If you are like most computer users, you are likely drowning in usernames and passwords. Quite likely, you have passwords written down on scraps of paper, in spread sheets, and on sticky notes under your keyboard and in desk drawers. Maybe you have passwords that you know are weak and passwords that you haven’t changed in years. Sure – lots of web browsers offer to ‘remember’ passwords but is this a really good idea?
So what can you do? A couple years ago a co-worker, who is pretty heavily involved with web-server security and open source products, recommended a password storage solution called ‘Password Safe.’ Designed by an expert cryptographer, it stores all your passwords in a local file with robust encryption. It is an open source software project with licensing fees. I used it for almost two years and really liked it. I was careful to keep my encrypted file on the network drive at work so that it would be regularly backed up.
But time goes by and new products come out. While I liked ‘Password Safe’, I found it a little clunky and also difficult to use when I needed to work off two different computers which I usually do (my work computer and my laptop). Enter my friend again and a new recommendation: https://lastpass.com
I’d heard of websites that would store all of your passwords for you and was dubious, I didn’t like the idea of these sites having access to my goods. But, after reading more about Last Pass, I was convinced pretty quickly. It encrypts all of your passwords on your local machine and then transfers them via an encrypted SSL connection; the company only sees gibberish if they look inside of their database. You can access your ‘vault’ with a master password or passphrase which then un-encrypts all of your passwords. Lose your master password and you are toast, the company cannot help you.
If you install the browser plug-in (highly recommended!), Last Pass will recognize when you are visiting a site that is saved in your ‘vault’ and it will auto-log you in. When you are creating an account on a new site it will ask you if you want to ‘save the site’ to your vault and will even offer to auto-generate a strong password for you. Some additional features that I like:
- Imports usernames and passwords from a variety of other tools including passsafe.
- Exports all of your usernames and passwords if you want a local copy as a CSV file.
- Allows you to create a disposable, one-time use, master passwords to use on public terminals
- You can build profiles to speed up filling out web forms (no more entering your address over and over)
- Add secure notes inside of your vault.
- Get a pop-up virtual keyboard to enter your master password if you are working from a public terminal and worried about keyboard loggers etc.
- Create groups to organize your sites within your vault.
- Share specific usernames and passwords with other Last Pass users without them actually seeing the passwords. I’ve never done this but can think of some situations when it might be useful.
To be sure, it is not a perfect application. It has some rough edges. The vault looks much different when accessed via the website home page versus from the browser plug-in. With the latter, I can’t figure out how to manually add a new site to my vault. Fortunately, I rarely need to do this as it automatically adds new accounts. And sometimes sites end up duplicated in your vault because many sites have multiple log-in points with different urls. You can have the browser plug-in keep you logged in with your master password for a very long time. This can be dangerous if someone else gets onto your computer. But to mitigate against this – you can specify that highly sensitive sites in your vault will always prompt you to enter the password. There are many features that I have not yet explored and probably never will. But, bottom line, I’ve found it to be a real life-saver and far safer than my old practices which embarrassingly required a large supply of sticky notes!
And, if you don’t trust me, here is a review by an editor at CNET who also happens to be named ‘Seth’; his review says Last Pass is ‘an essential add-on for modern Web browsing.’ The review has some really great video at http://download.cnet.com/LastPass-Password-Manager/3000-18501_4-10889725.html
I couldn’t have said it better myself, though I tried!