Dashlane is currently in private beta, which means that you need an invite to start using it (thanks to The Next Web). Once you have have entered your email address you are redirected to a page where you can download the Windows or Mac client to your local system.

Dashlane currently connects with the Chrome and Firefox web browser only, with an Internet Explorer version in the making. Installation gives users choice to connect to one, multiple or all of the supported browsers, which is better than Norton’s all or nothing approach. It felt kinda weird though that you had to close all browsers, even if you unselected the extension from being installed in them.

The program ships with a desktop program that you can use for all management purposes, and a browser extension that handles input and detection in the web browser.

The browser extension basically acts as a link between the desktop app and the web browser. It can fill out login information automatically for you if you have configured it that way, and will automatically ask you if you want to send new logins to the password manager for safe keeping. It is furthermore possible to click into a login form directly to select one of the available accounts for the site.

You can configure the program to generate strong passwords for you whenever you register new accounts. Just click in the password field of the registration form, and then on the generate strong password button that appears right beneath it to create a strong password.

Dashlane furthermore can do all the form filling for you, if identity related information have been saved into the program’s database previously. The program takes care of multiple identities for you, and if you like also of ID related information and payments that you make on the Internet. These information can then be filled out automatically whenever you register a new account on a site.

One interesting feature of the desktop application is the security dashboard, which lists password strength ratings for all accounts.

Links point directly to low safety accounts giving users options to change their passwords on site directly to make them more secure.

The desktop app is protected by a master password which needs to be supplied on start before you are able to access the information. The developers have published a white paper that explains the security concept in detail.

You can synchronize password information easily, provided that your devices are running a support operating system and web browser. Data is encrpyted with an AES-256 key before it is written to the computer’s hard drive. Information may also be stored in the cloud, if users select to synchronize their information across devices for instance.

Users can access their data on the web as well, which is useful if you are on a public PC, mobile phone or computer that’s not compatible with the Dashlane desktop app. They should note though that the web app is read-only.

The program only asks you if you want to import your browser passwords into the password manager (and delete them afterwards). Users find desktop password manager import options under the File menu. Supported are popular password managers such as Last Pass, KeePass or 1Password.

Dashlane Presentation Video

Closing Words

Dashlane shows a lot of promise for a closed beta product. It is definitely superior to Norton’s password manager at this point in time. Not everything is golden though right now. The program lacks support for Internet Explorer, Opera and Safari currently, with only Internet Explorer listed as “soon” to be compatible.

An option to generate secure passwords, or to modify password creation rules, is not available currently.

It is also not clear if the developers plan to turn the service into a commercial password manager at a later point in time, or if they are going down the LastPass road which would keep the basic desktop version free.

If you are looking for a password manager for Windows or Mac, and are using Firefox or Chrome, I suggest you give it a try.

Symantec has recently launched Norton Identity Safe, a password manager for Windows PCs as well as Android and Apple iOS mobile devices. The program ships with browser extensions for all five popular browsers (Opera, Internet Explorer, Firefox, Chrome and Safari).

Norton Internet Security and Norton 360 users may already know the program as it is integrated into their applications. Everyone else can download a free copy of the password manager from the Norton website.

The program stores password information in the cloud like Last Pass, another password management service, does. When you compare the two services you will notice that Last Pass has an edge over Norton’s tool, as it supports features like automatic form filling, a portable mode or 2-factor authentication. Some of those are on the other hand only available for Last Pass Premium account users who pay $12 per year for that service.

Norton’s Identity Safe on the other hand ships with Norton Safe Web which informs you about unsafe websites that you are about to visit. Norton Safe web Life then again is available for free.

Here is a short table comparing core features of both products:

All Norton Identity Safe logins, notes and cards are saved with a master password that you need to create during setup. Norton requires you to use at least one upper and lower character, one number and one special char for the master passwords.

Toolbars are installed in all supported browsers automatically during installation, with no option to block the installation in some browsers. The toolbar is unfortunately not compatible with all browser versions. It failed to install for instance in Firefox Aurora.

The toolbar displays a search form, Safe Web, Identity Safe and sharing options. The search links to a custom Norton search engine. The Identity Safe button in the toolbar appears to be the only option to control the password manager. I closed the toolbar in Chrome and could not get it to open up again as there were no options to do so.

The menu links to the Identity Safe homepage, settings, a log in list that is directly accessible from the menu and options to log out of the password manager.

The password manager interface displays the password strength of the selected password. Here it is also possible to define whether the password information should be filled out automatically when the page is visited, whether a prompt for the master password should be displayed before that’s happening, and whether the program should you log in automatically if you select the login from the list.

