two factor authentication and security keys, which provide additional security.)
That’s why there are three important principles for LastPass and other password managers.
(1) The master password has to be unique and very secure. It’s like a combination to the safe that holds all your money and everything dear to you. If someone can guess your master password, all your secrets are exposed and life is no longer worth living.
(2) You must never forget the master password. The safe cannot be opened without the combination. LastPass customer support cannot look up your password. They can’t help you change it. For all intents and purposes, if you forget the password, the vault cannot be opened. Ever.
(3) You must never forget the master password. You’ve got that, right? Let’s not have any terrible mistakes.
You can open up your LastPass vault on any device – computers, phones, or on the LastPass website. All of your passwords are there on every device, magically kept in sync. The service is built in a way that makes LastPass very, very secure. Basically, LastPass encrypts all your passwords and secure info on your computer, using a security key that only you know – your “master password.” Then it transmits the encrypted blob to LastPass online servers. LastPass never knows your master password. The company literally cannot decrypt your data. If LastPass is hacked and bad guys (or the NSA) break into the LastPass servers, you’re still safe because the bad guys would only get heavily encrypted blobs that they could not decrypt.
When you connect to your LastPass account from another computer or from your phone, it downloads your encrypted blob and decrypts it on the device using the master password and voila! you have your passwords. Changes are synced quickly so your LastPass vault is always up to date, regardless of what device you use. It’s a very clever, very safe system.
LastPass is a notebook to save passwords. I want you to have that in mind because LastPass is widely misunderstood. You see, LastPass and the other password managers also do some cool tricks. The best one: when you get to a website with a password field, LastPass tries to fill it in automatically for you. When it works, it’s a great trick.
Sometimes the trick doesn’t work. Websites can be designed in a number of ways that prevent login names and passwords from being filled in automatically. When that happens, I hear people complain – “LastPass is buggy, it’s broken, it sucks.”
The cool tricks are not the point. If LastPass can’t fill in a bank password automatically, that’s not a bug in LastPass. That notepad in the drawer doesn’t fill in passwords automatically, does it? If you have to look up a password in the vault or add one manually, LastPass is still doing its job – no complaints, no regrets.
Why LastPass is particularly swell
Getting started with LastPass is easy. Once it’s running in Chrome, it will offer to save passwords when you fill in your login name and password on some website. The next time it will offer to fill it in automatically. You can open the LastPass vault and add passwords and other information any time.
Here are some of the LastPass features that you might want to explore once it’s up and running.
Reach for the upper right corner. The LastPass icon in Chrome provides easy access to a wealth of features and information. You can search for anything stored in your vault. You can open the vault with a single click. If you’re on a site that LastPass recognizes, the menu under Show Matching Sites will try to fill in password information automatically or copy your login name or password to the clipboard. If you’re signing up to a new site, you can generate a secure password and fill it in with a single click.
Automatically update passwords. On several dozen of the most popular websites, you can update your password with a single click. In the LastPass vault, click on the wrench icon for sites like Facebook, Amazon, Google, and many others, and look for “Auto Change Password.” LastPass will show a progress bar while it logs in behind the scenes, changes your password to something secure, and saves it to your LastPass vault, all automatically.
Share your passwords and provide emergency access. LastPass has built-in tools for sharing any or all of your passwords, as well as a process for providing emergency access for someone you trust if you become incapacitated or die.
Store credit card details and other confidential information. LastPass Secure Notes can hold any kind of information. There are specific forms for credit cards, insurance information, bank accounts, and much more. You can attach pictures and files to anything in the LastPass vault – pictures of a credit card or passport, for example.
Write down security questions and answers. You can add notes to any item in LastPass. If a site asks for security questions and answers, write them down in LastPass on the card with the password for that website.
Spend some time on the LastPass website. LastPass makes it easy to get started but it becomes far more useful if you spend a few minutes learning how it works. You are trusting it with crucially important information. It’s worth an investment of some time. Start here. Watch a couple of short videos, read a little bit about something that might be helpful to you.
Start using LastPass. You’ll feel safer and you won’t be as worried when the next big hack is announced.