Worth a Look: LastPass

By John Wagley

The Web can require a ballooning number of passwords, which can tempt people to use weak ones or to engage in less-than-secure practices, such as writing them down.

Password management programs can help. Typically, such programs let users enter a single master password. After a user name and password is entered into a Web site once, the program automatically inserts such credentials on subsequent visits.

One program, LastPass, from a company of the same name, is easy to set up and use and is compatible with all major computer operating systems as well as Apple’s iPad. It’s also free, although a paid version (just $1 a month) offers additional benefits, including compatibility with most smartphones and a few strong multifactor authentication options.

Like a few competing products, LastPass stores passwords and other sensitive information in the cloud, on its own remote servers. Users can, therefore, access their passwords on virtually any Internet-connected computer.

LastPass is easy to download and install. After visiting the company’s site, users can choose a version to download to their operating system. Setting up the program takes just a few minutes and requires the creation of a master password. A small LastPass icon appears in the computer’s Web browser. Through a drop-down menu, users create a new account, which involves inputting a user name (an e-mail address) and the master password. They then can access their online “vault,” which contains all of their sensitive data. A drop-down menu can also be used to access stored Web sites and to access several other features, including changing security settings.

In addition to those features, users can put their credit card and banking information into LastPass forms; it can then be easily entered into Web sites. Master passwords can be entered through a virtual keyboard, which can protect against threats such as keyloggers that can steal passwords and other data as they are entered. The product also includes a password-generating function.

LastPass’s premium edition includes all of the functions of the free version but can be used on most smartphone devices. A few strong multifactor authentication options are also offered. For $25, users can order a YubiKey, which is similar to a USB device. When inserted into a computer and pressed, it generates one-time passwords that can be used in combination with the master password. A less expensive LastPass application, called Sesame, can also be downloaded onto any USB device for similar functionality.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.