SEARCH

How-To Geek

Keep Those Hard to Remember Card Numbers Available and Secure with LastPass

Banks, libraries, and points programs have the annoying habit of making you dig out your card to find the magic number that will let you log in to their web interface. Rather than make the ten foot walk to get your wallet, use LastPass to store all those number at once, securely.

cards

Photo by Andres Rueda.

LastPass is a great way to store your passwords securely, and is one of the only password managers that works seamlessly with Google Chrome. Once you’ve logged into one of those services that requires a card number, it should remember it no problem.

However, if you’ve chosen not to auto-fill, or if this is the first time you’re accessing a website, you might be greeted with a screen like this one.

Even if you’re not lazy, there is a significant psychological hurdle to overcome when a website asks you to fetch your wallet and enter a number that you’ll never bother to memorize. In the past, we’ve missed paying bills on time because the web interface required the card number, and we kept telling ourselves that we’d do it later when our wallet was more accessible.

At the same time, we’re not comfortable storing card numbers in text files or in our email. Fortunately, LastPass offers the ability to store secure notes. Put all of your card numbers in a secure note, and then the only thing you have to remember is your LastPass master password, which you know already!

Note: these steps are shown using the Google Chrome LastPass extension. Steps for other browsers, or using the website directly, will be very similar.

Create Your Secure Note

To create a secure note, click on the LastPass icon in the top-right of the screen.

sshot-1

Click on the Secure Notes link.

sshot-2

Click on Add Secure Note.

sshot-3

This will open a tab to enter the secure note. There are a few things that we recommend when writing your note.

  • Prefix each number with an identifier that you will remember, but a thief could not decipher.
    For example, if it’s a Bank of America number, use BA, or something more personal, like the name of that cute bank teller.
  • Require a password reprompt, in case someone gains physical access to your computer.
  • Consider adopting a simple obfuscation scheme in case the note is compromised.
    For example, if the card number is 16 digits long, list the last 8 digits before the first 8. Use the same scheme for each card number so that you don’t forget!

sshot-4

Accessing Your Note

Now, whenever you need to log into your bank or other service that uses your card number, just click on the LastPass icon, and click Secure Notes. You should see the note you created.

sshot-5

Enter your password, if you chose to be re-prompted, and then you have your card numbers in just a few clicks! Much better than getting up and digging out your wallet.

Sign up for a free account at LastPass

Trevor is our resident Linux geek, but always keeps his eyes open for neat Windows tricks too.

  • Published 08/18/10

Comments (11)

  1. Hal Shields

    Have used LastPass for quite a while and find it very useful. Sometimes it will not fill in certain types of web forms but that is a minor detail. I use it on both Internet Explorer and Google Chrome and though there are subtle differences all data is integrated and available on either browser.
    For a free application the support is excellent. I tried to change my email address to a Yahoo disposable one which uses a dash in the name (whodo-what@yahoo.com) and though LastPass accepted the change I did not send the comfirmation e-mail out. Hence, unable to access my details.
    An e-mail to the LastPass support team brought a speedy response and my e-mail address was reset enabling me to then select another.

  2. dummydecoy

    I love LastPass. Totally indispensable for me. It also made me interested (and somewhat paranoid) with generating more secure passwords for the different websites I visit. Keep up the good work lastpass guys!

  3. bobby.tables

    While I really would like to use it it is hard to trust a 3rd party with my CC info, passwords etc. Does anyone know how the data is encrypted, who has access to it, is there a master key for all data, and so on? Encryption algorithms should always be open source so they can be tested by lots of people.
    So is there any information available on the technology used by lastpass? If so, I would be among the first to use it.

  4. PL

    @bobby.tables

    read here: http://lastpass.com/whylastpass_technology.php

    what i find most useful is that they never receive my master password (if they are to believed) and the decryption and encryption is done locally. If you can’t trust your local machine, they have optional one time passwords… how they exactly work i have no idea.
    It’s really convenient and for me the main reason is that i finally have long, non-trivial and most importantly different passwords for nearly hundreds of accounts…

    To what it comes down to: LastPass will protect your data at all costs, because if they leak, they are finished. Their expertise is (should be ^^) in this field: To securely store data!
    Facebook, Google, your Mailprovider, etc. expertise is provide you with their services, not to provide a bullet proof password system. If they leak, they’ll just promise to do better, loose some useres, but the majority will stay (say google starts leaking thousands of passwords, I can’t say for sure that i switch, because they offer so many services that i need everyday… )

    So this is why i use LastPass. But if you want to have bullet proof security, set up a own webserver with VPN access and something like KeePass. Then you just rely on yourself paying your ISP ;)

  5. david donoho

    The notes from the Steve Gibson “Security Now” podcast has an in depth description of the Lastpass security features. Yuo will neede to scroll down the page to get to the Lastpass topic

    http://wiki.twit.tv/wiki/Security_Now_256

  6. Seagullcanfly

    I’ve been using LastPass for a little over a year and it was the one reason I hadn’t switched to Chrome for a long time. Initially, LastPass did not handle multiple passwords for different user accounts on Chrome very well, but now it’s perfectly fine.

    One curiosity I had is why this article didn’t mention putting this credit card information in one of the fill forms for LastPass. When I create a fill form profile, it will allow me to automatically enter in the credit card information, expiration date, and even the security code on the back of the card. I have different fill forms for sending things to different addresses. The fill forms will also remember your bank info, social security number, and preferred user name if you so choose to store them.

  7. Mary

    I can’t. Sticking those numbers online raises too many warning signs. Sure, I shop online but only to companies I know (and trust). This seems rather a blanket trust of a company I don’t know at all. Give me an app like this – which I can store on a drive or stick – and I’d be completely onboard. Online? No.

    I’m not into clouds either so that gives you a clue where I’m coming from.

    Sorry. I usually adopt and applaud HTG stuff. But not this time.

  8. Lisa

    Mary,

    I use Lastpass for passwords and usernames, but have always relied on Keepass to store important things like bank account numbers, credit card information, etc. It also has the advantage of being able to be stored on a drive or USB.

  9. JeffinVa

    Bobby & Mary,

    Lastpass does NOT keep your passwords and sensitive information (in readable form) stored on their servers. The beauty with Lastpass is that all the encrypting/decrypting of information is done locally on whatever computer you happen to be using.
    Lastpass does store the encrypted data which is nothing but a ton of digital ‘junk’ to anyone trying to look at it. It is truly safe unless you have a really bad master password for your Lastpass account. Actually the weak link to any password managing program is the master password. A good strong master password is super important.

  10. buggeek

    I use Norton Internet Security 2010 which includes Identity Safe & automatically fills in log-ins & credit card details. It provides the opportunity for multiple log-ins to the same site & I haven’t been able to fault it so far.

  11. Squeeks

    If Steve Gibson from Security Now uses this application than it is secure. He is very meticulous when it comes to security related issues and he went through this app with a fine toothed comb. A link to his podcast on Lastpass is posted above.

Enter Your Email Here to Get Access for Free:

Go check your email!