The password manager works as expected most of the time. I had troubles getting it to work in Internet Explorer 9 though. The toolbar displayed fine in the browser, but new passwords and log ins were not recognized by the program.

Norton Identity Safe is an alternative to Last Pass, especially for users who want mobile access to their log in information. Most users will have troubles getting their stored passwords into the program in first place, which will keep many from using it (unless they use Internet Explorer for that).

The lack of browser selection during installation, missing form filling support, lack of frontend on the desktop and several bugs should keep most users from using it as their main password manager.

The Norton Identity Beta website offers no information on the future of the product. Will the final version remain free, or will it be turned into a commercial software that users have to pay for?

Have you tried Norton Identity Safe? If so, what’s your impression?

The core purpose of a password manager however is the secure storage of passwords. With password managers, users can select secure and unique passwords for their online and offline accounts, without fear of forgetting the password at a later time.

Users without password managers often select easy to remember passwords like qwerty, abc123 or password. The problem with those passwords is that they are also easy to guess. Complex passwords like qmBU2tTW3oAC0rRJ4h are hard to remember even when no special symbols are used. Imagine having to remember dozens of strong passwords for your online accounts.

Kaspersky Password Manager is a commercial program for the Windows operating system that leaves little to be desired in this regard.

Users on first run need to select a master password to protect the database from unauthorized access. They can furthermore select a different authorization method, using USB devices or Bluetooth devices, if they so desire.

Passwords can be imported from the web browsers Internet Explorer, Chrome and Firefox, the email client Thunderbird, AI Roboform and KeePass. Kaspersky Password Manager connects with Firefox, Chrome and Internet Explorer. This does not mean however that users with other browsers cannot use the password manager, as it is still possible to access the program’s functionality on the desktop. Only automatic sign ins and recognition of account creations is limited to those browsers.

You can select the supported browsers that you want to connect the password manager with. Connecting offers several advantages. The application will notice sign ups and sign ins on websites automatically, and offers to add them to the password database.

Accounts can also be added manually or by importing from other password managers. All user accounts that have been added to the program become then available for one-click selection. Chrome users for instance see a Kaspersky Password Manager icon in their address bar by default that displays a list of all web passwords for fast access.

It takes two clicks to log in to any service this way. The same option is offered by the program’s system tray icon. A right-click on the icon displays a context menu with options to log in to any service saved in the password manager.

Another interesting option is that Kaspersky keeps track of frequently used passwords. These accounts are displayed prominently in both context menus (in the browser and system tray) for direct access.

The right-click context menu links to the built-in password manager as well. Here it is possible to generate secure passwords according to specifications. You can for instance create a 20 character password with upper and lower case letters, numbers, and selected special symbols. Generate passwords are automatically copied to the clipboard.

Web addresses can be added to the list of ignored urls. This basically prevents the password manager from interacting with those websites.

The program ships with an option to create a portable version of the password manager. That’s ideal for users who want to access their passwords on the go.

The identity manager makes form filling on the Internet a pleasant experience. Instead of having to enter the same data over and over again, it allows to create identities that contain pre-filled information that can be automatically filled out when needed.

Verdict

Especially Chrome, Firefox and Internet Explorer users benefit from Kaspersky’s Password Manager as it integrates directly into those browsers. The program ships with everything one would expect from a password manager, from secure storage over password generation and identity management.

The program has no option to synchronize passwords over the Internet. One option to overcome this is to use a service such as Dropbox for that.

Giveaway

We have seven Kaspersky Password Manager licenses for this giveaway. Leave a comment telling us about your current password management setup.

Windows 8 can be used to store and retrieve “multiple account names and passwords for all the websites and applications you use”. This was the part that got me excited. The next sentence however puts a serious dent into this excitement. Why? Because the credentials manager is limited to Microsoft’s Internet Explorer 10 (Metro style apps can use it to store and remember app specific passwords). If you are using a different browser, you can’t use and won’t benefit from the feature at all.

Windows 8 simplifies the task of managing unique and complex passwords in two important ways. The first is by providing a way to automatically store and retrieve multiple account names and passwords for all the websites and applications you use, and do so in a protected manner. Internet Explorer 10 uses the credentials that we store to remember names and passwords for websites you visit (if you choose). In addition, anyone building a Metro style app can use a direct API to securely store and retrieve credentials for that app. (It is important to note that IE respects instructions from websites about saving your credentials – some websites specifically request that passwords not be saved.)

