Description : LastPass is secure, easy to use, and a decent replacement to google browser sync with regards to passwords. One master password, and your data is secured before its sent to the online database. Backup, restore, and even generate secure passwords. Import from Firefox, Roboform, 1Password, KeePass, MyPasswordSafe and more.
Lastpass has been around for a while, and I’m really happy with how it works. Since the fall of google browser sync, anyone who was used to password syncing, has been looking for a real alternative. LastPass is that alternative (for passwords anyway).
Any new password manager that comes out, especially those that are online, always are treated with a bit of caution. After about a month of seeing a note here and a comment here, I decided to give it a ago. My initial impressions were very very good, however I’ve waited a bit before a review to see how it matured.
Needless to say, if you’ve been following it, you will know it’s done well. It’s features are just plain impressive, and has even more functions than you would expect. Were talking synchronization, import from other popular password managers and form fillers, (full list later), backup and restore, universal access, screen keyboard, and even access from a USB pen.
The two main features of LastPass are, one password is all you need to access all your passwords. Ok so it sounds a bit daunting, but if you currently use Firefox, chances are you already use its own master password feature. Ok, so you feel safe with the Firefox master password, saving all the passwords encrypted on your drive, but not sure about allowing them to be saved online? Scary thing is, its actually safer than saving it locally, but I’ll be explaining that better later.
Firstly, more about why you need LastPass. If your the type of person why buys things online, you have to type all your details in every single time! Auto fill is nothing new, google toolbar has it, but really, I don’t want to use google toolbar, and if it comes with my favourite password manager, all the better!
If your using the new Internet Explorer, you may have started using it’s own password manager. That’s all good and well, but if you don’t have a master password on it, its completely insecure. A simple tool that anyone who wants to, can download, can open up and extract all your usernames and passwords, and the matching website’s. This is the same for Firefox! No kidding! (Interesting story told at the end)
With Firefox (and even Internet Explorer), there’s a plugin you can use, to both auto fill, and even auto logon to website’s of your choosing. One thing that stopped me using it before hand, was that I didn’t fancy copying out all my passwords to the new system. Daunting or what!? That’s when I read, you don’t have to do any manual stuff, its all automatic! What I mean is, you can export your passwords from your old system into your brand spanking new LastPass system! YAY! Old systems that are allowed to be imported from include, Internet Explorer, Firefox, RoboForm, 1Password, MyPasswordSafe, Password Safe, Szipper, and PassPack. That’s quite a list, most of which I haven’t heard of!
Let me reassure you about something here, LastPass is secure! Secure enough that I trust it completely. It never sends your passwords in plain text! It encrypts it first, using your master password, and then transmits the encrypted password to the server. Nifty stuff, I know! It also shows you it doing this! What I mean is, when you type in the password, and click send, it change the text in the text field to the encrypted version. Seriously, just try it! Even test it with a fake password, and see it work! That’s what I did.
Right, so your using LastPass. Good question, what if the server dies and all your passwords are lost? All those secure passwords that LastPass generated for you, gone. (gasp!). Well guess what! Not to worry! You can download your passwords (securely of course), and then decrypt them on your computer, and save them to an encrypted file on your hard disk or USB.
Now for the story. It’s not all that exciting really but just to prove that your password is safer on LastPass than on Firefox (even with a master password). A while ago, I got into a state of FUD, and decided to change my Firefox master password. Mistake! I went and forgot it! BIG mistake. So I downloaded a brute forcer, which worked on the file Firefox had stored. I knew a few characters, and so the brute force took about 30 mins (and I have a long password). What I’m getting at, is it’s easier to brute force a file, than a website. True it takes ages for complex passwords, but I bet the average user may use words in the dictionary, which gives a higher success rate.
Note: don’t be asking me for the brute forcer, as A, I no longer have it, and B, it was for an older version of Firefox.
Conclusion : If you value your passwords, get LastPass. If you want to have secure passwords, get LastPass. If you use more than one computer, get LastPass. (Getting the hint yet?)