A couple of people have asked me about LastPass recently so I figured I would write a little about it generally and, more specifically, about how I use it.
No one actually likes using more than one password. We all have enough things to remember, we don't need to clutter our brains with remembering which password we used for which website. That is where password manager apps come into the picture. With such apps you only need to remember one password and the rest of your passwords will be stored, hopefully securely, in the app.
As far as I am concerned, LastPass is the best-of-breed app in the password manager category. In the infancy of its popularity, LastPass was vetted and approved by Steve Gibson. He provides a lengthy review of LastPass' technology at his site and, fortunately, LastPass has continued to be open about its technology. It has also continued to add features over the past few years, both to improve functionality and security.
Why is LastPass Secure?
The company has done everything right in terms of securely encrypting and storing your sensitive data.
- All encryption is done locally on the client, so all the LastPass company ever sees is a pseudorandom blob of data.
- Encryption is performed with AES-256.
- Password hashing is performed using PBKDF2 implemented with SHA-256.
- Users can select the number of hash iterations their password is put through.
- Many multi-factor authentication options are supported.
- Mobile app access to your LastPass vault is restricted. Users have to explicitly allow access from each new mobile app that tries to access their vault.
- The company is open and responsive about their technology, as evidenced by Steve Gibson's interactions with them.
LastPass Has Extensive Functionality
In addition to being secure, LastPass provides an enormous number of features.
- Ability to store and automatically fill forms on websites with many types of personal data, including usernames, passwords, credit card, and address information.
- "Secure Notes" allow users to store other information of their choosing, including text, documents, and images.
- Supported on Windows, Mac, and Linux using Internet Explorer, Safari, Chrome, Firefox, and Opera.
- Extensive mobile support. Apps are available for iOS, Android, Windows Phone, and Blackberry. LastPass Premium is required for this, but it is only $12 per year.
How to Keep Your LastPass Vault Secure
While LastPass is natively secure, there are a number of configurable options which can make LastPass even safer against attackers. All of these options can be configured in the settings page of your LastPass vault.
- In the General tab, make sure your password hash is being iterated at least 5000 times, you only allow logins from countries to which you travel, and you disallow logins from the Tor network.
- In the Security tab, enable as many circumstances as possible for which you will be prompted for your password.
- Enable some form of multi-factor authentication.
LastPass is the perfect tool for managing your many online identities, as well as storing sensitive personal information, both securely and conveniently. It's easy to use and available on every platform. Plus, the price is right.