The way the feature is integrated is also inferior to password managers like KeePass or LastPass, which offer auto-sign in or one-click sign in technologies. With Windows 8 and Internet Explorer 10, neither auto-filling of the username and password fields are supported nor automatic log ins. Internet Explorer users have to type in the first character of the username to get a list of matches for that particular sign-in form. A better option would be to auto fill unless there is more than one identity available for the active web service.

Another point of criticism is that Windows still does not have a unified password storage. Users could benefit greatly from a single storage location that would store passwords for FTP servers, HomeGroups, Bitlocker, wireless keys or Outlook in one place.

You can read more about the planned implementation over at the Building Windows 8 blog.

The password manager LastPass had been my password manager of choice before I switched to the Open Source password manager KeePass. LastPass supports multifactor authentication systems for some time now, for instance with the help of Yubikeys. But those usually came with a cost.

LastPass back in November introduced support for Google’s Authenticator app to add another multifactor authentication option to the service.

Google Authenticator is a mobile application for Android, iOS, Blackberry and Symbian devices that generates a temporary verification code that users need to enter when they log into LastPass from untrusted devices.

Google Authenticator needs to be linked to LastPass before the new security feature can be used. Here is how this is done.

• Google Authenticator needs to be installed on a mobile device. Google offers installation instructions for Android, iOS and Blackberry devices. Please note that you need to enable 2-step verification using the phone number as Google Authenticator cannot be setup otherwise.
• Once Google Authenticator is up and running properly, LastPass users need to visit this link to link the authenticator with their LastPass account. This is done by either scanning the displayed barcode with the mobile device, or by entering the Google Authentication key displayed on the website manually.

LastPass will from now on display a Google Authenticator Authentication page for log ins to the service from untrusted devices.

LastPass users then need to open the Google Authenticator app to generate a one-time verification code that they need to enter on the LastPass website. Users who require offline access to their LastPass password database can configure this during configuration. It is also possible to trust devices to avoid having to generate and enter verification codes on every log in.

Additional information about the setup are available on the LastPass Support website.

The new multifactor authentication adds a second layer of protection to the LastPass login process that makes it a lot harder for attackers to access a user’s password database.

RoboForm is a password manager for Windows, Mac OS X and various mobile operating systems like Android that makes life easier and more secure. The program integrates well with Internet Explorer, Google Chrome, Firefox and Opera. Users who work with different programs or browsers can still use the RoboForm interface to store and retrieve passwords manually.

Passwords and other data are stored in encrypted form by the application. A master password protects the data from being stolen or looked at. Once the master password is entered correctly, access to the program database is granted.

Installation

Users can select the browsers that they want RoboForm to integrate with. A toolbar is added to the selected browsers which offers fast access to saved logins, the password generator or form filling module.

The toolbar can be disabled without losing the program’s functionality in the browser.

First time users who have been using a different password manager before should start with the program’s import option to transfer their login data to their RoboForm password vault. It is possible to import passwords, bookmarks and other data from all supported web browsers and from popular password managers like Last Pass or KeePass.

Importing data from other programs saves time but it is not a necessary step to make use of RoboForm. You can alternatively add login data to the program manually.

RoboForm Editor

Roboform ships with an editor for organizing and managing logins, bookmarks, identities, contacts and notes.

The editor can be used to edit existing data, create folders to organize the data and to add identities, contacts and safe notes to the program. It feels strange that it is not possible to add login data directly to the editor. You can create new logins either in one of the supported web browsers (by logging in to the service that you want to save) or by right-clicking on the password manager’s system tray icon and selecting Logins > New from the context menu.

One interesting option provided by the RoboForm Editor is the ability to sign in into one or multiple web services from the editor window.

Using the password manager

Once you have set up the program you are ready to make use of it. Toolbar users have all options in reach with just a single click. Most users on the other hand may prefer not to have an additional toolbar displayed in their browser.

Part of the RoboForm functionality is also available via the right-click menu. Options to fill and save forms, to display the RoboForm toolbar and to customize the menu are displayed by default. The customize menu option offers to add or remove menu items.

The customization can be used to add links like the program’s password generator, the RoboForm Editor or a log off option to the context menu.

A right-click on a web page opens the context menu with all set options. It is for instance possible to select the Fill Forms option to fill out the username and password, and to optionally log in automatically on the site.

RoboForm will automatically recognize new sign ups and first time log ins on websites. The program display a prompt offering to save the login data. Users can force the saving of data by Alt-clicking on the login button. A similar option is available for text field form data which can be automatically saved with the shortcut Shift-Enter.

