How To: Create and Store Passwords Securely Using LastPass

Answer the following:

  • Do you use the same password for multiple (or all) websites?
  • Have you had the same password for more than 6 months?
  • Is your password strong?
  • Does your password contain plain dictionary words, or include personal information such as your name, address, or phone number?
  • Do you use your browser’s built-in password storing feature?

If any of these things are true, it’s understandable – nobody wants to memorize multiple passwords and make them overly complicated.  Unfortunately, it also means that your online security is compromised and could lead to you becoming a victim of identity theft.

Think of it this way:  if someone was able to access your Twitter account, they could potentially access your email if you had the same password for both.  Once your email has been compromised, an intruder could reset the passwords for the rest of your secure accounts (or even access something as important as your online bank accounts).

The solution to creating and managing strong, unique passwords across multiple websites is to use a password manager such as LastPass.  LastPass is an online password service that can be used with feature-rich plugins in Firefox and Internet Explorer, and can be used on any browser via unique bookmarklets or web access.

LastPass stores your passwords in a secure online vault which can only be opened with a master password that they do not store or even have access to.  Instead of remembering dozens of complicated passwords, all you have to do is remember your master password and it will unlock the rest of your passwords.

While it may seem dangerous to have one master password that can unlock all other passwords, the idea is that since you only have one password to remember, you’ll treat it with the utmost safety and change the password often.  To protect you from keyloggers (programs designed to record keystrokes), LastPass provides a visual keyboard which allows you to enter your password via mouse clicks.

Getting Started

To get started, you’ll want visit the LastPass download site to get the appropriate client.  The main download (recommended) contains plugins for both Internet Explorer and Firefox, but you can download a Firefox-specific plugin here.  If you don’t use Firefox or Internet Explorer, don’t worry – I’ll cover how to access your passwords without the plugins later in this article.

The next step is to create a LastPass account.  This will be the information that safeguards your password vault, so make sure you use a strong password (and don’t forget it – if you are locked out of this account, there is no way to recover it!).

Once your account has been created, you will be prompted to import your current passwords.  While this step is optional, it is important to do because most of your passwords are stored insecurely on your local computer.  After importing, LastPass will give you the option to remove your insecure passwords (remember, if LastPass can find your passwords, what could a malicious program do?).  If you are concerned about the safety of your passwords, LastPass provides some additional security information about their service.

In the next screen, LastPass gives you the option of securely storing personal information for use in forms.  While this particular feature could be useful, I will exclusively be focusing on passwords for this guide.

Finally, you can choose whether LastPass should automatically log you out (for public or shared computers, more secure) or keep you logged in for two weeks (for private computers only, less secure).  I would also recommend setting the Homepage Preference to “Do not set LastPass Vault as my homepage”.  When you click Done, you will have the option to watch a short video on the LastPass service.

Now that LastPass is fully installed, you will have toolbar buttons in both Internet Explorer and Firefox.  Clicking these buttons gives you a host of options as well as the ability to manually log out of the service.

When visiting sites with a secure login, LastPass will function just like your browser’s password storing feature did by prompting you to save your passwords.  After clicking ‘Yes’, your password will now be securely stored in your vault which can be accessed via the LastPass toolbar button.  While saving your password, you’ll be able to give it a name, store it in a group, or make it a favorite.

lastpass_savepassword

The next time you visit a site with a stored password, it will automatically be inserted if you are logged into LastPass.

To access your password vault, simply click the LastPass toolbar button and select My LastPass Vault.  This will display a webpage containing details for your login information, and you can automatically login to a secure site by clicking its name.  To view any of your passwords, click the [Edit] button and then click [Show].

Changing Your Passwords to Strong Passwords

Now that your passwords have been securely stored using LastPass’s vault, you can change your existing passwords to something more secure.  The biggest advantage of LastPass is that it can keep track of an unlimited number of complicated passwords, so I recommend generating unique passwords for every website you use.

To store a new password, login to a website and locate the password change section.  LastPass will display an information bar at the top of the page and offer to enter your current password. You can then click the ‘Generate’ button to create a secure new password.  If you are not given the information bar, you can right click the password field and select LastPass –> Generate Secure Password.

lastpass_newpass

After clicking the Generate button, you can click the Generate button inside the resulting dialog box to create new random passwords.  When you’ve found a password you like, click Accept and it will be inserted into both the password and password confirmation boxes.

Password criteria and settings can be adjusted by clicking the ‘Show Advanced Options’ checkbox.  In here, you will be able to adjust the length of the password as well as what characters are used to generate it.  I highly recommend checking the ‘Special’ box because it adds characters like !@$%^&* which make your password much more secure.

Once you have submitted your password change, LastPass will notify you that it has detected a password change and gives you the option to save the new password.

lastpass_confirm

Accessing Your Passwords From a Different Computer or Browser

While the LastPass plugin is the best way to access your passwords, there are times when you need to access your passwords on a shared computer or a browser that doesn’t support plugins.  For these circumstances, LastPass provides convenient bookmarklets that can be launched from any browser or computer.

To use the bookmarklets, log into your LastPass account and click the Bookmarklets tab.  In the dialog box, you will be provided with several bookmarklet links and instructions on how to use them in different browsers.  Once you get the bookmarklets added to your browser, you can click the ‘LastPass Login!’ bookmarklet and you will be automatically signed in to any secure website you’ve saved a password for (as long as you are logged into LastPass).

You can also access your secure sites by logging into LastPass and clicking the title of any saved website.  You will be automatically taken to that website’s login page and logged in.

If you ever want to view any of your passwords, you can click the ‘Edit’ button on a saved site and then click the [Show] button near the password field, which will allow you to copy and paste it wherever you like.

More Information

Check out the LastPass website for additional information including a feature list and several videos/screencasts.  As with any online service, make sure you trust the provider before using their service.


Posted

in

, , ,

by

Comments

6 responses to “How To: Create and Store Passwords Securely Using LastPass”

  1. Jonathan_Paul Avatar

    I forgot what I was originally going to say but now I just wanted to say that it's ironic I had to click the forgot login button to post a comment on this article. I forgot to add this one to my "vault"

    jon

  2. Jonathan_Paul Avatar

    I forgot what I was originally going to say but now I just wanted to say that it's ironic I had to click the forgot login button to post a comment on this article. I forgot to add this one to my "vault"

    jon

  3. […] couple extensions I’m most excited about: LastPass password manager (check out our guide to LastPass), Google Mail Checker, Brizzly (for Facebook and Twitter – check out our guide to this as […]

  4. […] a big fan of Lastpass, an application that generates and stores your passwords in an online vault, so I was thrilled to […]

  5. […] few years ago, I started using LastPass to manage my passwords, and it dramatically improved my online security. Password management […]

  6. Dann Avatar
    Dann

    Can also generate strong passwords at http://www.passwordgenerators.net.

Leave a Reply