Using LastPass to Manage Passwords
Using LastPass to Manage Passwords
When it comes to passwords, I've been old-fashioned, in that I have all my passwords written on a piece of paper and hidden in a safe location. I'm starting to think that the "invent my own password and manually type in" method may not be the most secure. My main concern is financial accounts in which I have a large amount of assets. So far I've taken the following precautions:
1. Change passwords every so often
2. When I type in my password, always do it a little differently (using the mouse cursor to reposition)
3. Enable two-factor authentication when available
In addition to above, I've been considering using a password manager, such as LastPass, but I have the following concerns:
1. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.
2. On the wiki entry, there are documented incidents of data breaches. A centralized password management cloud service seems like it would have a pretty big target on it. Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches?
3. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password?
Thank you.
1. Change passwords every so often
2. When I type in my password, always do it a little differently (using the mouse cursor to reposition)
3. Enable two-factor authentication when available
In addition to above, I've been considering using a password manager, such as LastPass, but I have the following concerns:
1. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.
2. On the wiki entry, there are documented incidents of data breaches. A centralized password management cloud service seems like it would have a pretty big target on it. Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches?
3. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password?
Thank you.
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
Re: Using LastPass to Manage Passwords
I've been using LastPass for maybe three years now and hopefully can provide some helpful responses to your questions.
1. You can export your LastPass (or any other password manager) data to a CSV. I keep one in a VeraCrypt encrypted container, so if I ever need to access my passwords without internet, it's right there.
2. I feel safe with LastPass, as they technically don't save your actual passwords in their database. However, many feel cautious about storing such info in the cloud, and I'm sure several Bogleheads will chime in recommending KeePass, which is on your local machine.
3. I haven't tested LastPass to automatically login to TreasuryDirect and don't wish to. Instead, I store my TreasuryDirect login info in a "secure note" on Lastpass, and log in the manual way. Occassionally, automatic logins can go awry, especially if the website you're loging into has changed its format. Treasury Direct is notoriously a pain if you login incorrectly too many times and have to get some sort of medallion guarantee to reset it, I just prefer to do that particular account the manual method. I only log in there once in a blue moon anyway.
1. You can export your LastPass (or any other password manager) data to a CSV. I keep one in a VeraCrypt encrypted container, so if I ever need to access my passwords without internet, it's right there.
2. I feel safe with LastPass, as they technically don't save your actual passwords in their database. However, many feel cautious about storing such info in the cloud, and I'm sure several Bogleheads will chime in recommending KeePass, which is on your local machine.
3. I haven't tested LastPass to automatically login to TreasuryDirect and don't wish to. Instead, I store my TreasuryDirect login info in a "secure note" on Lastpass, and log in the manual way. Occassionally, automatic logins can go awry, especially if the website you're loging into has changed its format. Treasury Direct is notoriously a pain if you login incorrectly too many times and have to get some sort of medallion guarantee to reset it, I just prefer to do that particular account the manual method. I only log in there once in a blue moon anyway.
-
- Posts: 472
- Joined: Sun Jul 26, 2015 12:19 pm
Re: Using LastPass to Manage Passwords
#1: https://lastpass.com/support.php?cmd=showfaq&id=956 . Your browser stores an offline encrypted copy of your passwords, so yes it should work offline.aj76er wrote:When it comes to passwords, I've been old-fashioned, in that I have all my passwords written on a piece of paper and hidden in a safe location. I'm starting to think that the "invent my own password and manually type in" method may not be the most secure. My main concern is financial accounts in which I have a large amount of assets. So far I've taken the following precautions:
1. Change passwords every so often
2. When I type in my password, always do it a little differently (using the mouse cursor to reposition)
3. Enable two-factor authentication when available
In addition to above, I've been considering using a password manager, such as LastPass, but I have the following concerns:
1. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.
2. On the wiki entry, there are documented incidents of data breaches. A centralized password management cloud service seems like it would have a pretty big target on it. Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches?
3. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password?
Thank you.
