It’s all too easy to get sloppy with your password security as the number of accounts and accompanying passwords pile up. It’s time to start letting LastPass generate and manage your stable of secure passwords.
LastPass is a password management tool that takes all the effort out of managing your passwords—it’s so effortless, in fact, that it’s the most popular password management tool among How-To Geek readers. We all have reasons, most of them in common, for not using passwords as strong and varied as we should: it’s a pain to remember them, it doesn’t seem that important to vary passwords wildly, entering complex passwords for each web site we visit is a big hassle, etc. LastPass removes those barriers by making password generation, management, and deployment dead simple and seamless.
LastPass combines a local password manager with cloud-based storage. Your password database is decrypted locally on your device and is stored in the cloud, encrypted with 256-bit AES. Your passwords are only accessible via local decryption or by logging into LastPass’s secure web site using your master password to decrypt your password database over the SSL pipe.
In addition LastPass also includes password generation tools, automatic form filling, as well as automatic login/password completion. Once you’ve got LastPass up and running you’ll never have to worry about weak passwords again. LastPass is available for Windows, OS X, and Linux as well as iOS, Android, BlackBerry, Windows Mobile, Symbian, and webOS. LastPass also supplies add-ons for Internet Explorer, Firefox, Safari, Chrome, and Opera. You’ll be hard pressed to find yourself, on any platform or with any browser, separated from your passwords.
The first thing you need to do is get yourself a free LastPass account. Head over the LastPass.com and download the appropriate software for your machine. We’re going to download the package for Windows, but the steps for each OS are pretty much the same. Run the application; you should be greeted with a run wizard that looks like the screenshot above. Check the web browsers you want to install LastPass on. The advanced options gives you more control over the specific aspects of those browser installs; skipping the advanced section is fine for most users.
Select that you do no have an account and wish to create one.
Type in your primary email address and select a strong password. You’ll only be using this password to access your web password vault and to login once every browser session to the local database. Now is a great time to start using a passphrase instead of a simple password—i.e. HowToGeekR0cksMyB0xIn2011.
They can’t stress it enough and we can’t stress it enough on their behalf: if you lose your LastPass password you’re totally out of luck. Again, use a strong and memorable passphrase. If you have to, write it down and tape it to the bottom of your desk drawer or otherwise hide it away.
At this point you’ll be prompted to import all the passwords from your web browsers into LastPass. There’s really no good reason not to do this. Even if you’ve used “password” for all your passwords, it will at least build a list of sites you’ve been using insecure passwords on so that you can later go back and update them. In the next step it will list all your saved sites, their username/passwords, and a toggle for you to select and deselect them for import into LastPass.
We’re almost done! The last setup step is to specify whether or not LastPass should log you out when the browser closes and whether or not your LastPass Vault should be your homepage. We recommend setting it to log you out and not using your vault as your homepage. We double recommend against those things if you’re using LastPass on a portable computer or mobile device.
After you finish the LastPass installation, launch one of the web browsers you specified in the first step of the setup. In the toolbar of the browser will be a dark LastPass icon (which looks like an asterisk). Login using your email and LastPass password. We let LastPass remember our login but leave the password blank. Once you login the LastPass logo should switch from dark gray to red and white.
Clicking on the logo yields a drop-down menu filled with LastPass goodies. The first thing we want to do is hit up the Preferences menu. Click on it now.
LastPass is notoriously chatty. We happen to like the notifications but many people aren’t so fond of them. We’d recommend leaving the default notifications in place as they serve as excellent reminders to use LastPass and to generate secure passwords. As you get more comfortable using LastPass and need fewer reminders, go ahead and return to this menu and toggle some of them off.
From this point forward LastPass will automatically detect when you’re visiting a website that you’ve already created a login for and will prompt you to generate a secure password for new web sites you’re joining. In the next section we’ll take a look at that process.
When you create a new account for a web service, LastPass will prompt you to generate a secure account. In the screenshot above we started the signup process for a Yahoo! Mail account. When you click the generate button LastPass will open a new tab with the password generator.
There you can set your password length, accepted characters, and other parameters. You can accept the password or generate a new one with new variables until you’re satisfied. When you hit accept LastPass will automatically fill it in for the site (and remember it on your behalf).
When you’re done filling in your new account information LastPass will again detect that there is activity with the new account. It will ask you to either confirm that you’ve changed the password or to save a new site as a new entry in your password database. Since we just created a new account, we’ll click Save New Site (if you’re changing the password on an existing site that is already in your LastPass database, you’d click Confirm instead).
Now, although LastPass is pretty awesome at detecting things, initial registrations usually have unique URLs and can often throw LastPass off. When you click Save New Site, make sure to check the URL and Name spots. The default for our Yahoo! Mail account looks like this:
We took a moment to clean it up to reflect the URL we’ll be routinely using to login to Yahoo! Mail:
This is also a great time to start using the Group function. You might, for example, group your financial, gaming, communication, and work web sites into separate groups. From this menu you can also toggle things like autofill/autologin and require master password entry before accessing that particular entry.
Now is a great time to start going through your existing logins to upgrade the passwords using LastPass.
If you never use LastPass for anything other than generating and storing secure passwords you’ll be miles ahead of 90%+ of the average computer user. LastPass has a slew of additional features, however. Once you have LastPass installed on your primary browser here are some of the extra things you’ll want to check out:
The LastPass Security Challenge: This is a fun tool for your LastPass Vault that analyzes your logins/passwords and generates a score passed off of the uniqueness of your passwords and other factors. Increasing the strength and variety of your passwords will increase your score in this security game.
LastPass Mobile: The mobile app once required upgrading to the $14 a year premium plan, but it is now free. Take your passwords with you wherever you go. This is a must-have.
LastPass Screencasts: If you’re unclear on how the major components of your LastPass vault work, there’s likely a LastPass created screencast to show you how to use it.
One Time Use Passwords: Your master password is important and needs to be protected. What about when you want to access your LastPass account away from home? Don’t risk your master password on a computer with unknown security. Generate a single use password for your LastPass account. You can use that throw away password once in the future and then it will never work again—extremely handy for logging in from an internet café or at a friend’s house.
Import: Have a bunch of passwords already stored in another program like KeePass? No problem. Import them all using the LastPass Import function.
Multi-Factor Authentication: Although it may be overkill for some, you can easily turn on multi-factor authentication that links your LastPass account with a USB key, Yubikey, Fingerprint reader, or Smart Card reader.
Have a LastPass tip, trick, or add-on that has helped you stay on top of your passwords? Let’s hear about it in the comments.