A free software helps make managing multiple password easier and more secure.
The Web can require a ballooning number of passwords, which can tempt people to use weak ones or to engage in less-than-secure practices, such as writing them down.
Password management programs can help. Typically, such programs let users enter a single master password. After a user name and password is entered into a Web site once, the program automatically inserts such credentials on subsequent visits.
One program, LastPass, from a company of the same name, is easy to set up and use and is compatible with all major computer operating systems as well as Apple’s iPad. It’s also free, although a paid version (just $1 a month) offers additional benefits, including compatibility with most smartphones and a few strong multifactor authentication options.
Like a few competing products, LastPass stores passwords and other sensitive information in the cloud, on its own remote servers. Users can, therefore, access their passwords on virtually any Internet-connected computer.
LastPass is easy to download and install. After visiting the company’s site, users can choose a version to download to their operating system. Setting up the program takes just a few minutes and requires the creation of a master password. A small LastPass icon appears in the computer’s Web browser. Through a drop-down menu, users create a new account, which involves inputting a user name (an e-mail address) and the master password. They then can access their online “vault,” which contains all of their sensitive data. A drop-down menu can also be used to access stored Web sites and to access several other features, including changing security settings.
In addition to those features, users can put their credit card and banking information into LastPass forms; it can then be easily entered into Web sites. Master passwords can be entered through a virtual keyboard, which can protect against threats such as keyloggers that can steal passwords and other data as they are entered. The product also includes a password-generating function.
LastPass’s premium edition includes all of the functions of the free version but can be used on most smartphone devices. A few strong multifactor authentication options are also offered. For $25, users can order a YubiKey, which is similar to a USB device. When inserted into a computer and pressed, it generates one-time passwords that can be used in combination with the master password. A less expensive LastPass application, called Sesame, can also be downloaded onto any USB device for similar functionality.
Some may wonder about the security of placing so much sensitive data in the cloud. The way LastPass works is that it secures data on a user’s computer with strong 256 AES encryption. Encrypted information is then synched with and stored on LastPass’s remote servers. But the decrypting process only occurs on the local computer. Data sent remotely remains in encrypted form and travels along a Web connection secured by strong Secure Sockets Layer encryption. LastPass says that it can’t access private data because it never asks for master passwords. During authentication, LastPass doesn’t receive the actual password, it states, but only a hashed, or scrambled version.
Those wanting more mobile device compatibility or strong multifactor authentication options should consider the premium version. But the free product, which seems easy to use and reliable and contains numerous features, should help many people surf the Web faster and more securely.
Pros. Easy to set up and use. Numerous security features. Works across all major computer platforms and the iPad’s iOS. Free (with the premium version costing just $1 a month).
Cons. Some users may hesitate to store sensitive data on remote servers.
Where to get it. It can be downloaded at lastpass.com.