#2 It is a big target, and Lastpass knows any major breach could shut down the company. I appreciate that they are transparent about attacks. Their database itself should be secure (major security folks have reviewed this), however the most recent "breach" was a problem with their browser extensions which they posted a warning promptly and fixed within 24 hours.
https://blog.lastpass.com/2017/03/secur ... sion.html/
#3 I believe it does NOT work with treasury direct.
And while I use lastpass for nearly everything, I keep my financial sites on a separate encrypted file.
Other popular boglehead options are keepass, 1password, and other which can be used offline.
Blue Man
Re: Using LastPass to Manage Passwords
I use 1Password.
Password managers help you create strong passwords and make it easier to change them periodically. Those are probably the most important things one can do. Now one could use a password generator and simply record that on a paper list. But that doesn't help you enter complex passwords into login forms. And how safe, secure and easy to maintain would a paper list be when it is common to have dozens of passwords?
And what if you ever have to access your accounts, say in an emergency, when away from home? Surely you are not going to carry a paper list with you.
Password managers help you create strong passwords and make it easier to change them periodically. Those are probably the most important things one can do. Now one could use a password generator and simply record that on a paper list. But that doesn't help you enter complex passwords into login forms. And how safe, secure and easy to maintain would a paper list be when it is common to have dozens of passwords?
And what if you ever have to access your accounts, say in an emergency, when away from home? Surely you are not going to carry a paper list with you.
Re: Using LastPass to Manage Passwords
I use LastPass but was considering switching to something else until they made it free to synchronize between multiple devices without paying for the premium version. As far as I know they are the only password manager that does that, though I could be wrong. That's a very handy feature. So far I've only tried it on my desktop computer and two android devices but it works as advertised.
One word of caution with the LastPass master password. Don't forget it and if you think you might, store it somewhere that is NOT on your computer. According to their website, recovery is only allowed from a computer that you previously logged in from. So if you only use one computer and it breaks and you don't know the password you are SOL. The same holds true if you have a computer like mine which for some reason websites can't seem to remember correctly (happens a lot). Almost shot myself in the foot once before I finally remembered what I had changed the password to. I'm up to about 35 stored passwords so that would have been quite a nightmare trying to get each one reset.
One word of caution with the LastPass master password. Don't forget it and if you think you might, store it somewhere that is NOT on your computer. According to their website, recovery is only allowed from a computer that you previously logged in from. So if you only use one computer and it breaks and you don't know the password you are SOL. The same holds true if you have a computer like mine which for some reason websites can't seem to remember correctly (happens a lot). Almost shot myself in the foot once before I finally remembered what I had changed the password to. I'm up to about 35 stored passwords so that would have been quite a nightmare trying to get each one reset.
Re: Using LastPass to Manage Passwords
I have used LP for 5 years. No issues. I also have it on my phone but don't use it that way, and it's less convenient because you need to go through the LP app to log in to Web sites.
I keep a printed list of all my logins and passwords in a fire-proof safe at home; as I update them I update the list. LP does offer a recovery option via two factor authentication (text message) though I have never had to use this feature so don't know how it works...in other words if I forget my master pw and was not on a known computer, would it work? I'm not sure.
I do use the browser plug in for Chrome and it works well, though the auto-fill feature is sometimes wonky on my Mac (it seems to always work on my windows machine)
I keep a printed list of all my logins and passwords in a fire-proof safe at home; as I update them I update the list. LP does offer a recovery option via two factor authentication (text message) though I have never had to use this feature so don't know how it works...in other words if I forget my master pw and was not on a known computer, would it work? I'm not sure.
I do use the browser plug in for Chrome and it works well, though the auto-fill feature is sometimes wonky on my Mac (it seems to always work on my windows machine)
Re: Using LastPass to Manage Passwords
Thank you for all the replies so far.
Do you think the premium service ($12/yr) is worthwhile?
Do you think the premium service ($12/yr) is worthwhile?
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
Re: Using LastPass to Manage Passwords
This is good to know. Thanks!Ice-9 wrote: 1. You can export your LastPass (or any other password manager) data to a CSV. I keep one in a VeraCrypt encrypted container, so if I ever need to access my passwords without internet, it's right there.