RoboForm shortcuts are automatically enabled in supported browsers (with an option to disable the feature in the preferences). This basically can be used to open menus directly in the browser. Alt-X for instance opens the login menu with options to create a new login, edit an existing login or log in to one of the existing web sites or services.

Shortcuts are available for all core functionality. Individual shortcuts can be edited or turned off in the RoboForm Options.

RoboForm Everywhere

RoboForm Everywhere offers to save passwords and data in the cloud. The benefit here is that it is easier to synchronize data between multiple computer systems. All it takes is to install RoboForm on all systems and to log in with the same account information.

Users can furthermore log in on the RoboForm website to access their login data online, even if the program itself is not installed on the computer system.

Misc

The developers have integrated many convenient features into RoboForm. Among those features is a profile switcher to manage different data sets more efficiently, a domain equivalences option which basically enables a log in on multiple domains, the option to change the encryption algorithm, backup and restoration options or the ability to configure a specific browser for logging in on the Internet (which does not have to be the default browser).

Free limited versions of RoboForm are offered as desktop applications or browser plugins.

Verdict

RoboForm Everywhere is a feature rich password and data manager that makes online life more secure and convenient at the same time.

I have encountered two issues with the program. RoboForm first installed the Firefox toolbar even though I disabled Firefox integration during installation. The latest version of Opera seems to be incompatible with RoboForm. A single icon is displayed in the Opera browser that in theory should display or hide the RoboForm toolbar in the browser. A click on that icon has no effect

Giveaway

We have ten RoboForm Everywhere licenses to give away. Leave a comment below for a chance to win one of the licenses. Please let us know how you are currently managing your online passwords.

For some time now, I had been thinking about switching to an offline password management solution. Not necessarily because I think that online password managers are inherently less secure, but because it give me more control over my passwords.

I therefor made the decision to migrate all my LastPass account information to KeePass, a free password management software. But simply migrating the data was not enough. If someone did actually manage to steal data from LastPass servers, they might have all my login accounts by now. The chance is slim, especially if you take into account what LastPass has communicated so far, but since I earn my living on the web I wanted to be on the safe side here.

The decision was born to change all my account passwords after the migration. I knew that this would not be easy, with 500+ accounts listed in the LastPass database.

This guide explains how I imported my LastPass login database to KeePass, and how to change all your account passwords in record breaking time. Don’t get me wrong, you will still spend hours and hours doing repetitive boring tasks.

Exporting LastPass database

The first task is to export the LastPass database. The information within act as a reference, so that you know how far you got with changing your account passwords. Open the LastPass website and click Sign In to LastPass to log into your account.

Once you are logged in select Export and enter your account’s master password again.

LastPass outputs all of your account information in one large list. Select all with Ctrl-a, and then Ctrl-c to copy the information to the clipboard. Save them in a text file on the local system. The list contains all urls, usernames, passwords and other information that you have stored in LastPass’s password manager.

Importing Passwords Into KeePass

Download the latest version of KeePass from the developer website. Please note that it is only available for Windows and many mobile devices. I have installed the password manager on an encrypted hard drive for extra protection.

Start KeePass after installation or extraction and select File > Import from the menubar. Select Generic CSV Importer from the options and load the text document with your account information. A click on OK imports the data into KeePass.

Please note that the url is added as the title of each individual password, which is not a big problem. The url field is left blank, which we will utilize soon.

Changing Passwords With KeePass

Now that you have all your LastPass passwords in KeePass it is time to change all of them. Here are a few tips to get you started with that:

• Disable the LastPass add-on in your browser. If you do not do this you will get a “we noticed a password change prompt” all the time.
• A big screen helps you. I had Firefox open in one half, Keepass and the password list in the other, which meant that I did have all information visible on screen all the time.
• Move all Generated Passwords entries to the old group
• Create password groups to sort passwords into. You can create new groups with a click on Edit > Add Group, or a right-click and Add Group.
• Start with your email accounts. Why? Because if they get compromised they may be used to reset passwords that you have just changed. Create a new group emails and change them right away.
• Now think about your most important accounts, e.g. financial, web hosting, shopping. Change those after you have changed the email accounts.
• Open a blank text document and use Tools > Generate Password List to generate a list of secure passwords. I suggest 20+ characters including upper- and lower-case, digits, minus and underline. You may add some special characters to it that are often allowed, for instance !?%&. Copy paste the full list into the text document. You will work through the list when you change accounts.
• Never use the same password for more than one account
• If you are a webmaster, you may have access to multiple accounts from one admin interface. For many WordPress sites, I have an admin account and an author account which both needed changing. To speed things up, you can log in with the admin, change the admin account first, and then change the author account while still logged in as the admin. The same is true for web hosting accounts if you host multiple domains and websites under that account.
• To keep track of things, I always added the url to accounts that I have changed the password for. I also moved those accounts to an appropriate group. This way, it was easier to keep track of the password changing progress.

