It seems that hardly a week goes by without the news of another data breach. The chance that your personal account for at least one web site has been leaked in the past couple of years is higher than we would like to believe. As a software developer, I take protecting the data of my customers as my highest priority. Unfortunately, experience has shown us that this is not the case with all web sites. All too often, there has been a release of thousands of email addresses and passwords that a web site was not storing in a secure manner.
So, if you find that your email address and password have been leaked in a data breach, what are you to do? If you use the same email address and password for multiple sites, an attacker could already have access to all of your accounts, including bank accounts and shopping sites. So, you should always use a separate, secure password for every site. But who can remember all those passwords? I know I cannot. I know exactly three passwords: one for my work domain, one for my personal email, and one for LastPass.com.
The beautiful thing for me is that LastPass.com remembers the rest for me. I don’t have to recall my Amazon.com account, my MSDN account, or any one of literally dozens of accounts that I use everywhere from daily (bank, streaming media services) to once every year or so (Continuing Education tracking).
LastPass stores your account information in an online “vault” that is encrypted and decrypted only on your local client PC. This means that before it is transferred to LastPass, your data is already encrypted. LastPass never has access to your account information directly. LastPass cannot retrieve your password or reset it for you. If you forget your LastPass Master password, you will not be able to access your account.
Once you have set up your account, download the LastPass extension for your browser of choice. Using the built in secure password generator to set your password for each account ensures a secure, unique password for each site. Use the security check tool to check for vulnerabilities such as duplicated passwords and sites vulnerable to specific attacks.
LastPass also provides smartphone apps for iOS, Android, Windows Phone, and BlackBerry through their LastPass Premium accounts. For $12 a year, you can access your password vault from your mobile device. Personally, I appreciate the ability to use Touch Id on my iPhone to unlock my password vault without having to type in my very long master password every time. That alone is worth the cost to me.
LastPass is only one of a number of very good password managers. I would recommend everyone use a secure password manager to keep their accounts secure and separate.
Note: This review is based upon my personal use over the past three years. I have not used or tested all alternatives. I’m interested to hear your opinions of other password managers such as 1Password and KeePass, which are two popular alternatives.