LastPass - For Your Eyes Only: Using Password Managers for Your Account Safety

Anda bisa berbahasa Indonesia? Baca artikel terjemahannya di sini!

Okay, let's face it. I've got several of my accounts hacked. What's worse is that some of the accounts were holding some of my money (e-money, since two of three hacked accounts feature "balance" for easier transaction). You can read the stories over at Technoverse (Indonesian language). I didn't write about the last hacking attempt, since I've finally become embarrassed of it and think "Okay, this has to stop. Three is so enough that it's not funny anymore". I used to have 2 different passwords for most of my account, probably that's why my accounts got hacked so easily. All of them have the same email or similar username. I've read somewhere that the most secure password is the password that even you cannot remember. Okay, that's my mistake...

Use password managers. It's for your own safety.
To help me redeem myself, I've finally decided to use a password manager. In case you don't know, password managers are apps which securely generate and store your passwords for you. There are numerous password manager apps available, such as Dashlane, LastPass, 1Password, and Password Keeper by Blackberry. In this article, I'm going to talk about LastPass, since it's the one that I tried first and came to like. And no, I haven't tried any other password manager since most of us are going to need only one, anyway. So yeah, this is going to be some kind of a review. So, what can LastPass do for you? Head over the break and let's find out!

LastPass Notable Features:

Here are some of LastPass' features that I find useful and notable. I believe that most of these are also available in other password managers, since most of these features are fairly common. Please be noted that this doesn't represent the full functionality of LastPass, I just point out the features which I widely use.

Two-step Authentication

LastPass Authenticator serves as your additional layer of security.
LastPass has a separate app called LastPass Authenticator. According to LastPass' website, it is available on iOS' App Store, Google Play Store, and Windows Store, so it's practically available everywhere. Just like its name, the Authenticator serves as an additional layer of security to verify your identity. Each time you're trying to login into an untrusted device, you'll need to either authenticate by entering a unique code generated by the app or by manually authorizing the connection.

One way to authorize your LastPass login is by inputting regularly-generated unique code from your Authenticator app.
To avoid doing this each time you log in, you have a choice to trust your device for 30 days, in which when you are trying login into the same device again, you won't have to authenticate your login within that 30-day window. Of course, you need to be wary on which devices you trust.

Browser Extension and Application (Desktop or Mobile)

LastPass' primary use is to securely store your login details, and I bet my money that most of your login details are for websites. So, yeah, LastPass sees this and developed an extension for your browsers: Google Chrome, Safari, Opera, Internet Explorer, and Firefox even though they also develop desktop apps. You can view the details and minimum requirements here. As for your smartphones, LastPass also has an app for two most popular platforms: Android and iOS. You can grab them at the platform's first-party app stores. There are also some mobile browser extensions, which you can take a closer look at here.

If you use LastPass, installing their extension in your browser is a must.
In order to properly use the extension/app, you need to login by entering your username and master password. If you use the authenticator and LastPass deems your device as "untrusted", it will ask for an authentication. What's great is that all your stored credentials will be synced across devices, for free. For security reasons, you might want to use fingerprint authentication in your mobile app, if your smartphone does support it. This will make things much easier when LastPass asks you to re-login while you're trying to re-open the app.

Making use of your phone's fingerprint sensor can make things much more convenient
whenever you're trying to open your LastPass app.
Using LastPass' mobile application and browser extension is fairly easy and to-the-point. For the desktop, you don't have to do anything once you're logged in. Once the extension detects a username/password fields, it will draw an icon on that input field. Click that additional icon, and a small popup window will appear and lists all the available credentials for that particular website. Click one and voila, the fields are automatically filled.

Just click, and your sign in form will be magically filled.
As for the mobile application, it is a little bit complicated for some platforms. If you're using a certain kind of Android (MIUI, for example), you'll be asked to give permission to an action (in MIUI, it's called "Allow application to draw on other apps"). Whenever you're trying to fill the login form in either apps or websites, you can easily invoke the pop-up containing matching accounts by pressing the LastPass login helper in your notification (you can turn it off, but I recommend you keep turning it on for convenience).

