Home > Software > LastPass: Time to Get Rid of the Sticky Note Password Management System

LastPass: Time to Get Rid of the Sticky Note Password Management System

Whether you know it or not, you need an online password manager. And an Excel spreadsheet, or a crumpled up sticky note that you carry around with all your account numbers and passwords is not practical and is very insecure. At this point we all many online  accounts with passwords as well as credit card/bank account info that we need to access continually. It’s all gotten very messy.

Password managers are a class of software add-ons (typically that work with your browser) that allow you to securely store and manage hundreds of passwords, typically with strong encryption mechanisms that are designed to keep the bad guys out. What is most significant about these products is that they encourage you to significantly change your password habits. So instead of using the name of your cat, or your daughter’s birthday, users of these products have  practical tools to generate and manage unique strong passwords (I have over 350 accounts that are in my vault).

I have happily used Siber System RoboForm for a couple of years (and have encouraged all of my staff to do the same), and recently have migrated to LassPass because of it’s use of multi-factor authentication (more on this later) and it’s compatibility with Linux Ubuntu (which I use as my day-to-day OS).

LastPass is a cloud-based computing service, which stores your passwords in remote data centers. And while I was initially nervous about the idea of doing this, after experimenting and reviewing several independent analysis of their methodology, I felt that they were at least as secure (if not more) that RoboForm (which of course is a lot more secure than sticky notes).

You can read about their technology here. And there’s a great forum dialog between LassPass’ Joe Siegrist (one of LastPass’s founders) and a concerned (but very security saavy) potential customer with a security bent here.

LastPass works with various browsers and across platforms. Once you have sites and passwords in your vault, every time you hit one of those sites LastPass will either automatically fill it in (if you chose that option) or prompt you. Hit a site that requires credit card entry or shipping information? LastPass can fill that in too (no need to go running for your wallet to check the credit card number). Have multiple credit cards (e.g. work and home)? No problem, LastPass lets you choose. Not comfortable having any of this automatically fill in? LastPass can prompt you for a master password anytime you need items that you consider to be sensitive or need extra security. Encounter a new site? LastPass will generate a secure password for you then save it back to its database. Except for the occasional site that has some weird programming (ml.com doesn’t work well for me), it’s all very seamless. You quickly become dependent on it. At this point, I’m happy to say that I don’t know most of my passwords because they are all strong.

The just released version 1.62 continues LastPass’ multi-factor authentication feature evolution which makes using a product even more secure. In addition to a master password against your online password vault, LastPass can optionally use an external USB product called Yubikey or a specially prepared plain old USB flash drive as a second authentication factor (this requires a premium subscription which costs $12 per year). Basically you need both to get access to your vault. In this set up, you will not have access to the LastPass vault without the USB device and your master password. I used Yubikey for a while, and it worked great, but recently switched over to a USB flash drive add on program called Sesame that LastPass has developed because it allows me to have multiple devices with the same account (e.g. I have one flash drive configured for my work laptop, another for my netbook).

Since I switched over to LastPass RoboForm has developed a competing cloud service that’s currently in beta. For the moment, I’m pleased enough with LastPass that I’m not ready to go back to RoboForm; however, I suspect that RoboForm’s cloud product is as strong as their flagship product that Windows users have been using for years.

So if you are one of those who use the same password for everything, or never change your passwords, of have sticky notes all over you computer with your passwords, you’re taking a lot of risks. Both RoboForm and LastPass basic product are free, so there’s no reason to live your online life unprotected.

Advertisements
Categories: Software Tags: , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: