Passwords. We love them and we hate them at the same time. Yet, it’s one of the easiest and most popular authentication method used by third-party services and even by the computer you are using right now (your computer does require a password to log on, right?). It’s a very simple system in that you supply to the authenticator a secret that only the two of you know combined with a username or email address of some kind. Once the authenticator validates your secret, you’re in the system. We all know this. It’s no secret that a password should be a closely guarded secret because once another person gets a hold of it, he/she can now impersonate you and the authenticator usually will not know any better. If that person knows the secret, then he/she should be authorized otherwise why else would they have the secret in the first place?! OK, this much you should already know by now. If not, I wrote an article that should help you understand more on this topic.
The problem nowadays is not the password system itself (although multi-factor authentication is a lot stronger) but the fact that many users need to create so many passwords for the dozens and dozens of sites and services they use online. Again, you’ve probably heard this all before but it bears repeating here. When a user is forced to create a password for so many services, they tend to reuse the same password over and over again. Come on, don’t act like you’ve never done this before. You may not have done it recently but I’m sure you can think of the time where you were so frustrated with having to deal with so many passwords that you just used the same one again and again. The main reason why this is so is due to our memory system. It’s really hard to come up with an ultra long and random combination of letters, numbers and symbols and be forced to remember it. It’s not that users don’t want to create good passwords. It’s just that they can’t remember them all! Therefore, what many people tend to do is create a known and comfortable password that they can remember and reuse them. The problem here folks is that the password created is usually very weak in nature and can be easily cracked! By reusing that same password for five or ten different services, you risk the chance of putting all those services in jeopardy as soon as the password is stolen.
What is LastPass?
LastPass is what you call a password manager. In other words, it helps you manage all of your passwords! The promise of LastPass is that it will be the last password you will ever need to remember. How it works is simple (although the actual technical details are not). As with many other password managers out there, LastPass creates a database and within it resides all of your passwords. In order to unlock that database and use those passwords, you’ll need to unlock it with a password. This password is what is called the master password and is the only one you have to remember. Once you unlock the database, everything within it is accessible. As you can already figure out, the passwords within the database is not important in a way that you don’t have to actually remember them because you don’t actually type in those passwords yourself. Therefore, you can create passwords that are 50 characters in length with lower case, uppercase alphabets, numbers, symbols and special characters for each site you use if you so wish to.
How it Works
Whenever you visit a site that requires a password, LastPass will automatically help you fill them in as long as you are logged in to your LastPass account. It doesn’t matter if you have 15 different sites all with different passwords and whatnot. LastPass will fill them in for you as long as you have saved the account information for that site within your LastPass database. All of this is great but how does LastPass protect you as the user from password theft or keeping them from prying eyes? Simple. It’s called encryption. Your password database is actually stored at LastPass headquarters. However, all data is encrypted with your master password before it is sent from your local PC. This fact is very important to remember. Nothing gets sent to LastPass in clear form. Therefore, LastPass only stores your data in an encrypted form. Even the LastPass staff have no way of viewing your database. Well, technically they could but I’m sure the encrypted gibberish they see wouldn’t be of any use.Just recently, LastPass discovered an anomaly in their traffic and decided best that all users should change their master password. It’s not sure as of now whether or not they were hacked or not but LastPass is stating that if you have a very strong master password, you are safe. Even if the hackers got a hold of your password database from LastPass servers, the data would be useless because it is encrypted with your master password, which they don’t have. Therefore, it is important that when you are creating your LastPass account for the first time, you need to create a very strong master password as the security of your database relies completely on it! I want to apologize but I need to rant a bit. There are many users out there that don’t believe in LastPass and the security of their system. Many have doubts as to whether or not LastPass is really that secure and if our passwords are really encrypted when sent to LastPass headquarters. Let me get something off my chest right now. It’s OK to completely doubt something. You just don’t have to use it personally. The problem I have is when a person have no proof whatsoever and start spreading FUD (fear, uncertainty, doubt) throughout the Internet. I use LastPass and accept the risks. As with everything we do in life, there is always, and I mean always a risk factor involved. Being a security guy, I understand that being paranoid is a given for people like us. However, some people take it just too far. As the saying goes, there really is no completely secure computer in this world unless you pull the power plug from it, lock it up in a chest and let it sink to the bottom of the ocean. It would be secured but it wouldn’t be of any use to anyone. I mean why even go outside your house when there is a risk that you could get run over by a car or get robbed? Of course, I’m being sarcastic but some people just need to understand that everything has a risk factor involved. LastPass has been praised by many and although that doesn’t necessarily make it any better than the next software or service, I would definitely use it over the others.
Why Use it?
LastPass not only helps you to start creating different passwords for each of your different sites but it also helps you by allowing you to create super strong passwords as you never have to remember them again. LastPass can be considered as the middleman. Another big advantage of using LastPass is due to its huge assortment of supported platforms. LastPass is supported basically on the Windows, Mac and Linux operating system platforms. As for browser compatibility, LastPass will work on Firefox, Internet Explorer, Safari, Opera and Chrome. You’re never left out in the dark. Want to use it on the go from your mobile phone? They got that covered too although you’ll have to pay. In my opinion, it’s really hard to see why not to use something like LastPass. Information theft goes on every day and you really don’t want to be a part of that statistic. If you pay your bills online or do a lot of online shopping at various websites, it’s imperative that you lock down your account so that no one but you can get access to it. In many cases, a person only have to authenticate to the system with two key pieces of information. That is your username or email and your password. Usernames are very easy to come by for a thief. Services like Facebook and Twitter allows users to post all sorts of information for the world to see. It’s not hard to extract a person’s email. For example, if I knew your email address to be firstname.lastname@example.org and knew you like to shop at Amazon, I can happily view all sorts of information out of your Facebook profile to put together random passwords that you might use. It’s very likely that you used the same email address to sign up for Facebook as you did with Amazon. With LastPass, the attacker will have a lot harder time trying crack your password if it is 15 characters in length comprising of random uppercase, lowercase, numbers and symbols. Trust me, LastPass is something you’ll definitely want to get into the habit of using. In fact, once you start using it, you’ll hardly even know it’s there. I promise you that much.