The biggest drawbacks that you will encounter are sites that limit the number of password characters. I encountered more than one site that only accepted six characters in total. That’s crazy.

My routine looked like the following:

• Double-click the next entry in the KeePass database, copy the url, paste it into the web browser.
• While it is loading copy the username from the KeePass database.
• Paste the username
• Copy the password with a right-click
• Paste the password
• Locate the account settings or password change options on the page.
• Paste the old password in if the site required it.
• Copy the next password from the password list and paste it into the new password form, submit.
• Double-click the entry in the KeePass database, paste the new password in there as well.
• Copy the url and paste it into the url field.
• Move the account to one of the groups
• Repeat

You may be able to speed things up further by installing a plugin like KeeFox which brings KeePass functionality to Firefox. Similar extensions are available for other web browsers. I’m currently managing about 50-60 accounts per hour with this system. You may be even faster if you use a browser plugin.

Instead of sweeping that incident under the table, the developers decided to assume the worst case scenario: That an attacker managed to breach the security and download user data from the database. The traffic amount was large enough to include user emails, server salt and salted password hashes.

This data can be used by the attacker to brute force passwords which would then give access to a user’s Last Pass vault with all stored passwords.

The company as a consequence asks its users to change their master password as a precautionary measure.

Some users may have received notifications to change their master password, or other notifications related to the incident (an error has been encountered while loading your sites lastpass). Only users who try to connect and log in with a new IP address, one that they have not been using in the past weeks, are asked to do that.

I did change my master password and I’m currently seeing an anomaly on all sites. The autofill username and password feature appears to be broken. Even a right-click and the selection of LastPass > Copy Username or Copy Password does not reveal any entries.

I could not find any information about this on the LastPass website or in the user comments. I suppose it is a temporary thing that will resolve automatically.

Last Pass are rebuilding the boxes and have moved services to other servers for now. They also compared the code on the live servers with code from their repositories to make sure it was not tampered with.

If you read through the comments you notice that the majority of users that comment have log in problems. Some because their browser appears to be detected as a mobile device which they cannot log in with.

I for one am happy that LastPass did communicate the issue right away with their users, unlike other companies that we know of (hust, Sony, hust). Yes, it may be inconvenient today to get things sorted out, but I prefer that to doing nothing.

With that incident in mind, I thought it would be pretty cool if you could run a check on all of your passwords and login information to see which of your accounts may have been affected by the hack. While that’s unfortunately not possible, the next best thing is. The developers of the popular online password manager and synchronizer Last Pass have created an online tool that evaluates the strength and other information about all passwords stored in a user’s vault.

This way, you can assess all of your passwords and logins at once, and make changes to the accounts that receive a weak rating. It begins with an overall score and rank at the top. Detailed results are then displayed when you start scrolling down, and this is where it gets interesting.

The results screen displays various information about your passwords. This includes the average password length, number of duplicate passwords and sites with those passwords, number of weak passwords or number of blank passwords. While those results are nice to know, they are not that helpful as you do not yet know which sites and log ins share the same password or use a weak passwords.

Those information are displayed when you scroll down to the Analyzed Sites listing. Last Pass’ Security Challenge lists all sites with duplicate passwords, unique passwords and no passwords in list form on that page.

You see on first glance which sites share a password. Even better, the password strength is shown on the very same page ranging from 0% (very bad) to 100% (very strong).

A visit site link is provided next to each entry which makes it even more comfortable to visit those sites and change the passwords.

It may take a while to go through all duplicate or weak password sites that are shown, but it is well worth it. Chance is, you find duplicate site listings as well, which is for instance the case if a service uses the same log in on more than one domain, or if you use it to access a site by domain name and IP address.

You can run the test again at anytime, and the score gets automatically updated. Last Pass displays test history information where you can see how the score improves or drops based on your changes.

A low score does not necessarily mean that you do not care about your account security. I for one use the very same username, email, password combination on many sites that force me to register to check out their service. These accounts are in no way linked to me and it would not be problematic if they would get hacked. More or less like a private Bug Me Not password if you like.

Tips on how to improve the overall security score are displayed at the very bottom of the page.

Last Pass users who want to run the test can do it on the Last Pass website. They need to be logged into their Last Pass account for that. (via Caschy)

I recently stumbled upon LastPass Sesame by chance. It is a free tool for 32-bit and 64-bit editions of Windows, Linux and Mac operating systems (that’s what the help file states, I was only able to find the Windows download on site) that can be used to add multifactor authentication to Last Pass.

