Choosing secure passwords is important to protect the user accounts from being accessed by unauthorized users. The problem that arises for all users is that secure passwords are harder to remember. Writing them down is one solution to the problem. The other possibility that is more reasonable is using a password management software.
A good password management software should ensure data security, provide password generation and integration into common web browsers to make the life of the user as comfortable as possible.
The password management software Last Pass does all of that and much more. It currently supports Microsoft Internet Explorer and Mozilla Firefox on Windows, Linux and Macintosh. It provides the option to import the existing passwords from Internet Explorer, Firefox and multiple password management software applications like KeePass and RoboForm and makes them available on their secure website and in the browser of choice.
The password manager automatically recognizes websites that it has user data stored for in its database and will fill out the login forms automatically so that it is only a matter of clicking on login to login to the website.
Each password and the rest of the user data can be accessed on the last pass website. Sites can be loaded from there and data changed. The online profile provides access to another interesting feature: It is possible to fill out form data for login forms so that it will be automatically filled out as well when the user registers at a new service.
The password generator comes in handy when registering to a new service on the Internet. A hotkey or the notification on top of the website can be used to open the password generator which can be configured to suite the website’s requirements.
The Password Management Software Last Pass will also recognize password changes and ask the user if he wants to store the new password in the database. The passwords can be easily backed up and restored to access them on multiple computers. Since all of them are stored in encrypted form on the Last Pass website it’s only a matter of entering the login information and / or installing the plugin for the browser to access the passwords on other computers.
Windows users can also use a portable USB client that can connect to the password management service and pull the passwords from there after proving the correct login details.
One interesting feature is the function to share passwords. Have you ever send someone passwords in plaintext before? That should be a thing of the past because passwords can now be shared securely using Last Pass as well.
Lastly there is a feature to supply different login credentials if more than one account is stored in the password manager for a website.
The only problem that was encountered during tests happened when trying to change passwords on websites. The generated password would fill out the Old Password and the first form of the New Password field. A workaround for this was to copy the password from the password generator, let it paste the password and paste it manually in the second password field and enter the old password manually. Not a huge deal but something that could probably be easily fixed in future builds.
Last Pass is a comfortable password management software that should appeal to many users.
Related posts:
Internet Explorer Password Management Add-onLastPass Now Compatible With All Browsers
Password Software
Ghacks Christmas Giveaway: RoboForm
Firefox Mass Password Reset
15 Responses to “One Password Management Software To Rule Them All”
Trackbacks/Pingbacks
-
[...] via ghacks [...]
-
[...] have to remember anything anymore. These tools are unfortunately not used by many Internet users. (Last Pass is one [...]
-
[...] ricordare più nulla. Questi strumenti purtroppo non sono utilizzati da molti utenti di Internet. (Last Pass è [...]
-
[...] manager and form filler back in September and came to the conclusion that it was one of the best password management software programs out there. To be more precise, LastPass is an excellent unobtrusive password manager for [...]
-
[...] manager and form filler back in September and came to the conclusion that it was one of the best password management software programs out there. To be more precise, LastPass is an excellent unobtrusive password manager for [...]
I love LastPass. It’s so easy to use. Unfortunately, I have encountered a small problem in that I am unable to access my on-line e-mail using the new version of Rogers Yahoo. However, the classic version of Rogers Yahoo works just fine.
Just what I am looking for right now. I’ve been using PassPack for long, and it works great. However PassPack is too simple, thus lacks many features such as password generator, or the ability to choose where you can save the file.
I’ve tried KeePass, nah too complex. Currently using PasswordSafe and it is pretty good.
LastPass sounds promising, especially the integration with the web browser. I hope future builds will include Opera.
Theoretically, all password storage systems could be cracked, compromising all your sites. I’d worry about relying on an online system of any sort no matter how clever or otherwise it seems to be. There is no perfect answer LastPass is just another compromise.
@David Bradley: There is no perfect answer to everything. What a password storage system do is simplify the management of your passwords (obviously). It can generate complex passwords, and store them so you don’t have to remember all those tiny caps/big caps/numbers in your head.
Sure, it can eventually be cracked. But I prefer a password storage system that writing it on sticky notes, any day.
I do agree on the compromise of online system. Though it sounds tempting (you can access your passwords everywhere, don’t even have to bring a pen drive), I would never trust my security on cloud computing.
Yes, point taken. It was the cloud security aspect I wouldn’t trust. Moreover, I’d be loathe to have all my passwords in one box on my PC too in case it was stolen and cracked open.
Why wouldn’t you trust your encrypted data to be stored on a server?
LastPass works by locally encrypting data with 256-bit AES, then storing that for you so you can use it elsewhere. It’s quite safe if you pick a good master password.
If you trust NIST:
Q: What is the chance that someone could use the “DES Cracker”-like hardware to crack an AES key?
A: In the late 1990s, specialized “DES Cracker” machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2^55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
– NIST.gov AES Questions and Answers
LastPass uses a 256-bit AES key, so it would take many times longer than this. The risk of compromise of your locally encrypted data is exceedingly low.
Using LastPass is by far safer than what most people do, which is use a few passwords for every site. Many sites don’t hash passwords and simply store them in plain text, many sites don’t encrypt the channel for sending passwords. These are the pratical attacks that hackers can use to compromise you.
Joe Siegrist
LastPass
May be I’ll check it later. Now I’m satisfied with Keepass, and I like that it’s OpenSource.
Joe Siegrist-
Thanks for the clarification. I’m now more inclined to take a look at your offering.
Really an amazing product. I use it on a daily basis…
Joe (the LastPass guy) said:
“Why wouldn’t you trust your encrypted data to be stored on a server?”
Because there could be implementation bugs in your software, for one thing. It’s not impossible that you sometimes mistakenly send unencrypted passwords to your server under certain circumstances. It’s not impossible that the encryption is done, but not done in the best way, and has weaknesses that should not exist.