Use a password manager – free LastPass gets the tick
5.0Overall Score
Name: LastPass Password Manager
Price (RRP): $free
Manufacturer: LastPass

I gave up remembering passwords – I am using the free LastPass now and could not be happier.

I am gradually transferring all my passwords from scraps of paper or notes to LastPass. This is a big step for me – trusting software instead of memory or other not so secure methods.

GadgetGuy frequently gets press releases about how passwords are so insecure and that consumers reuse the same or a variant making it easy for cybercriminals to brute force crack them.

I am, sorry was, guilty of that despite proselytising never to use the same password twice. In fact, I used one for all non-critical online accounts – read those not able to access finances – like Myers, Coles, Woolworths, Airbnb, Opal and 18 more.

That was until late last year when the Starwood breach revealed my critical personal details – email and physical address, passport, date-of-birth, mobile number and more. By sheer good luck, little of the information was current – but there was enough that when added to my dark web profile (yes, we all have one) that relentless hack attacks on my online accounts began.

The attack involves a ‘bot’ trying to log in to target websites using the stolen details. It succeeded with an old webmail account, and all went downhill from there. People started getting emails from me (spoofed), unsuccessful bot attacks locked me out of Office 365 (three tries – you are out) and spam and spearfishing mail sky-rocketed. So, I spent most my waking minutes in January changing passwords.

It became clear that I needed more than a physical record of the accounts and passwords, so I did some research. There are many free and paid password protection products out there – Norton Vault, Kaspersky, Roboform, Keeper, 1Password, Dashlane and LastPass … 

How password managers usually work

You set up a cloud account – many call it vault, where logins and passwords are stored. A single strong and complex password secures the vault – all you have to remember is one password!

When it detects a URL that requires a login, it checks the vault, and if it’s there, you are in. If not, you need to log in manually, and it will store it in the vault for next time.

LastPass

The vault (be it on your device or in the cloud) is encrypted, and multi-factor-authentication (MFA) stops unauthorised use from other devices. It is safe!

What to look for in password managers (and how we selected one)

  • Works in whatever operating systems you use – at least Windows, Android and macOS and iOS – what about Linux and Chromebooks?
  • Works seamlessly across those via a cloud system – what about offline use?
  • Password generation, password strength assessment and detecting multiple uses of passwords
  • Works in your chosen browser – Safari, Chrome, Firefox (and Opera that is the basis of many third-party browsers)
  • Does not need to be part of a security software suite – what if you stop using that?
  • Optionally (and usually at extra cost) supports fingerprint or face recognition (iOS, Android or Windows Hello) and MFA.
  • Optionally has a wallet/notes to store loyalty cards, credit cards/CVV/expiry date and more secure information for e-commerce and form-filling

And the winner is?

All mainstream password managers are pretty good and perform the base level of services. We ruled out password managers that were part of a security suite (in case you change security suites), decided that off-line storage was nice but not critical (after all you need to be online to fill in logins/passwords) and a wallet/notes was a necessary option.

The choice came down to Dashlane and LastPass. Dashlane has a bulk password reset but that is not easy or foolproof, and its free version only stores 50 passwords.

We decided to give the free version of LastPass a test (website here). In fact,  Tony Jarvis, Chief Technology Officer of Check Point recommended it as the one he uses.

LastPass is a freemium product. If you need more than basic services, you can pay for more.