Considering that all other systems you interact with are secure, which you would hope was true when signing up for a service, leaves the only vulnerability to be guessing the user(s) password. In order to reduce this vulnerability, there are a few steps that can be taken to make sure your password is unguessable:
- Make the password long, 8-10 characters is generally accepted as being a strong length. A 5 character long password has 60,000,000 possible combinations whereas a 10 character length has 3,700,000,000,000,000 possible alpha numeric combinations.
- Give the password no meaning. Don't include words, such as a pet's name and also include upper and lower case characters along with numbers.
- Don't use the same password twice. How do you know if the same password you use to access your bank for instance, is not being abused by xyz.com which you may have just signed up for.
So straightaway you have lots of different, long, gibberish passwords for all the sites you use, but now there is noway to remember them all or have the ability to keep typing them in. This is where LastPass comes in "The last password you will ever need".
LastPass allows you to add login information to any site you access via plugin and store it in their database. They further enhance their security by not storing any sensitive data as all the encryption is done locally, so they will only receive an encrypted token as a result of the locally done 256 AES hashing processes it goes through. You can access your vault securely with the universal browser plugin or by logging on on their site with your master password (aka the only password you will ever need), which also allows for an on screen keyboard to be used to avoid key loggers. Then the next time you visit a site which you have previously stored your login data in your database, your data will now be auto filled ready for you to login.
Secure vault. |
LastPass also runs on any platform you can possibly use, for instance LassPass have created a tabbed browser for the iPad which does not allow plugins. This bypasses issues found with traditional password managers offered by browsers. For instance you may use Firefox at home which stores all your passwords, but when you are at work using Internet Explorer you no longer access to the passwords stored on Firefox at home.
One time password creation screen. |
You can also access your database by using one time passwords, which can be created after login to be used on machines where you maybe unsure if your being watched whilst you browse and remain available until they have been used once. Similary you can see open sessions of your vault and close them locally and another great tool is the security check, which scans all passwords in your vault, scores them and recommends ways to further improve them. There are many many more features which i have not included but can be viewed in detail on their site.
In summary amongst the value of the tools, being all free accept using the features on mobile devices which only costs the equivalent $1 a month, the system is a total life saver. I too was one who in the past used to overlook password security and like many others reuse a small number of easily rememberable passwords for everything. LastPass has gone out of their way to create an extremely secure solution, which is trustable allowing for safer gibberish passwords to be stored and access with ease, anywhere on anything at anytime.
Sold? get LastPass here.
Sold? get LastPass here.
3 comments:
I use Two-Factor Authentication across a lot of my accounts. I feel a lot more secure when I can telesign into my account. I am glad that they offer that option. It is worth the time and effort to have the confidence that your account won't get hacked and your personal information isn't up for grabs. It would be nice to see more of the leading companies in their respective verticals start giving their users the perfect balance between security and user experience. I know some will claim that 2FA makes things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. I'm hoping that more companies start to offer this awesome functionality. To me this should be a prerequisite to any system that wants to promote itself as being secure.
@Anonymous Hello, i totally agree about two factor authentication and especially knowing that LastPass will potentially hold the details to our login kingdom. They do seem to cover alot of bases from their in-house Sesame, which i personally use, to the Google authenticator, Grid and YubiKey. I would be interested to hear which you use and how you rate it?
I think it's great that the majority of banks, etc implement this in some shape or form. However i was reading a 2007 study by BearingPoint stating that 94% of all authentication solutions used by financial institutions in the USA don't meet the true definition of true multi-factor authentication.
Furthermore i've heard one of the new ways of stealing login data via social network login, is for the rogue site to direct the user to what resembles for instance a Facebook login page, but in reality is a mock-up imitation solely used to record your login info.
At the end of the day LastPass is an incredibly approachable, feature rich solution. Their is no hidden secret to how it works, so in understanding the technology it help's greatly in trusting the work they do.
I actually pleased to read this blog post With the emergence of mobile technology and social media, Really educational things are offered here, I am fulfilled to find so many wonderful point here in the blog post,
Post a Comment