Pop up window for smartphones.
As for iOS, however, things get a little bit more complicated (probably due to iOS' stricter restrictions than Android). Some applications support LastPass out of the box (Twitter, the one that I have tried) but others, however, do not. You need to manually copy the username and password and paste them into the app's sign in form. As for Safari, you have the option to install "extensions" to Safari (and Chrome, since I have the app on my iPad). Once the extension is installed, for Safari, you need to use the "Share" menu to access LastPass (see the second picture below this paragraph). I don't know if the issue lies within the website, but sometimes, the autofill doesn't work. A strange issue, indeed...

In order to use LastPass in iOS' select browsers, you need to install "extension"
for each browser.
It's quite a bit complicated to use LastPass for browsers in iOS.
Reliability is an issue, too. At least in my case.

Synced Account Vault

LastPass Vault Safari
LastPass for Safari on Mac. The previous picture was taken from Chrome in my other laptop, which means all my credentials are already synced, right?
Other password managers may charge you for syncing your credentials and notes (more about this note later) across devices, LastPass offers this feature for free. The name is self-explanatory. Your credentials will sync across devices in which you have LastPass extension or app installed. It happens on the background, as long as your device is connected to the Internet.

In case I haven't mentioned, all apps and extensions should be equally secure. Just make sure
you've secured your devices and reviewed your LastPass' security settings.
Oh, and don't worry. In case I haven't mentioned it yet, you don't have to worry about this sync. Both for mobile apps and mobile extensions, LastPass will occasionally ask you to re-login, whether by inputting your password or using your fingerprint. Just make sure your computer is secure enough and you have reviewed through the app or extension's security settings.

Secure Password Generator

I'm pretty sure that other password managers also support this feature. To put it shortly, this generates a secure password for you. The word "secure" here means that it's going to be something impossible for you to memorize (or extremely difficult, if you have a very potent memory). What's neat is that there are a few settings to adjust the generated password, such as the number of characters or whether you want to include numbers, symbols, or capital letters. There's even an option to generate a non-ambiguous password, probably to prevent things like l and I and an option to make your password pronounceable, although I'm not sure why you care about the latter.

Alright, why don't you try remembering this?
Remember, secure password are the ones that you don't (or can't) remember, right? Whenever someone you share your password with (please do really be cautious when doing this!) grumbles or gets mad about your password, that means you've done it right. :p

Secure Notes

Secure Notes is the perfect place to store all your personal notes.
Do you want to take note of credit card number, SSH keys, or just want to write something very personal that you don't want other people to know about? LastPass got you covered with their Secure Notes. You can even add attachments into your notes, even though when doing so on Safari, I was asked to download the "binary version" of the extension... whatever that is.

Form Fills

Feeling like automating your form-filling? You can try LastPass' Form Fills out.
Frankly, I never tried this one out. It is said that LastPass can automatically fill forms for you (probably the same as Chrome's autofill feature) including credit card numbers, etc. Though it sounds very convenient, I never felt the need to automatically fill my forms.

Conclusion: Is LastPass Perfect for You?

I'll say this: maybe. One thing I know for sure: LastPass is the one that I need. It suits my need very well, and for the sake of convenience, I'm not going to jump ship, except when LastPass go bankrupt or when something terrible befall the company. Besides, I'm not sure using multiple password managers is a good idea, since configuring one already takes time. Anyway, if you want a free and simple password manager with adequate features, go ahead and try LastPass. Of course, you are free to check its competitors. To make things easier, here's a list:
But remember one thing: it's strongly recommended to use a password manager. You may be able to remember your password, but let me ask you, how many passwords can you remember? No offense, but there's a limit to how much we can remember, right? If you can't remember much, rather than jotting it down onto a sticky note or your notepad, it's much more convenient to store it all in a secure digital vault, right? Besides, if you use the same password for multiple accounts, you just made the same mistake I did. Once one account is hacked, BAM! It's only a matter of time before other accounts are hacked. So yeah, let me say this one more thing: USE A PASSWORD MANAGER.

Sorry for the nagging, Folks. I just don't want you to experience what I did. Anyway, I guess that's all for now. I hope this article can give you the nudge to use (or at least try) a password manager. If you have any questions about LastPass, since it's the one we talk about very thoroughly here, sound them off in the comments below. I'll do my best to answer them. Finally, thanks for reading, and I'm looking forward to your next visit. Have a nice day, Everyone! :D


Popular posts from this blog

Logitech mk240 Mouse Combo Review

Check Your PC Fan using HWiNFO and smcFanControl

Flashing Evercoss Winner Tab V (AT8B)... and Possibly Other Spreadtrum Devices