It has been specifically designed for USB Thumb Drives and situations where you cannot “trust” the PC you are working on. Ideal for libraries, Internet Cafes, connections via wireless networks and other public places that offer access to computer systems or networks.

Read on to find out how Last Pass Sesame is setup and used. It begins with the authorization of Last Pass accounts in the software. This is done by entering the Last Pass username and password into the authorization prompt that opens on first start.

Each user account that is authorized this way is shown in the main program window. Here it is then possible to click on the Generate One Time Password button to create a one-time password for that account.

Each new account needs to verify participation before it becomes available in the software program. An email is automatically send to the account’s email address. The email contains a link that needs to be clicked on to activate Last Pass 2-step verification log ins.

The account from that moment on will be protected by the default username and password, and the one-time password that needs to be generated whenever you want to log into your Last Pass account.

Sesame can be deactivated at anytime. An email with a link to deactivate Sesame is send to the registered email address which again needs to be confirmed (by clicking on a link).

Take a look at the video below to see the whole process in action.

Last Pass Sesame adds a new layer of protection to the account. The procedure is definitely more secure than the standard Last Pass authentication method. That alone should be reason enough to give it a try, especially if you put it on a secure USB stick that supports data encryption.

Last Pass Premium users who would like to give Sesame a try can download it from the official website.

A cross site scripting vulnerability was recently discovered by a security researcher on the LastPass.com website. The potential to exploit the vulnerability was limited, as it required a specifically prepared website and a user who was logged into LastPass.

The developers stated on the official LastPass blog that the logs did not indicate that the vulnerability was successfully exploited, other than by the security researcher who discovered it.

The vulnerability has been fixed and, as a consequence, security has been improved on the Last Pass website. The developers list four areas of improvements:

• Implementation of HSTS which basically forces supported web browsers (Chrome and Firefox 4 currently) to stay “on secure SSL web requests for the lastpass.com domain.”
• Increased input filtering and stateful inspection
• Implementation of X-Frame-Options which makes it impossible to embed Last Pass pages via iframes or frames.
• Implementation of “something very similar to Content Security Policy” which allows the LastPass admins to specify how content interacts on their website.

The LastPass blog offers links to several of the concepts and technologies that have been added or implemented as a reaction to the discovered vulnerability.

LastPass users who would like to take a look at the original article can do so here. It details the security researcher’s methodology and is a good read for security interested computer users.

Most users make use of password managers to create and store passwords and other log in related information for them as it becomes extremely difficulty to remember the passwords otherwise.

Object-based Password is a Firefox add-on that uses a different approach. The password generator can use objects to generate passwords. Objects currently supported are images, links or text. A password can be generated from a local image, an image on the current website, text on the current website that is highlighted or links that point to certain file types such as jpg, pdf or mp3. The generated password is always the same and can be automatically added to the password box if it is right-clicked and the generate password option is selected from the context menu.

The method itself offers some interesting options. Users do not need to remember the passwords, only the object that they have used to create it. They do need to make sure that it is accessible whenever they want to log into the website or service though.

A simple example would be to always use the first four words of the second paragraph on a page for the password. This ensures that the object is always in reach, providing that the website does not change their text. Other options include selecting an image from the local computer or objects on a private website for the password generation.

The concept is definitely interesting. Many users will probably be appalled by the missing option to save passwords so that they do not have to be “generated” every time the service or website is accessed. This however could also be taken care of by saving the passwords and login data in the built-in password manager.

Object-based Password is available for direct installation at the Firefox add-on repository. The extension is compatible with Firefox 3 and 4.

The master password has been designed to protect the saved password listing from other users. It basically means that the password needs to be entered before the listing can be accessed for the first time protecting the user’s saved login information.

The master password needs to be entered only once during a Firefox session (that’s the time from opening the browser until it is closed again) which leads to further difficulties. Anyone can access the password list again once the master password has been supplied with no apparent option to lock the browser again other than to close it.

Master Password+ has been designed to improve the master password feature of the Firefox web browser and Thunderbird email client. It adds a set of features to the master password to make it more secure. Among the options is a timeout feature which can be set to reset the master password flag so that it needs to be entered again after a certain time. It is furthermore possible to lock and unlock the master password with the hotkey Alt-L.

The master password prompt can also be launched during browser start so that the profile can only be used if it is entered correctly by the user. Master Password+ improves the security if the master password is being used in Firefox. The master password itself on the other hand does not offer 100% protection. The add-on is available for Firefox 3 and 4 as well as the Thunderbird email client.

