Worth a Look: LastPass

By John Wagley

Some may wonder about the security of placing so much sensitive data in the cloud. The way LastPass works is that it secures data on a user’s computer with strong 256 AES encryption. Encrypted information is then synched with and stored on LastPass’s remote servers. But the decrypting process only occurs on the local computer. Data sent remotely remains in encrypted form and travels along a Web connection secured by strong Secure Sockets Layer encryption. LastPass says that it can’t access private data because it never asks for master passwords. During authentication, LastPass doesn’t receive the actual password, it states, but only a hashed, or scrambled version.

Those wanting more mobile device compatibility or strong multifactor authentication options should consider the premium version. But the free product, which seems easy to use and reliable and contains numerous features, should help many people surf the Web faster and more securely.

Pros. Easy to set up and use. Numerous security features. Works across all major computer platforms and the iPad’s iOS. Free (with the premium version costing just $1 a month).

Cons. Some users may hesitate to store sensitive data on remote servers.

Where to get it. It can be downloaded at



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.