April 11, 2014

Apps I Love: LastPass

I am by no means an expert on internet security. However, I do feel confident that I know more about the topic than my delightfully un-tech-savvy mother. Here’s an example of a GChat conversation we had when she first learned about the “In Case of Emergency” feature on her phone.

Mom: Wow, I don’t have in case of er set up. Guess I should
me: it was an option right on my phone; not sure if it’s on yours
Mom: yes, I just set a note on Personnel Info under In case of emergency to call me
me: um, that’s not what it means
me: you are supposed to put someone ELSE
me: so if you have an accident, someone grabs your phone and knows who to call
Mom: right I put my name and said to call (her cell phone number) if found.
Mom: so they call someone else? how would they know my name?
Mom: no sense putting my home phone cuz it doesn’t work…I got to do something about that
me: I don’t think you need to worry about your landline, since no one else has landlines, but for now let’s focus on this.
me: I would like you to understand this concept:
me: in an emergency, when they find you and pick up your phone, you are already right there
me: they want to call someone ELSE who can take care of you/identify you
me: and you put THEIR name, not yours
me: so they can say “hello may I talk to Laura… a woman collapsed and I am calling from her phone”
me: or whatever
Mom: my head is throbbing…I’;; dp ot ;ater/
Mom: I’ll do it later

Oh, Mom.

In any case, my Mom has been sending me lots of articles lately on the recent Heartbleed security leak. My recommendation? Install LastPass and stop keeping your passwords in a composition notebook sitting next to your computer.

LastPass: The Last Password You'll Ever Need

I discovered LastPass a few years ago, when the awesome guys over at Lifehacker covered it on one of their podcasts. Rather than repeat their excellent explanation, I’ll direct you back over to Lifehacker for a great overview of LastPass and how it works. But what if LastPass gets hacked, you may ask? Well, that original overview of LastPass was written in 2010, but Lifehacker just did a new article two weeks ago that answers exactly that question.

To answer some other questions that my uncle had (and you may have too), you can sign into LastPass on as many computers as you want. You can also use it on your mobile phone/tablet, but that requires a monthly subscription to access an app rather than just being able to use a browser extension. I’ve found that being able to log in on other devices is not a feature I use more than once every month or two, so when  I am on my phone and really need a password for something, I set my phone browser to be in desktop view and I just take the slightly-more-time-consuming approach of logging into the LastPass website, looking up the password, and copy/pasting it wherever it needs to go. However, when I looked into the cost of tablet/phone access for my family members, I learned that it’s only $12/year  – I didn’t realize it was that cheap! I’m now going ahead and paying that ridiculously inexpensive price in order to get access to the premium features.

It should be noted that LastPass does not actually change your passwords for you – you still have to put them into the site as usual. What LastPass does is recognize when there are username/password fields, and anywhere that you enter a username and password, it will pop up a message asking, “Do you want to add this site to your LastPass?” If LastPass has already stored a username/password combo for that site, it will instead ask if you want to change your existing login or create a new iteration.

That’s right, LastPass supports multiple accounts in numerous ways. You can create multiple LastPass accounts if, for example, you want two users to be able to share a computer without having access to each other’s passwords. When you switch who is on the computer, just log out of LastPass and log in as the other person. If the “multiple account” issue you’re trying to solve is that you yourself have multiple accounts for one website, you can store multiple usernames/passwords for the same exact website. For example, I have more than one MindBodyConnect account for each of the many boutique fitness studios where I take classes, and each one uses a different password. LastPass stores each username/password combo separately, and you can nickname them (e.g., “Bodybar Dallas”, “Tread Fitness,” “Refine Method”) to make it easier to select the one you want to use at the time.

One of my favorite features of LastPass is the pretty awesome “Security Check” tool. It reviews every single username/password combo in your account, and checks to see how strong each password is, when you last changed that password, and whether you are using that password on any other accounts. It then spits out a score for how secure your online identities are, and also compare you to other users – giving the competitive ones like me extra incentive to change any passwords that aren’t all that great. (Laura12345, for example, would get a pretty crappy score. 296@*4#9d,rK)8Y, on the other hand, is pretty safe.)

Since LastPass is storing all your passwords anyway so that you don’t have to remember them or type them in, you can use their fantastic password generator to come up with really secure combos like that one. Once you get really into the security challenge, like I did, it can make setting up LastPass a bit of a bear – but only because you’re spending so much time changing all your old terrible passwords to good ones. (Which you should have done in the first place.) The combo of the auto-generate and auto-fill means it doesn’t take nearly as long to change your passwords as you might think, and once it’s done, it’s done forever. At least, unless you’re like me and you’re constantly going back into the security challenge to try to get a higher security score. (Damn you, New York Public Library, and your insistence that I use a worthless four-digit pin instead of a sixteen character alphanumeric password with some symbols thrown in.)

I’ve been using LastPass for a few years now, and I really love it. However, there is one feature that you might not notice right away, but I just started using it and I think it’s great. When my laptop was stolen a few months ago, I was worried that on the very rare chance that the thief could hack into my super-secure computer and open the browser, my previously Stay-Logged-Into-LastPass-Permanently setting would allow him/her to get into my bank accounts. (I know that is a really slim chance, but better safe than sorry.) Fortunately, I was able to adjust my LastPass account so that if I request a username/password combo and it’s been more than an hour since I logged into the LastPass extension, I need to reenter my master password for LastPass before I can get access. So if the thief did somehow hack into my computer and try to open the browser, he would have to re-enter my LastPass password (which I obviously changed) before he could get anywhere. Score!

And for my final push for LastPass, why am I not worried about Heartbleed? Because LastPass has already checked all my passwords and figured out what ones I need to change, thanks to an awesome add-on to the aforementioned security check. LastPass scanned my entire vault of usernames/passwords and has identified those that are affected by Heartbleed, plus which of those sites have applied a patch (and therefore it’s safe to change my password) vs which of those haven’t yet fixed the leak (in which case changing the password would be worthless). As I already said, LastPass can’t make those changes for me, but it still saves me a lot of time.

Note: I have no affiliation with either LassPass or Lifehacker other than being a big fan of both 🙂


Leave a Comment

Your email address will not be published. Required fields are marked *

Join the List

Subscribe for instant email notification of new posts.

Join the List

Subscribe for instant email notification of new posts.

© 2023 by 50by25. All rights reserved. Actions taken from the hyperlinks on this blog may yield commissions for 50by25. View my FTC disclaimer.

Scroll to Top