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
-
- Posts: 195
- Joined: Thu May 14, 2015 12:16 am
Re: Using LastPass to Manage Passwords
I've been a LP user for many yerars. I dont normally buy software. They are one of the few programs that I shell out $12 a year for.
The convenience of being able to login via my cell and desktop without having to remember my pw is worth the $12.
The convenience of being able to login via my cell and desktop without having to remember my pw is worth the $12.
aj76er wrote:Thank you for all the replies so far.
Do you think the premium service ($12/yr) is worthwhile?
Re: Using LastPass to Manage Passwords
You no longer have to pay for these features - they come with the free version now.Pessimist55 wrote:I've been a LP user for many yerars. I dont normally buy software. They are one of the few programs that I shell out $12 a year for.
The convenience of being able to login via my cell and desktop without having to remember my pw is worth the $12.
aj76er wrote:Thank you for all the replies so far.
Do you think the premium service ($12/yr) is worthwhile?
Re: Using LastPass to Manage Passwords
I tried to do the Password thing the manual way for 20 years. Just a few sticky notes here and there. After I hit 65, I gave up - there was too much to remember - not just the banks, but Kaiser, SS, DMV, etc. I researched for a couple months and talked to my nerdiest friends. They recommended 1Password.
For about 6 months we have been using 1Password to store passwords, logins, credit card data, frequent flier accounts, passports, TSA Global Traveler, driver's license, etc Our current total is 75 items.
The beauty of this product is the ability to have it on every one of our devices - meaning iPhone (2), iPad (2), Desktop (3), Laptop (1). All are synchronized and kept secure using one app and one fee.
I too hate to pay on-going software charges, but this is worth it. Definitely worth it.
For about 6 months we have been using 1Password to store passwords, logins, credit card data, frequent flier accounts, passports, TSA Global Traveler, driver's license, etc Our current total is 75 items.
The beauty of this product is the ability to have it on every one of our devices - meaning iPhone (2), iPad (2), Desktop (3), Laptop (1). All are synchronized and kept secure using one app and one fee.
I too hate to pay on-going software charges, but this is worth it. Definitely worth it.
Re: Using LastPass to Manage Passwords
I'm sure I'm forgetting something, but this is probably order of importance on keeping yourself from being hacked.
1. Don't get viruses or click on stupid links. Doesn't matter what you do for password security if you're the guy that clicks on the email link from some Facebook friend that is dubious.
2. Use 2 factor authentication on everything important. Especially the email accounts used as logins to important sites. Makes it MUCH harder to hack.
3. Use randomized unique passwords on every site (patterns, dictionary words, they're all crack-able by software. I don't care how clever you think your pattern/phrase is)
Bonus points: Don't store all your passwords on sticky notes like my in laws... You're just one fire/thief/toddler on a rampage away from losing them.
So where lastpass/keepass/1password come in is the convenience factor of #3. If a hacker breaches a site, it's on the dark web for days before the site realizes it. In that time, if you are most likely fine if you only used that password on one site. You are less likely to be fine if you used that password on multiple sites.
I've used Lastpass for years. It's very convenient. I still pay the $12 a year just because I like it so much. If I was by myself, I'd probably use Keepass but it's not near as wife friendly or convenient.
So to summarize, internet security is like bear safety. You don't have to outrun the bear. You just have to be faster (or more secure) than most everyone else. The hacker/bear will usually pick on the easier prey.
1. Don't get viruses or click on stupid links. Doesn't matter what you do for password security if you're the guy that clicks on the email link from some Facebook friend that is dubious.
2. Use 2 factor authentication on everything important. Especially the email accounts used as logins to important sites. Makes it MUCH harder to hack.
3. Use randomized unique passwords on every site (patterns, dictionary words, they're all crack-able by software. I don't care how clever you think your pattern/phrase is)
Bonus points: Don't store all your passwords on sticky notes like my in laws... You're just one fire/thief/toddler on a rampage away from losing them.
So where lastpass/keepass/1password come in is the convenience factor of #3. If a hacker breaches a site, it's on the dark web for days before the site realizes it. In that time, if you are most likely fine if you only used that password on one site. You are less likely to be fine if you used that password on multiple sites.
