Use LastPass To Protect Saved Login Passwords

Yesterday we noted that there is no Google Chrome master password option to protect your saved website login passwords – a gaping security hole compared to the master password option offered in Firefox. IE also suffers from this lack of secure password encryption. But there are ways to add master password functionality and improved security to any major web browser like Chrome or IE using an extension like LastPass.

LastPass is an online password manager (and form filler) that encrypts your saved login passwords with a single master password to make browsing more secure. It is available for Windows, Mac and Linux and works on all major web browsers as a browser add-on or extension.

It remembers your passwords and logs you into your saved websites with a single click. It’s free to use on all your computers and automatically synchronizes your data across all your devices and browsers e.g. if you store login details for a site on your PC using Firefox, the same login data will become available on your laptop using Chrome (as long as it also has LastPass installed).

You can also set up LastPass to auto-complete forms as well as passwords. LastPass is free to download as an individual extension for a single browser (e.g. from Chrome web store) but we recommend downloading the Universal Windows Installer here (the same page has alternatives for Mac/Linux if required).

The Universal Installer automatically installs browser extensions for Internet Explorer, Firefox, and Chrome. Once you have installed it you must create a LastPass account and choose a Master Password to access LastPass.

Tip: create a strong master password and don’t set up a password hint! If you worry you might forget it, write the password down and store it in a safe deposit box.

You can now import your existing passwords if required and proceed to browse websites. When you enter a new username and password into a website, LastPass pops up to ask if you want it to save these login details – and the next time you visit that site it will automatically enter the login details for you.

What About Security?

LastPass is an online password manager i.e. it synchronizes your encrypted password data with the LastPass servers (computers) over the internet – like online backup services do. However, it does save an encrypted backup copy of your data on your own computer and your master password is only encrypted or decrypted on your computer (not in the LastPass cloud) – so only you have it.

LastPass uses AES-256 encryption which is extremely secure (‘top secret’ government rated) and features a Vault as shown in the example below:

lastpass

In the Vault you can sort or read info about your website logins e.g. see when you last accessed a site, view your login details or assess the strength of your passwords. If you want to change your existing saved passwords, LastPass can generate new strong passwords for you.

Tip: once you have a password manager taking care of all your logins on all your computers, you should take advantage of it to make all your passwords very strong – without the worry (excuse?) that you won’t be able to remember them if they are very strong i.e. 14+ characters and made up of a mix of letters, numbers and symbols…

One final word of advice – like many other companies, LastPass uses your email address as your user ID to allow you to recover from a forgotten master password via email.

You must always use a strong password on your email account or there is a risk that such password reminders could be intercepted e.g. when you hear of people who have had their hotmail account ‘hacked’ it is almost always due to them having a very weak and easily guessed password like ‘billy’ – not due to an incredible feat of technical wizardry by a hacker…

4 Responses to: "Use LastPass To Protect Saved Login Passwords"

  1. Isaac Reed22 says:

    Last Pass was good but I recently switched to RoboForm and it is a lot better, just more efficient and more secure- never been hacked.

  2. Phillip says:

    RoboForm can also be used for free. If you have ten or less “passcards” saved the program does not require you to activate with a paid license. I also use RoboForm personally because of the security issues with LastPass and like it much more.

    • admin says:

      @Phillip thanks for your comments. The free ‘trial’ versions of Roboform are limited to managing 10 logins so we had always thought of them as a trial rather than a ‘full’ version because we assumed people would want more than 10 (and have to pay)… But we’re happy to be proved wrong!

      If 10 is enough then Roboform is a good, and free, alternative.