This post contains affiliate links. Which means I will make a commission at no extra cost to you should you click through and make a purchase. Read the full disclosure here.
Are you using ‘easy’ to remember passwords for your logins? Passwords that are short, easy to remember and used across several logins are big security no-nos. But how do you get around the mountain of passwords that you are expected to remember these days? Especially since its usually more than just a handful? Well, you could consider using a Password Manager like LastPass.
In the below post I will show you the benefits of using LastPass as a Password Manager. Whilst giving you a critical review of the pros and cons. As well as addressing some concerns, such as whether it is safe to use.
What is LastPass? And How does it work?
LastPass is a password manager based in the cloud.
The idea is that you have 1 password that gives you access to the information that LastPass stores. This is called the Master Password. By using this Master Password you get access to your vault which has all your other passwords stored in it. Along with information as to which websites and usernames go with these passwords.
You then have the option to install a browser extension if you want to use it on your desktop PC, or an app for your smartphone. This allows LastPass to use your stored logins to auto-populate login details when you browser to certain websites. Streamlining the process and removing the pain behind logins and passwords. It’s super frustrating to try and go do something only to get stuck on the sign in screen for 5 mins or more because you can’t get the username and password combination right.
This means you only need to remember one password, your Master Password. No more trying to remember what password you used for that website you haven’t used in months. You won’t have to memorize long passwords or worry about getting locked out of accounts. There’s also no longer any reason why you can’t use strong, complex and unique passwords for all your logins. LastPass will even help you generate them. So no excuses
How to setup LastPass, so it can do the heavy password lifting
To get started with LastPass, you should first start by setting up an account here.
You should make your Master Password as strong as possible. Make it at least 12 characters long (LastPass suggests 8) and include at least 1 uppercase letter, 1 number and 1 special character think [email protected]%# etc. You also need to make sure you don’t forget this password otherwise you won’t be able to access your vault and therefore all your other passwords.
LastPass kindly tries to make sure of this during the signup screens by asking you to re-enter the password on a separate screen.
Once you’ve reconfirmed your Master Password you should get a confirmation screen with a link to download the add-on. This usually auto-detects whether you are using a browser or smartphone and which version of the add-on you need.
It will even talk you through how to install the add-on in relation to your specific browser. So I won’t cover it here, instead follow the already thorough instructions that will come up on screen, like this:
If you installed a browser add-on, you will have a little icon in your browser’s toolbar. Which you can click on to get the full add-on menu.
That’s it! You should be set up and ready to start using LastPass. Whenever you go to a website and enter new login information it will ask if you want to store it in the LastPass Vault.
If you browse to a website login screen that LastPass already has details for then it will pop a little icon to the right of the input box. Which you can then click to select the account and fill in the fields.
Got a lot of passwords stored somewhere else?
Don’t worry, it is possible to import these into LastPass.
If you click Open My Vault from the browser add-on menu, it should open another screen.
Here you can click More Options > Advanced > Import
Another screen will open, select your Source from the list. It’s quite a long list with a lot of options covered with individual instructions for each.
Note, if you are trying to Import from a browsers password manager you’ll need to do it via the browser’s specific extension rather than this screen. You basically click on the browser extensions icon, then More Options > Advanced > Import.
Need to update old passwords with something more secure?
Well, LastPass can generate new passwords for you.
In the browser add-on this is under Generate Secure Password, if you are in the LastPass Vault then it’s under More Options > Generate Secure Password
I recommend using the settings I have shown above by default. Unless there are password restrictions imposed by the website itself. Note, you may need to click on Advanced Options to see all the options shown here.
The security challenge is a good way to check the health of all your passwords. It’s super simple, quick and easy to use.
You can find it by clicking on the LastPass icon in your chosen add-on and click More Options > Security Challenge.
A new screen with open where you can click Show My Score. You’ll be prompted to confirm your password before an analysis is run.
