LastPass

LastPass is cloud based password management system. One advantage of LastPass over other password is that the data is available on any computer with an internet connection. There is an add-in/extension for each of the major browsers. Alternatives like Keepass are good but access to the data either requires a flash drive or some type of online storage access like Dropbox. The browser extensions allow autofill and autologin options that make life simpler.

As usual the major concern about storing passwords on the internet is “will the data be secure”. The Security Now Podcast about LastPass with security expert Steve Gibson goes into detail about how the data is encrypted on the local computer and always transmitted and stored in encrypted format. All this means you just need to remember one strong password word and use LastPass to create long random strings for your other passwords and use the browser extensions to autofill them.

As well as describing how your data is secure in LastPass, Steve describes what a good password is. He recommends using 10 character passwords containing uppercase letters, lowercase letters, and digits. The justification is below from the show notes, http://wiki.twit.tv/wiki/Security_Now_256:

  • This is 5.94 binary bits of equivalent strength
  • 5.94 * 10 = 59.4 equivalent bits of binary strength
  • 2^59.4 = 7.6 X 10^17 possible combinations of passwords
  • This also makes entering the passwords on Mobile phone easier as well since there are no special characters.

    The best part is that LastPass is free except if you want to use their mobile applications and select few other features that can be found at LastPass Premium.

    There is also a way to view the data offline with LastPass pocket and to export the data to a csv file just in case LastPass goes out of business or you just want to backup the data yourself. If you plan to export all your passwords to CSV you might want to store that file using TrueCrypt, a subject for a latter post.

    Advertisements
    Categories: Security | Leave a comment

    Post navigation

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    Blog at WordPress.com.

    %d bloggers like this: