There are ways to add master password functionality and improved security to major web browsers like Chrome or IE – by using an extension such as LastPass.
I previously noted that there is no Google Chrome master password option to protect your saved website login passwords – a gaping security hole compared to the master password option offered in Firefox.
IE also suffers from this lack of secure master password encryption.
What Is LastPass?
LastPass is an online password manager (and form filler) that encrypts your saved login passwords with a single master password to make browsing more secure.
It is available for Windows, Mac and Linux and works on all major web browsers as a browser add-on or extension.
It remembers your passwords and logs you into your saved websites with a single click. It’s free to use on all your computers and automatically synchronizes your data across all your devices and browsers
E.g. if you store login details for a site on your PC using Firefox, the same login data will become available on your laptop using Chrome (as long as it also has LastPass installed).
You can also set up LastPass to auto-complete forms as well as passwords.
The program is free to download as an individual extension for a single browser (e.g. from Chrome web store) but I recommend downloading the Universal Windows Installer:
Download it here (the same page has alternatives for Mac/Linux if required).
The Universal Installer automatically installs browser extensions for Internet Explorer, Firefox, and Chrome (where present). Once installed, you must create a LastPass account and choose a Master Password to access LastPass.
Tip: create a strong master password and don’t set up a password hint! If you worry you might forget it, write the password down and store it in a safe deposit box.
You can now import your existing passwords, if required, and proceed to browse websites. When you enter a new username and password into a website, LastPass pops up to ask if you want it to save these login details – and the next time you visit that site it will automatically enter the login details for you.
What About Password Security?
LastPass is an online password manager i.e. it synchronizes your encrypted password data with the LastPass servers (computers) over the internet – like online backup services do.
However, it does save an encrypted backup copy of your data on your own computer and your master password is only encrypted or decrypted on your computer (not in the LastPass cloud) – so only you have it.
LastPass uses AES-256 encryption which is extremely secure (‘top secret’ government rated) and features a Vault as shown in the example below:
In the Vault you can sort or read info about your website logins (e.g. see when you last accessed a site), view your login details or assess the strength of your passwords.
If you want to change your existing saved passwords, LastPass can generate new strong passwords for you.
Tip: once you have a password manager taking care of your logins on all your computers, you should use it to make all your passwords very strong – without the worry that you won’t be able to remember them if they are 12+ characters and made up of a mix of letters, numbers and symbols…
One final word of advice – like many other companies, LastPass uses your email address as your user ID – so if you forgot your master password you can recover it via email.
You must always use a strong password on your email account or there is a risk that such password reminders could be intercepted!
E.g. when you hear of people who had their Hotmail ‘hacked’ it is almost always due to them having a very weak and easily guessed password like ‘billy’ – not due to an incredible feat of technical wizardry by a hacker…