There are at least two scenarios where the password manager becomes impracticable to use. Some websites disable password saving in the browser which means that the site profile is incomplete, and since there is no option to add the password manually afterwards Firefox cannot provide its full functionality on the site.

It may also happen that website login information change and that the browser does not pick them up automatically. It is again not possible to edit the data to correct the issue.

Saved Password Editor for Firefox adds options to edit login information in the Firefox web browser. It improves the password manager by adding options to edit all login information, create new login profiles and to clone a profile.

The options are added to the saved passwords manager. The information presented have been extended as well so that not only the website, username and password are displayed but also login related information.

The add-on supports web form, HTTP authentication and misc logins which offer different editing options. Web forms for instance record the submit prefix, username and password field name in addition to the host, username and password. These information are needed to submit the login information to the server. Firefox usually fills them out automatically when the password is saved though, and the guess from current page button can be used to retrieve the values from the page as well which is helpful when new login profiles are created.

All parameters can be edited in the password editor which means that it is possible to add a password if it was blocked by the website during creation.

Saved Password Editor is a handy tool for Firefox – and Thunderbird users by the way – who do not use a third party password manager like Last Pass for their password management.

Extensions have been integrated in Opera 11, which is currently available as a beta version. Users who have a version of Opera 11 installed can head over to the Opera Extensions site to install LastPass in Opera.

LastPass offers free online password management and form filling, among other features. The extension adds an icon to the Opera address bar after installation. The icon is black if the user is currently not logged in, and turns red once the connection to LastPass has been established.

Users can opt to save the login email and password to make it easier to log into the service on future sessions. Existing LastPass users have automatic access to all their stored passwords and information, so that login information, notes and other data becomes available that has been stored using LastPass in other web browsers.

LastPass for Opera fills out the login information automatically, leaving the user with nothing else to do than to click on the login button.

A notification is displayed if there is more than one login for a website available. This function is similar to LastPass notifications in other supported browsers. Users can select auto login, autofill or to block the password manager from filling out information for the current site. Each identity can be selected for auto login or auto fill.

A click on the icon after log in displays a menu with several interesting options. It offers to log off the current user, open the LastPass Vault, display the recently used sites, all sites, secure notes, preferences and the login information stored for the site loaded in the active tab.

Best thing is, everything is handled directly in the menu with options to navigate back and forth in it.

The preferences are very extensive. It is possible to force LastPass to logoff automatically when the browser is closed, configure notifications and hotkeys, as well as advanced options.

Generate Secure Password: Alt-G
Recheck Page: Alt+I
Site Search: Alt-W
Fill In Next Login (When Multiple):Alt-Page Up
Fill In Previous Login (When Multiple): Alt-Page Down
Submit Form
Open My LastPass Vault:Ctrl-Alt-H
Save All Entered Data
Logoff
Fill In Default Form Fill Profile

Available tools include generating a secure password which is handy during registrations on websites, export options and adding secure notes that are stored alongside the passwords in the encrypted vault.

The hotkey to generate a secure password did not work when I tried it. Everything else appears to be working just fine.

LastPass is a free password manager and form filler.

LastPass is a free online password manager and Form Filler that makes your web browsing easier and more secure.

You can import from most major password storage vendors (such as RoboForm, 1Password, KeePass, Password Safe, MyPasswordSafe, Sxipper, TurboPasswords, and Passpack) and export too.

LastPass captures passwords that other managers won’t including many AJAX forms, and allows you to make strong passwords easily. If you’re having issues saving a site please watch our screencast on complex logins: http://lastpass.com/video.php?&feature=saveall#media

Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it. Please see https://lastpass.com/technology.php for more details on our Host Proof Hosting methods that make this safer than you thought possible.

One Time Passwords, Screen Keyboard, and Grid multi-factor help protect your account.

LastPass for Opera does a lot of things right. The developers need to work out the non-working hotkeys, as it is much easier to display the password generator with a hotkey than having to select it from the tools menu.

Still, LastPass is an excellent password manager for the Opera web browser. Especially the ability to access all features with a click on the toolbar button comes in very handy. Did you try the extension already? What’s your take on it? (thanks SA1 for the tip)

Last Pass Pocket is a tool from the developer’s of Last Pass that offers desktop access to all information stored at the Last Pass servers, including log in information but also generated passwords, search results and secure notes.

For that, the application displays a prompt where the master login needs to be entered. The passwords and other information are downloaded to the local system from where they can be accessed as long as the application stays open.

