A few days ago I wrote my plea to those of you who may still be on the fence about using a password manager. I hope I’ve convinced you to at least give it some serious thought. If you’re ready to give one a try, today I’ll introduce you one of the many available password managers out there.
For the sake of full disclosure, this one happens to be the one I use, but I encourage you to do your own research and use the password manager that best suits your needs. Many people prefer to use password managers where your passwords never see the internet, while other people find the advantages of cloud storage worth the risk.
Password manager: LastPass
Where it stores your passwords: LastPass locally (on your own device) encrypts your passwords, and then stores that encrypted data in “the cloud,” a.k.a. somewhere else on the internet.
Security: Account data stored in the LastPass “vault” (including your passwords) is encrypted using AES. Connecting to the LastPass service can optionally be protected by 2FA for additional security against unauthorized logins.
Cost: It’s free to use the password manager’s basic features, like the browser extension and password vault. Multi-user credential syncing and the LastPass app access require paying for a premium plan.
- Passwords being stored in the cloud means they are centralized and easy to access from anywhere. (The encryption and decryption of your passwords happens on your device though, not in the cloud.)
- LastPass was purchased by LogMeIn last year, so it has corporate backing – meaning responsive help, as well as support for lots of applications and operating systems.
- Passwords being stored in the cloud means you are not 100% in personal possession of your own (albeit encrypted) passwords, you are trusting the security of all your passwords to another party. (LastPass was breached last year, thankfully no encrypted user information was accessed.)
- LastPass was recently purchased by LogMeIn… and many people don’t like the idea of their password manager being owned by a corporation.
How do I get a password manager on my computer?
There are a number of different ways to use a password manager. You can download a program for your computer, or you can install an extension for your browser. I strongly recommend the browser extension option, as this where password managers like LastPass are really helpful.
To set up your password manager, you’ll need to make your “master key” password. This is the password that protects ALL your other passwords in the password vault – so make it a good one. Make sure it’s unique, it’s complex, and most importantly, make it memorable.
Once you install the LastPass browser extension, as you go about your business online, you’ll see the password manager:
- Save your username and password to the password vault the first time you type it into a website
- Update your username and/or password in your password vault for a website you’ve previously visited
- Offer to enter your username and password to a website’s login form
- Offer to generate and save a secure, random password for you as you register as a user on a new website
When you’re trying to log in to a website, you’ll see the LastPass icon (three horizontal dots) appear in the username and password fields. Just click on the icon and click the credentials you want to use to log in, and LastPass will fill them in for you as long as you’ve been to that website before and saved your login to the vault.
Where are the passwords stored and how do I get to them?
Your password manager stores your passwords in a vault, and in the case of LastPass you can access it from any browser or device where you have the app or extension installed.
When your browser is open, if you ever want to access a password you’ve stored, just click on the LastPass extension icon (three horizontal dots) and click My Vault. You can also quickly search for saved credentials using the search bar that appears.
Some quirks to keep in mind
Sometimes when you’re trying to use LastPass to fill out a username and password, you might see only one field get filled in for some reason. Not all websites are as password manager-friendly as they should be, so this can be frustrating.
Thankfully, the workaround for this is pretty easy – just copy your username and password from the password vault. LastPass has quick shortcuts to make this happen in the browser extension:
- Click the browser extension icon (the three dots)
- Click “Show matching sites”
- Then click “copy username” or “copy password” as needed, and the information will be ready on your clipboard
Beyond the free features
I don’t want to be a walking commercial for LastPass, so I don’t want to sell you using a bunch of features you’d have to pay for. However, I will say that for all the potential downsides of a cloud-based password manager, the benefit of accessing your password vault on the go can be huge – depending on your needs.
In my case, I do pay for a premium LastPass subscription, which allows me to access my password vault from an app in addition to browsers on my home computers. Since I’m often on the road, having a mobile app for my passwords is a huge convenience.
That being said, it’s definitely worth trying out the free version first because you may find it does everything you need.
I recorded a quick video to demonstrate how I access the password vault on my phone to recall my login credentials.
If you’re comfortable with using a cloud-based password manager, LastPass might be a good option for you. But if you’d rather keep your own data local on machines you own, there are plenty of password managers like KeePass that keep your data away from the internet entirely.
I’ll cover KeePass in a future post, so you can compare and contrast the two if you’re still trying to decide.Follow @mvarmazis Follow @NakedSecurity