Considering that all other systems you interact with are secure, which you would hope was true when signing up for a service, leaves the only vulnerability to be guessing the user(s) password. In order to reduce this vulnerability, there are a few steps that can be taken to make sure your password is unguessable:
- Make the password long, 8-10 characters is generally accepted as being a strong length. A 5 character long password has 60,000,000 possible combinations whereas a 10 character length has 3,700,000,000,000,000 possible alpha numeric combinations.
- Give the password no meaning. Don't include words, such as a pet's name and also include upper and lower case characters along with numbers.
- Don't use the same password twice. How do you know if the same password you use to access your bank for instance, is not being abused by xyz.com which you may have just signed up for.
So straightaway you have lots of different, long, gibberish passwords for all the sites you use, but now there is noway to remember them all or have the ability to keep typing them in. This is where LastPass comes in "The last password you will ever need".
LastPass allows you to add login information to any site you access via plugin and store it in their database. They further enhance their security by not storing any sensitive data as all the encryption is done locally, so they will only receive an encrypted token as a result of the locally done 256 AES hashing processes it goes through. You can access your vault securely with the universal browser plugin or by logging on on their site with your master password (aka the only password you will ever need), which also allows for an on screen keyboard to be used to avoid key loggers. Then the next time you visit a site which you have previously stored your login data in your database, your data will now be auto filled ready for you to login.
 |
| Secure vault. |
LastPass also runs on any platform you can possibly use, for instance LassPass have created a tabbed browser for the iPad which does not allow plugins. This bypasses issues found with traditional password managers offered by browsers. For instance you may use Firefox at home which stores all your passwords, but when you are at work using Internet Explorer you no longer access to the passwords stored on Firefox at home.
 |
| One time password creation screen. |
You can also access your database by using one time passwords, which can be created after login to be used on machines where you maybe unsure if your being watched whilst you browse and remain available until they have been used once. Similary you can see open sessions of your vault and close them locally and another great tool is the security check, which scans all passwords in your vault, scores them and recommends ways to further improve them. There are many many more features which i have not included but can be viewed in detail on their site.
In summary amongst the value of the tools, being all free accept using the features on mobile devices which only costs the equivalent $1 a month, the system is a total life saver. I too was one who in the past used to overlook password security and like many others reuse a small number of easily rememberable passwords for everything. LastPass has gone out of their way to create an extremely secure solution, which is trustable allowing for safer gibberish passwords to be stored and access with ease, anywhere on anything at anytime.
Sold? get LastPass here.
Sold? get LastPass here.