The first analysis gives a list of email addresses used inside the vault. With the option to lookup these addresses against known security breaches. You can click Continue to run this or Cancel if you would like to skip. If you do decide to do the analysis you will hopefully get a message like this:
Click Show My Score will give you 3 scores. Security Score is an overall score of your passwords depending on whether they are weak, repeated, old or compromised. LastPass Standing is where you score overall compared to others who have taken the Security Challenge. And Master Password Score is an indication as to how secure it is.
If any passwords need updating you’ll get the option to automatically change them. By authorising LastPass to do this it will use the login details stored in the vault to automatically log in. Navigate the screens to change the password and then update the vault with the new strong password it generates itself. Pretty flashy if you ask me.
Is LastPass Safe?
According to LastPass 13 million people trust and use them. 33,000 of these are businesses. Which makes it sound pretty safe to use right? But how do you know your information won’t get breached if LastPass gets hacked?
There is no such thing as 100% secure. The idea sounds quite terrifying. And you are probably thinking, “If that is this is true, surely it’s a bad idea to keep all my passwords in one place right?”. Well, it’s actually not that simple. So let me explain why your passwords much safer with LastPass.
It’s LastPass’ job to be secure, security is their primary function. Meaning all their resources and knowledge are focused there. This means they should be top experts in keeping your information safe from hackers. And I think this shows based on how they have developed their systems.
Additional Security Layers
LastPass uses top-end encryption such as AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes. Making it as difficult as possible for hackers to brute force their way into getting your actual password. And even LastPass doesn’t have access to your vault. As your Master Password is used to decrypt and encrypt locally before the information is sent to the cloud. The Master Password and the keys used to handle encryption are never sent to the LastPass servers. So even if their servers did get hacked, the hackers would still have the issue of individually decrypting each account’s information. Which to me seems like a fruitless endeavour.
To add further difficulty for hackers to get your information and exploit it. There is also Two-Factor authentication which you can add to your account. So even if hackers get into LastPass’ servers and manage to somehow break the encryption. There is still another layer of security in the way to prevent hackers from exploiting your information. All of which is much more protection than you would get by simply using easy to remember, weak and repeated passwords.
Finally, back in 2011, it was noticed by LastPass themselves that they might have been hacked as they noticed some anomaly activity that couldn’t be explained. Even if though they weren’t sure there was any leak of information. They notified users and took action immediately protecting people’s information.
You might think this is a counter-intuitive point to whether LastPass is safe. However, with the above features in place, the only passwords possibly at risk would be those with a weak Master Password. Even with a weak Master Password, LastPass have demonstrated they are serious enough about your security to immediately take action to protect you. Even at the cost of negative publicity to themselves.
How to Add Two-factor authentication to your LastPass
Everyone who uses LastPass should enable the Two-Factor Authentication. It’s even included in the free version.
Next, go to your LastPass vault and make sure you are logged in.
Go to Account Settings > Multifactor Options and click on the Pencil icon to the far right of LastPass Authenticator
Set Enabled to Yes. You can also set Permit Offline Access to Disallow for slightly better security.
Click Update once done and enter your LastPass Master Password to confirm.
Click Enroll once prompted. A new screen will open.
Click Set up mobile app
You’ll be given the download locations provided earlier in case you didn’t download the app beforehand.
Click Next once the app is downloaded and installed on your phone. A barcode will be displayed on the screen. Keep this open for a later step.
Open the app on your phone and tap Add New Account.
Then select Scan Barcode.
Click the + icon in the bottom right corner and click Scan Barcode again.
Your phone’s camera will open, use it to take a photo of the barcode that should still be open.
It will process the barcode and move the webpage to the next screen.
Click Set up text message
You’ll be asked to provide a phone number for a backup device.
Once you enter a valid phone number it will send you a text message with a code. Enter the code into the box and then click Finish text setup.
You should then have the option to Activate two-factor authentication. Click Done once finished.
The LastPass Authenticator should now be showing as Enabled.
The Good vs the Bad