Who can recall the countless website passwords we're asked to stuff into our overspilling brain boxes? And how do we make sure they don't fall into the hands of rogues? One answer is to turn to password manager LastPass -- a service that creates a secure ID on your computer that will remember your passwords and effortlessly log you into your favourite sites.
Each web account we hold stores data we've entered about ourselves and it all has to be protected. In this guide, we'll look at why you should be using a better password protection strategy, reasons to trust LastPass, how to install it and how to use it.
Password security should be on everyone's mind since -- at the time of writing -- LinkedIn,Last.fm, and eHarmony had all recently had their password hash databases published online. While hashes aren't the actual passwords, those of weak passwords such as dictionary words can be translated back into the original password with relative ease.
Are your passwords on this list of the 25 worst passwords of 2011? If so, you really need to get your online security in order!
How LastPass looks after your passwords
Like most websites, LastPass uses hashing algorithms to process your account details and authenticate you. However, just as recent news has shown, even hashing algorithms aren't bulletproof when applied poorly.
LastPass stores a hash of your email address and master password on your computer (not its servers), which it uses as an encryption key to encode your login details for other sites (with a 256-bit AES cypher), before storing them on its servers.
The company doesn't want to know any of your details or your encryption key, so it creates a unique ID token for you by hashing your password and local encryption key together. That ID token is then hashed with a random number when you create your account, which is -- finally -- how it authenticates your account.
Assuming this has won your trust, let's get down to business.
Installing LastPass on your desktop and browsers
Whether you're a Linux, Windows or OS X user, there's a desktop download available for you. Just download the installer for your operating system and follow the instructions.
The first option you'll be presented with is which browser plugins to install -- Chrome, Firefox, Internet Explorer and Safari are all supported.
If your browser isn't listed, you can use LastPass' bookmarklets (see below). The following options ask whether you want to replace the password manager in each of the browsers you've opted to add a plugin to.
Next, you'll be asked to create, or log in to, a LastPass account, after which you then import passwords from your desktop browsers. Once you've imported any saved passwords, it will even offer to cover your tracks by removing all those passwords from your various browser password caches.
Bookmarklets for browsers that don't support plugins
If your browser doesn't support plugins, you can install bookmarklets that will retrieve your login details for you instead.
Sign in and click 'bookmarklets' in the left-hand column of your 'Vault' page. This will launch a pop-up box with three links you can drag onto your bookmark bar.
Firstly, 'LastPass Login!' gives you a one-click login for most websites (the JavaScript bookmarklet won't work properly with some websites). Secondly, 'Lastpass Fill!' fills in login forms without logging you in. And finally, 'LastPass Fill Forms!' actually fills in web forms such as your contact and payment details with info you've stored in your account.
Mobile devices
Use of mobile apps for LastPass is one of the few features that require a premium account -- which is actually quite cheap. Priced at just one US dollar per month, the cost should be trivial to most people. There is a mobile application for just about every mobile platform you can think of -- Android, Android's Dolphin HD and Firefox Mobile browsers, iOS (iPhone and iPad), Windows Phone 7, Symbian, BlackBerry, Windows Mobile and even webOS.
The mobile apps not only provide access to all of your account data, but also feature a built-in browser that can automatically log you into your web accounts. This circumvents having your sensitive accounts, like with banks, saved in your default browser's history.
If you're using a mobile device that doesn't have an app, there's also m.lastpass.com, where you can view your account data and install bookmarklets in your mobile browser.
Using LastPass on the desktop
After installing the plugin on your desktop browser, you'll notice pop-up toolbars offering to remember or fill in your login details as you visit websites. Via this toolbar, you can set whether LastPass will fill in the username and password fields on a per-site basis. Clicking the options button in the LastPass toolbar allows you to set more preferences, such as auto-login, and adding the site to your favourites list.
The plugin is smart enough to know when you're changing your password too. By clicking the 'Generate' button, you'll be given a new random password, which LastPass will submit to the website in question for you, and update your password database.
This is the real value in using LastPass. It makes changing your passwords easy and gives you the auto-login ability so you never need to remember your passwords again.
As you explore the LastPass settings, you'll find that you can even store various profiles for filling in forms that contain your contact and credit card details.
Making LastPass even more secure
If using a simple username and password isn't good enough or you, LastPass offers a range of methods to make authenticating yourself even more secure -- if you're a premium user. You can create a set of One Time Passwords (OTPs), which is a list of passwords where each expires after being used once. Taking OTPs a step further, you can combine them with multi-factor authentication via your smart phone with Google Authenticator, via a YubiKey device, runningSesame on any USB drive, or even a printed grid of characters.
No comments:
Post a Comment