We all know we should have different passwords for all the different digital services we use to ensure our online and business security. And we also know these passwords should have long strings of numbers, symbols and both upper-case and lower-case letters. But how many of us are really acting on that knowledge? There’s usually enough to worry about at work without figuring out a way to generate multiple passwords and store them somewhere that’s not vulnerable to attack.
LastPass provides an easy way to make the switch. The free version of the service comes as a browser add-on: it can generate strong, complex passwords for each platform that requires a log-in, then it remembers them for you in a way that’s much more secure than storing them in a file on your desktop.
The codes are heavily encrypted and are decrypted only on your own computer: LastPass doesn’t even have the encryption key. It comes with a “vault” where you can store not only passwords but also credit card information, other form-fill data and even backups of important documents to make registering with web platforms and buying online quicker and easier.
There's not even a tedious setting-up process: all you have to do is click a button each time you log on to an app or site and it will remember each one as you go. The only tricky part is figuring out a way to remember your master password. If you forget how to log in to LastPass, you can recover it in theory, but there are many hoops you will have to jump through that protect your information.
Users who want the same level of protection on their mobile gadgets need to upgrade to the premium version, which costs $12 and includes an app that is compatible with all the usual operating systems, including BlackBerry and Windows Phone.
There is plenty here to satisfy security experts; and for those who are total newbies, the process is not daunting. The platform even coaches you in how to improve your habits, giving you a percentage rating each time you take the “LastPass Security Challenge”.
q&a take it to the next level
Jessica Holland explains how LastPass can also be applied to the workplace:
How can employers use password managers to protect their businesses?
LastPass Enterprise is the top tier of membership, at $24 per year, and has features just for companies, like a centralised administrator’s console and the ability to share folders.
What type of multifactor authentication can be enabled?
All membership levels allow you to enable a second level of protection: either via a one-time log-in code texted to your phone, or by downloading an app that gives you a new log-in code every 30 seconds. There is also the option of setting up temporary passwords when you are abroad or somewhere with an internet connection you don’t trust. With premium and enterprise accounts there are additional options, such as linking your account to a physical security token or biometric sensor.
How secure is LastPass itself from attack?
There was a security breach earlier this month, during which users’ email addresses and a few other data points, such as password reminders, were stolen, but the encrypted password vaults remained safe. Experts have said that while no method is 100 per cent safe, using a password manager is always better than not using one, and LastPass has consistently been one of the most highly rated by sites like Lifehacker and PC World.
Where should I record my master password, to log in to LastPass?
It’s best to memorise it rather than write it down – at least you’ll only have one to remember.
Follow The National's Business section on Twitter