These days, it's hard for me to imagine life without password-management software. Good "password hygiene" is essential to protect my online data from prying eyes, and it would simply be impossible to handle the dozens of passwords I use every day in a safe way if all I relied on was my poor, overtaxed brain.
Alas, many users are still on the fences when it comes to a password manager; scared away by high prices and overwhelming features, they end up relying on unsafe practices that could cost them dearly if their information falls in the wrong hands.
Luckily, there are plenty of choices in this market, and the folks behind LastPass have come up with a solution that is ideal for users who want increased security with minimal effort.
Protection for all
Unlike many other password managers that store your data in a file and use third-party cloud providers like DropBox to synchronize it among different devices, LastPass is entirely Web-based. Your information is saved directly to the company's servers, from where it is readily available any time you need it.
This arrangement comes with a couple key advantages; for one thing, file-based synchronization is sometimes hard to set up, especially for those who are less experienced; in addition, saving everything on the Web means that your passwords are at your fingertips even if your computer isn't--at least as long as you have access to a browser and are connected to the Internet.
Naturally, entrusting your passwords to LastPass's cloud-based system raises some questions of privacy and trust. The company accounts for this by ensuring that all the data you pass to its service is encrypted using your master password before it actually leaves your computer. That way, LastPass has no way of snooping on your secrets, and, even if the company's servers were hacked, the criminals would have a very hard time getting their hands on it.
Extending the Web
Since there is no "client" app, most of the interaction between LastPass and its users happens inside the browser. In addition to plain-old Web access, the company helpfully makes a number of extensions available for popular browsers, including Safari, Chrome, Firefox, and Opera. On a Windows machine, the system also supports Internet Explorer and can even be accessed through a System Tray widget.
The one exception to the app's reliance on a Web-based experience is iOS, where Apple's sandboxing policies require the company to offer a Universal app that, while free, is only available to users who subscribe to the company's premium offering. (You can still access your data from Safari, but you are limited to copying-and-pasting information between LastPass and other websites.)
Upon registration, the app allows you to set up a personal profile that contains pretty much every single piece of information about you that can ever be useful in filling out a Web-based form, like your name, address, date of birth, credit cards, and so forth. You can set up an arbitrary number of "profiles" this way, and later use the information you store in them to save keystrokes when, say, registering on a website, or purchasing from an online store.
Naturally, LastPass's primary function is that of helping you remember passwords, which it does pretty well, even offering a convenient feature that helps you generate secure passwords that can then be saved directly into your profile, thus making creating a completely separate--and completely random--set of credentials for each site. Upon returning to the site, even from another computer, the app remembers all your details and can log you in automatically.
Playing nice with your data
LastPass makes exporting all your information a breeze; upon request, the data is saved in a plain-text comma-separate file that can be used to import all your passwords into another software product like 1Password. This ensures that, should the company go out of business, your data won't sink alongside the ship and become unusable.
Interestingly, LastPass also features the ability to import data from a remarkable list of third-party password managers, ensuring that the migration from another system will be just as smooth and worry free. In my tests, the app was able to load up a test 1Password file with hundreds of passwords in a matter of seconds, preserving all the essential data stored in it.
Finally, the complete deletion of your account can be accomplished in a matter of seconds, and without any human interaction or any hassle. The LastPass website has a dedicated page that asks you a couple of questions and, upon confirmation (which the page asks for twice as a matter of safety), instantly wipes everything clean and even sends you an email with helpful instructions on uninstalling your browser extensions.
Take the challenge
LastPass covers all the basics you'd expect from a password manager quite well, but it also offers a couple of features that are fairly unique.
For example, the app features something called the Security Challenge, which analyzes your stored data and flags potential areas of concerns, such as weak passwords or credentials that are reused across multiple accounts. At the end of the process, the system assigns you a score between zero and one hundred, and compares it with the scores of other users of the site.
I must confess that I originally discounted the challenge as little more than a gimmick, but it occurs to me that it is a brilliant way to help ease users into proper security practices in a simple and non-threatening way. In fact, even if you're well-acquainted with good password maintenance, this feature can help you make sure that you've covered all your bases well.
The only significant tradeoff that the app makes is in its lack of a true OS X look and feel. The Safari and Chrome extensions that I tested work fine, but they don't feel as though they were built with Mac users in mind; obviously, this is a consequence of the fact that LastPass calls the Web its home and that it was designed with cross-platform access in mind. On the flip side, if you happen to own both a PC and a Mac, the ability to share your credentials between them might well be worth this small inconvenience.
LastPass is a pretty good product, particularly if you consider that all the functionality I have listed so far is available free of charge. Unfortunately for us Apple users, native iOS support is only available to premium subscribers; luckily, this can be had for a mere $12 per year--much less than many other solutions--and comes with some neat additional features, like the ability to store your passwords on a USB key for offline use and even sharing your logins on a one-off basis with friends and coworkers without having to reveal your credentials.
Considering its ease of use and wide range of features, LastPass is a great password management solution for beginners and experienced operators alike; hopefully, the attractive pricing will be enough to convince even the most hesitant user to give this great way of managing your online persona a go.