LastPass takes your passwords to the cloud

These days, it's hard for me to imagine life without password-management software. Good "password hygiene" is essential to protect my online data from prying eyes, and it would simply be impossible to handle the dozens of passwords I use every day in a safe way if all I relied on was my poor, overtaxed brain.

Alas, many users are still on the fences when it comes to a password manager; scared away by high prices and overwhelming features, they end up relying on unsafe practices that could cost them dearly if their information falls in the wrong hands.

Luckily, there are plenty of choices in this market, and the folks behind LastPass have come up with a solution that is ideal for users who want increased security with minimal effort.

Protection for all

Unlike many other password managers that store your data in a file and use third-party cloud providers like DropBox to synchronize it among different devices, LastPass is entirely Web-based. Your information is saved directly to the company's servers, from where it is readily available any time you need it.

This arrangement comes with a couple key advantages; for one thing, file-based synchronization is sometimes hard to set up, especially for those who are less experienced; in addition, saving everything on the Web means that your passwords are at your fingertips even if your computer isn't--at least as long as you have access to a browser and are connected to the Internet.

Naturally, entrusting your passwords to LastPass's cloud-based system raises some questions of privacy and trust. The company accounts for this by ensuring that all the data you pass to its service is encrypted using your master password before it actually leaves your computer. That way, LastPass has no way of snooping on your secrets, and, even if the company's servers were hacked, the criminals would have a very hard time getting their hands on it.

Extending the Web

Since there is no "client" app, most of the interaction between LastPass and its users happens inside the browser. In addition to plain-old Web access, the company helpfully makes a number of extensions available for popular browsers, including Safari, Chrome, Firefox, and Opera. On a Windows machine, the system also supports Internet Explorer and can even be accessed through a System Tray widget.

The one exception to the app's reliance on a Web-based experience is iOS, where Apple's sandboxing policies require the company to offer a Universal app that, while free, is only available to users who subscribe to the company's premium offering. (You can still access your data from Safari, but you are limited to copying-and-pasting information between LastPass and other websites.)

Upon registration, the app allows you to set up a personal profile that contains pretty much every single piece of information about you that can ever be useful in filling out a Web-based form, like your name, address, date of birth, credit cards, and so forth. You can set up an arbitrary number of "profiles" this way, and later use the information you store in them to save keystrokes when, say, registering on a website, or purchasing from an online store.

Naturally, LastPass's primary function is that of helping you remember passwords, which it does pretty well, even offering a convenient feature that helps you generate secure passwords that can then be saved directly into your profile, thus making creating a completely separate--and completely random--set of credentials for each site. Upon returning to the site, even from another computer, the app remembers all your details and can log you in automatically.

Playing nice with your data

LastPass makes exporting all your information a breeze; upon request, the data is saved in a plain-text comma-separate file that can be used to import all your passwords into another software product like 1Password. This ensures that, should the company go out of business, your data won't sink alongside the ship and become unusable.

Interestingly, LastPass also features the ability to import data from a remarkable list of third-party password managers, ensuring that the migration from another system will be just as smooth and worry free. In my tests, the app was able to load up a test 1Password file with hundreds of passwords in a matter of seconds, preserving all the essential data stored in it.

Finally, the complete deletion of your account can be accomplished in a matter of seconds, and without any human interaction or any hassle. The LastPass website has a dedicated page that asks you a couple of questions and, upon confirmation (which the page asks for twice as a matter of safety), instantly wipes everything clean and even sends you an email with helpful instructions on uninstalling your browser extensions.

Take the challenge

LastPass covers all the basics you'd expect from a password manager quite well, but it also offers a couple of features that are fairly unique.

For example, the app features something called the Security Challenge, which analyzes your stored data and flags potential areas of concerns, such as weak passwords or credentials that are reused across multiple accounts. At the end of the process, the system assigns you a score between zero and one hundred, and compares it with the scores of other users of the site.

I must confess that I originally discounted the challenge as little more than a gimmick, but it occurs to me that it is a brilliant way to help ease users into proper security practices in a simple and non-threatening way. In fact, even if you're well-acquainted with good password maintenance, this feature can help you make sure that you've covered all your bases well.

The only significant tradeoff that the app makes is in its lack of a true OS X look and feel. The Safari and Chrome extensions that I tested work fine, but they don't feel as though they were built with Mac users in mind; obviously, this is a consequence of the fact that LastPass calls the Web its home and that it was designed with cross-platform access in mind. On the flip side, if you happen to own both a PC and a Mac, the ability to share your credentials between them might well be worth this small inconvenience.

LastPass is a pretty good product, particularly if you consider that all the functionality I have listed so far is available free of charge. Unfortunately for us Apple users, native iOS support is only available to premium subscribers; luckily, this can be had for a mere $12 per year--much less than many other solutions--and comes with some neat additional features, like the ability to store your passwords on a USB key for offline use and even sharing your logins on a one-off basis with friends and coworkers without having to reveal your credentials.

Bottom line

Considering its ease of use and wide range of features, LastPass is a great password management solution for beginners and experienced operators alike; hopefully, the attractive pricing will be enough to convince even the most hesitant user to give this great way of managing your online persona a go.

Join the CSO newsletter!

Error: Please check your email address.

Tags LastPasssecuritypasswordssecurity software

More about Apple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marco Tabini

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place