If you close the program again the information are not available anymore, unless they are exported to the local system. The option to export all passwords is available by clicking on File > Export.

The passwords can be saved in an encrypted file, that is protected by the LastPass master password, or a plain text copy that is not protected and readable by anyone with access to the computer. Once the passwords have been exported they can be loaded back into the password manager at anytime, even if there is no Internet access available at that time.

All information can be copied to the clipboard for use in other programs or services.

Last Pass Pocket is an interesting tool for Last Pass users who need offline access to their passwords. The password manager is available for Windows and Mac only. Windows users can download a 32-bit or 64-bit edition of the portable program. (via)

Password managers have been created to provide computer users with tools to generate and store passwords, so that in the end only one master password needs to be remembered.

So called graphical passwords, that is passwords that are created by clicking on positions in images, are an alternative to convention text based passwords. Most browsers, programs and operating systems on the other hand do not support these by default.

graphical password

The Firefox add-on GPEX, is a first try to bring graphical passwords to the browser. The system used has been streamlined for ease of use. The add-on supports custom images and icon sets. Passwords are created or entered, by clicking on specific locations in the image or icon set.

gpex

A password strength meter indicates the strength of the password to the user. The general idea is that graphical passwords provide better security and memorability at the same time. The add-on itself converts the graphical password into a character based password, as the services on the Internet only support these kinds of passwords.

The extension can be an asset for users who do not use password managers. It is however a nice demonstration. Users who want to try the graphical password manager can install it from the official Firefox add-on repository.

Update: The Firefox add-on has been discontinued, and there is unfortunately no comparable add-on available in the Mozilla Firefox add-on repository.

Since this is not the first time Firefox acted up I started to troubleshoot the issue by disabling all add-ons to see if an add-on was the culprit. Firefox ran fine with no add-ons running in the background. I then enabled one add-on at a time to see which one was causing the hangs.

I found out that the password manager add-on Last Pass was the problem. I then remembered that I had the same problem about a month ago (see Fix Firefox With Last Pass Not Responding), and checked the Last Pass forums for news on the topic.

Some users were reporting problems with Last Pass, most of them were running a 64-bit edition of Windows 7, just like I do.

The solution was simple. Download the non binary version of the Last Pass add-on, and drag and drop it into the Firefox interface to install it. You need to disable the Last Pass add-on first so that the web browser starts up normally.

I’m not sure what the problem is exactly but the Last Pass guys should consider fixing it, as it is an annoying experience to witness the freezes every time the add-on updates automatically in Firefox.

The Account Manager is described as an evolution of the password manager that is integrated in Firefox and the identity components used in Weave. What it actually will do is to allow users to manage their logins and profiles for each website.

The Account Manager is provided as a prototype add-on that can be downloaded from the project’s homepage over at Mozilla Labs.

It displays a new key icon in the Firefox address bar by default which can be clicked on to access the functionality provided.

The prototype works only on a few sites currently including Google, Yahoo, Facebook, Mozilla Add-Ons, Mozilla Bugzilla and Personas. Saved login information need to be available in the Firefox password manager as well for it to function.

Several features are currently in the making including global profiles, automatic website registrations using the global profile, a detailed account viewer and auto login support for configured services and websites.

This sounds a lot like the functionality of password managers like Last Pass. There is a striking resemblance when the features are compared. The main difference between a password manager and the Account Manager is the Account Manager’s requirement that websites and services implement the draft specs (and later specs) to be included.

This alone makes it unlikely that the majority of websites will implement that feature.

Interested users can visit the Mozilla Labs page that contains information and downloads, take a look at the draft document or visit the Mozilla Wiki page for additional information and status information. (via Techie Buzz)

The developer’s of the password manager LastPass have now created a first version of LastPass for Google Chrome dev builds. Chrome users who want to install and use the password manager need to do the following (taken from Lee’s explanation over at the Download Squad):

• Install a Google Chrome dev build. Skip this step if you already do
• Install the LastPass extension by opening https://lastpass.com/lpchrome.crx in the Google browser.
• If Chrome refuses to allow you to install it (it tries to save in a loop) go to Wrench -> Options and disable choosing where to download files (this will be fixed in next dev build).
• Finally, it is recommended that you disable the built-in password manager by clicking on the Options (under the customize and control ‘wrench’ button). Then choose the ‘Personal Stuff’ tab and select ‘Never save passwords’ and ‘Never save text from forms’

The Windows version of the LastPass extension seems to be very solid right now while Linux and Mac users report problems with the extension. This will be addressed in the next version of the extension according to the developers.