Secure computing using Lastpass

Sometimes, a program or utility becomes such a part of the computing experience that we take it for granted. Such is the case with LastPass; it seems so “there” that I don’t even remember how long I’ve been using it. What I do remember is why I started using it. I had been using the portable version of KeePass, the Open Source password manager and had built up a large database of passwords. One day, I forgot the USB thumb drive with KeePass on it and was absolutely lost. I decided right then that I needed a solution that was securely accessible from anywhere. That’s when I switched. I highly recommend that you either switch from what you are doing, or start using LastPass today.

Besides the convenience of having all of my site login information in one place, I like the the way LastPass makes it easy for me to use secure passwords. Since all I have to remember is the master password to be able to log into LastPass, I don’t have to fudge around with mnemonic systems and such to make easy-to-remember complex passwords; I simply use the program’s built-in password generator to get strong, random password strings.

The trend these days is toward multi-factor authentication. Passwords are, of course, “something you know;” security dongles like SecureID, YubiKey and the like are “something you have.” That would constitute two-factor authentication. For the truly paranoid, LastPass gives you a second factor: The grid. You generate the grid from within your account settings and you print it out. When you log into LastPass, you are presented with a prompt that asks for four random characters from your grid. Here’s what a grid looks like:

Probably the most powerful security feature is the support for one-time passwords (OTP). From a secure PC, you simply log into your secure LastPass vault on the website, configure a few OTPs, print them out and store them in your wallet. Then, if you ever have to access your LastPass vault from a public kiosk or insecure public WiFi hotspot, you just use one of the OTPs. Even if a keylogger snags it, the password cannot ever be used again. Your vault remains secure.

Even if you’re already using some other password manager program, you can easily switch. I mentioned KeePass; I had also been using Firefox’s Password Manager. Instantly, LastPass knew about everything that Firefox knew, which was extremely cool for me. You can import also from 1Password; from Clipperz; from something called Darn! Passwords!; from eWallet; from FireForm; from HP
Password Safe; from KeePass; from MSI PasswordKeeper; from MyPasswordSafe; from Passpack; from Password Agent; Password Corral; Password Dragon; Password Keeper; Password Safe; Passwords Max; from PINs Password Manager, from RoboForm, from SplashID, from Sticky Password; from Sxipper, I guess; from TurboPasswords; and from a Generic CSV File. That covers just about everything out there.

I should mention what Steve Gibson, who does the Security Now! podcast with Leo LaPorte each week, has to say about it. In Episode 256, “LastPass Security,” Steve delivers his “long-awaited, in-depth review and evaluation of LastPass". Steve explains the nature of the need for high-security passwords, the problem that need creates, and the way the design of LastPass completely and in every way securely answers that need.

1 thought on “Secure computing using Lastpass”

  1. Just a heads up for Last Pass. I’ve been using it for several years and it is SO easy and secure. This program offers a lot of customization. Just one word of caution. NEVER use the “remember master password” (shouldn’t even be an option). If you are certain you have a very secure network (is there really such a thing?) and never take your laptop with you anywhere, it might be ok. And when you do sign in and your vault is available, use the “hide/show password” for each account very quickly and sparingly.
    Unless there is a major break in security for Last Pass, I will continue to use it and continue feeling secure that my passwords are protected.

Comments are closed.

Exit mobile version


Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!