I gave up remembering passwords – I am using the free
LastPass now and could not be happier.
I am gradually transferring all my passwords from scraps of
paper or notes to LastPass. This is a big step for me – trusting software
instead of memory or other not so secure methods.
GadgetGuy frequently gets press releases about how passwords
are so insecure and that consumers reuse the same or a variant making it easy
for cybercriminals to brute force crack them.
I am, sorry was, guilty of that despite proselytising never
to use the same password twice. In fact, I used one for all non-critical online
accounts – read those not able to access finances – like Myers, Coles,
Woolworths, Airbnb, Opal and 18 more.
That was until late last year when the Starwood breach revealed my critical personal details – email and physical address, passport, date-of-birth, mobile number and more. By sheer good luck, little of the information was current – but there was enough that when added to my dark web profile (yes, we all have one) that relentless hack attacks on my online accounts began.
The attack involves a ‘bot’ trying to log in to target
websites using the stolen details. It succeeded with an old webmail account,
and all went downhill from there. People started getting emails from me
(spoofed), unsuccessful bot attacks locked me out of Office 365 (three tries – you
are out) and spam and spearfishing mail sky-rocketed. So, I spent most my
waking minutes in January changing passwords.
It became clear that I needed more than a physical record of
the accounts and passwords, so I did some research. There are many free and
paid password protection products out there – Norton Vault, Kaspersky,
Roboform, Keeper, 1Password, Dashlane and LastPass …
How password managers usually work
You set up a cloud account – many call it vault, where
logins and passwords are stored. A single strong and complex password secures
the vault – all you have to remember is one password!
When it detects a URL that requires a login, it checks the
vault, and if it’s there, you are in. If not, you need to log in manually, and
it will store it in the vault for next time.
The vault (be it on your device or in the cloud) is
encrypted, and multi-factor-authentication (MFA) stops unauthorised use from
other devices. It is safe!
What to look for in password managers (and how we selected one)
Works in whatever operating systems you use – at
least Windows, Android and macOS and iOS – what about Linux and Chromebooks?
Works seamlessly across those via a cloud system
– what about offline use?
Password generation, password strength
assessment and detecting multiple uses of passwords
Works in your chosen browser – Safari, Chrome,
Firefox (and Opera that is the basis of many third-party browsers)
Does not need to be part of a security software
suite – what if you stop using that?
Optionally (and usually at extra cost) supports
fingerprint or face recognition (iOS, Android or Windows Hello) and MFA.
Optionally has a wallet/notes to store loyalty
cards, credit cards/CVV/expiry date and more secure information for e-commerce
And the winner is?
All mainstream password managers are pretty good and perform
the base level of services. We ruled out password managers that were part of a
security suite (in case you change security suites), decided that off-line
storage was nice but not critical (after all you need to be online to fill in
logins/passwords) and a wallet/notes was a necessary option.
The choice came down to Dashlane and LastPass. Dashlane has
a bulk password reset but that is not easy or foolproof, and its free version
only stores 50 passwords.
I am using the Firefox plugin, but it has support for Chrome, Safari, Opera and Edge in Windows and macOS.
After setting up an account (I had forgotten I had tried
this years ago, so my email address revealed an account and my generic password
worked!) you set a very strong password. I suggest a memorable phrase from a
movie – ‘Here’sLookingYouKid’ or “YouCallThatAKnife” or “CanIPetYourPuppy” and
add some symbols and numbers. Do not use phrases that you may have used even
once in social media posts.
That is it. As you visit websites on a desktop or
Android/iOS device, it adds them to your vault which is accessible across all
devices as it is in the cloud. You can use your passwords or generate new ones
– it will perform a security check for compromised passwords.
LastPass also syncs to your devices and downloads an
encrypted vault you can access offline via the browser or app. For added
security, you must have logged into the browser or app on that device when
online before. Note most disk cleaners will remove the local cache – when you
log in the LastPass it downloads again.
You can also use LastPass from a shared on internet café PC
by logging into its website. It does not download the vault in that case.
Most people use a sticky note or email contacts for storing
information like birthdays etc. While Gmail and Outlook 365 are secure, you
often share contacts with Facebook etc., and that other information could be
With Secure Notes, you can store all manner of things
like serial numbers, invoices and purchase dates, membership numbers etc. It
can store an unlimited number of notes (total 450,000 characters) and documents
Note macOS users need to install the LastPass Binary
component to use this feature.
Each attachment can be up to 10 MB in size, and your total
storage limits are dependent on your account type (i.e., Free users have up to
50 MB whereas Premium, Families, Teams, and Enterprise accounts have up to
GadgetGuy’s take – LastPass is worth many times its price!
It’s only after a breach that you realise how many passwords
you have and how weak many are.
Having used the free LastPass free for a few months, I will never go back. I don’t need Premium (single user $4.20 per month) or Family (6 users @$5.52 per month), but you can review the features you want here and decide what suits you.
It offers so many more security features than a browser, and
all your devices can access the cloud.
LastPass has had a few critical so-called ‘user reviews’,
and most relate to customer support – or lack thereof. In part that is why I
waited four months before writing the review – to see if there are any bugs. As
a techie type, I have had no issues in Windows and Android – it has been
excellent, and it is free, so that correlates with a lack of support.
LastPass meets or exceeds our review paradigms – it is a five-out-of-five. Now a plea to readers – start using a password manager!