My memory isn’t what it used to be and there seems to be an ever increasing number of passwords to remember. Also due to an identity theft scare a few years ago I’ve made it a habit to change my passwords for sensitive accounts every 6 months to a year, but I always ended up using similar passwords for several sites because otherwise I’d just forget. I know the security experts urge you to keep separate passwords for all your financial accounts, but for my brain, that simply wasn’t feasible. So I decided to get a password manager. I spent a good chunk of time evaluating different tools and finally settled on LastPass. Here’s why.
I am a PC user who uses Firefox and Chrome to browse the web, so I needed a solution with stable add-ins and autofill support for multiple browsers. Plus I needed App support for both Android and iOS. A big sticking point for me was the ability to automatically detect what website I was visiting and to fill in the matching username and password. After spending time behind the wheel of each tool I evaluated, LastPass became my favorite specifically because of its ability to do just that.
LastPass works on the freemium model where users can sign-up for a free account with basic functionality but charges a premium for advanced features. $12/year for offline access to your passwords on any mobile device it was a no brainer for me. Once the premium license is activated, LastPass comes with some useful tools. One is to assist with changing passwords for multiple online accounts. I found the automatic password change feature a bit buggy and scary, so I didn’t use it much, but LastPass’s ability to detect when the browser was on a password reset page worked every time. Now I have different sixteen character complex passwords for all my online accounts, and I don’t have to remember any of them. As a matter of fact, the only password I really have to remember is the password to my LastPass vault.
One thing I regret not doing in retrospect was to delete all my saved passwords stored in my browsers after importing them to the LastPass vault. Initially wasn’t sure how successful the import would be and liked Firefox’s ability to store and autofill passwords. I can now say with certainty that the import worked perfectly and that have since deleted all stored passwords in all my browsers.
Some cool unexpected features included the ability to import all WiFi password stored on my PC notebook and the ability to restore them to a new notebook later.
Exporting WiFi passwords on the old PC:
Importing WiFi passwords on the new PC:
Another nifty feature was a report that shows you all your online accounts which share the same password and/or use insecure passwords. Using this report you can then use LastPass to create new secure passwords for just those sites and update your vault with the new credentials simultaneously. The LastPass security challenge can be run at anytime from LastPass website within your password vault by clicking Security Check on the left hand menu. Doing so will also show you all sites you have accounts with that may have been affected by the recent heart bleed/shell shock bug and help you change passwords for those sites.
It’s not perfect, but for most online accounts LastPass recognizes when a password change was about to occur. LastPass then allows you then to generate a new secure password and store it or update the existing entry in your vault. Here is an example set of screenshots of what the process of changing a password for an American express online account with LastPass looks like:
I should note that there is a small chance of locking yourself out of an account during the process of changing a password using LastPass. It’s usually a timing or a passwords requirement thing. For example: Some sites require that your passwords meet specific strict criteria and you’re not told that your newly LastPass generated password matches those criteria until you’ve already told LastPass to store the new password. Now LastPass has the new password stored for that site, but the site is still using your old password because the newly generated one didn’t work. Fortunately LastPass has a password history feature where for each password you can look up previously stored passwords. Additionally you can relatively easily find recently generated passwords in LastPass.
Now to mobile devices. In iOS LastPass basically only works to let you look passwords up, copy them to your clipboard and paste them into the app or website you need to sign into. This can get pretty tedious if you’re setting up a new iPhone or iPad. Basically you’ll find yourself doing a lot of app switching and copying/pasting passwords.
For Android LastPass does have the ability to “detect app password screens” and upon detection to popup a list of matching passwords you you can tap to autofill. I found this feature to be at best extremely annoying and at worst to be completely useless. In most apps whenever a password prompt is presented, the LastPass autofill dialog annoyingly pops up and keeps asking for a pin and then will display a list of incorrect accounts that is difficult to dismiss. I turned this feature off shortly after enabling it and just use the copy paste and app switch method I use on iOS.
So that’s my review of LastPass. If you have any questions or want more information, just drop me a line in the comments section below. I should also disclose that I have purchased the premium subscription version of LastPass for $12/year.