I've used Lastpass for years. It's very convenient. I still pay the $12 a year just because I like it so much. If I was by myself, I'd probably use Keepass but it's not near as wife friendly or convenient.
So to summarize, internet security is like bear safety. You don't have to outrun the bear. You just have to be faster (or more secure) than most everyone else. The hacker/bear will usually pick on the easier prey.
-
- Posts: 1237
- Joined: Fri Apr 22, 2016 5:28 pm
Re: Using LastPass to Manage Passwords
I'm a very happy LastPass user. Very convenient, and my passwords are all much stronger than they'd be if I had to type them all each time.
Pardon typos, I'm probably using my fat thumbs on a tiny phone.
-
- Posts: 22
- Joined: Tue May 30, 2017 11:09 am
Re: Using LastPass to Manage Passwords
I have used Last pass for the last year or so. I elected to pay the annual fee because it's a nice service. I can't comment on your specific concerns but I'm satisfied with the product. My passwords are way stronger now than they were before I used it. The auto fill is nice on my desktop. It's a little bit of a hassle to have to log into the app and use their browser on mobile. Overall, I can't complain too much.
25% VMCPX (VO), 25% VTPSX (VXUS), 25% AVUV, 12.5% AVDV, 12.5% AVEM
-
- Posts: 382
- Joined: Thu Jul 16, 2015 9:36 am
Re: Using LastPass to Manage Passwords
1. Yes, if you're using a browser extension. LastPass stores a copy of your encrypted password file on your computer. If you don't connect to the internet you can still use it. If you had recently made changes using another computer, it's possible those changes would not have synced, but that's pretty rare and negligible.aj76er wrote: 1. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.
2. On the wiki entry, there are documented incidents of data breaches. A centralized password management cloud service seems like it would have a pretty big target on it. Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches?
3. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password?
2. 'Data breaches' is a vague term. In the issue last year, no user passwords were compromised. Hackers probably got the email addresses of many users, and probably the password 'hints', but no . LP responded appropriately and swiftly. LastPass themselves can't see your passwords. They just store the safe, they don't have the combo. I would rate the severity as low.
3. LastPass stores your passwords in an encrypted vault. LP also creates small programs that make it easier to access that vault by enabling your web browser or cell phone to talk to LastPass. The programs used in your web browser are called extensions and they're good, but they're not great. They often 'auto-fill' the username and password of many sites, but some of the time, you've got to copy and paste between the LastPass site or type in the password while looking at it in the browser extension or the LastPass website.
Re: Using LastPass to Manage Passwords
I also use LastPass, but only the desktop/browser version - not the mobile version. The reason I do not use the Mobile app is because I use two factor authentication to log into LastPass (the second factor being an authenticator app on my phone). So should someone get access to my phone (which I take with me everywhere), and assuming they could crack my master password (yes, I know incredibly unlikely), they would then have access to my account (and all my passwords). Not being able to access LastPass on a mobile device has not impacted me yet (although it could at some point in the future). Feels like a small price to pay for a little added security.
Real Knowledge Comes Only From Experience
- TimeRunner
- Posts: 1938
- Joined: Sat Dec 29, 2012 8:23 pm
- Location: Beach-side, CA
Re: Using LastPass to Manage Passwords
deleted - using Bitwarden
Last edited by TimeRunner on Fri Jul 30, 2021 4:03 pm, edited 1 time in total.
One cannot enlighten the unconscious. | "All I need are some tasty waves, a cool buzz, and I'm fine." -Jeff Spicoli
Re: Using LastPass to Manage Passwords
aj76er wrote:When it comes to passwords, I've been old-fashioned, in that I have all my passwords written on a piece of paper and hidden in a safe location. I'm starting to think that the "invent my own password and manually type in" method may not be the most secure. My main concern is financial accounts in which I have a large amount of assets. So far I've taken the following precautions:
I've been using LastPass for perhaps 4 years or more now and am very satisfied with the program and the service if/when needed. I have used it with IE, Firefox, Edge and Crome, and have in the past enabled it on mobile although no longer do so. I have about 110 sites presently covered with it.
1. Change passwords every so often. I use 14 or more character distinct AlPhAn0mE1ic passwords at all financ1al s1tes and only change one if a site is compromised.
2. When I type in my password, always do it a little differently (using the mouse cursor to reposition). LastPass handles signon for me. I am unaware of any advantage to what you say.
3. Enable two-factor authentication when available. LastPass enables restrictions to country and a particular machine. IN my case the restriction is to USA and my desktop.
In addition to above, I've been considering using a password manager, such as LastPass, but I have the following concerns:
1. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.
I have not experienced a single incidence of this or do I know of one.
2. On the wiki entry, there are documented incidents of data breaches. A centralized password management cloud service seems like it would have a pretty big target on it. Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches? The manner in which LastPass operates seems to make this an unwarranted concern. It has been addressed by them and on this board previously.
3. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password? Don't use Treasury Direct so I can't respond. LP does have a notes section for each site in case you need to leave yourself secure reminders.
Thank you.
Re: Using LastPass to Manage Passwords
Many (most?) keyloggers also take screenshots every time a key is pressed or mouse button clicked so this will not defeat them.aj76er wrote: 2. When I type in my password, always do it a little differently (using the mouse cursor to reposition)
I've used LP for many years and happily pay them. I like their product and want it to stick around.
-
- Posts: 195
- Joined: Thu May 14, 2015 12:16 am
Re: Using LastPass to Manage Passwords
i was asked to renew for $12 a couple of months ago.
dan23 wrote:You no longer have to pay for these features - they come with the free version now.Pessimist55 wrote:I've been a LP user for many yerars. I dont normally buy software. They are one of the few programs that I shell out $12 a year for.
The convenience of being able to login via my cell and desktop without having to remember my pw is worth the $12.
aj76er wrote:Thank you for all the replies so far.
Do you think the premium service ($12/yr) is worthwhile?
Re: Using LastPass to Manage Passwords
Here's a post with the differences - https://blog.lastpass.com/2016/11/get-l ... free.html/Pessimist55 wrote:i was asked to renew for $12 a couple of months ago.
Re: Using LastPass to Manage Passwords
This thread is now in the Personal Consumer Issues (computer security).
Also see my post: Re: Firefox painfully slow
Update: The post explains that LastPass has broken Firefox. I've dumped LastPass in favor of KeePass.
Also see my post: Re: Firefox painfully slow
Update: The post explains that LastPass has broken Firefox. I've dumped LastPass in favor of KeePass.
Re: Using LastPass to Manage Passwords
I don't feel comfortable having my pw stored online, so I use keepass and minikeepass.
Re: Using LastPass to Manage Passwords
I usually use Chrome, but I opened Firefox just now and Lastpass works fine. Maybe they fixed it.LadyGeek wrote:This thread is now in the Personal Consumer Issues (computer security).
Also see my post: Re: Firefox painfully slow
Update: The post explains that LastPass has broken Firefox. I've dumped LastPass in favor of KeePass.
And it's probably inaccurate to say that Lastpass has broken Firefox. It's probably more accurate to say that the latest Firefox update broke the Lastpass extension (apparently temporarily), and maybe they hadn't fixed it in your time frame. That's more typical to what happens with browser extensions.
-
- Posts: 656
- Joined: Tue Nov 25, 2014 11:22 am
- Location: USA
Re: Using LastPass to Manage Passwords
I use Lastpass based on feedback from a thread I posted a few months ago... viewtopic.php?t=213356
So far I really like it. Would never go back to my old method.
So far I really like it. Would never go back to my old method.
"Simplicity is the ultimate sophistication" - Leonardo Da Vinci
- tuningfork
- Posts: 884
- Joined: Wed Oct 30, 2013 8:30 pm
Re: Using LastPass to Manage Passwords
Be careful when you decide to copy/paste a password from Lastpass to the web page. Check to make sure you're on the correct web page and not a phishing site. One of the great things about Lastpass is that the autofill function won't autofill if the domain is incorrect, so it helps prevent phishing attacks. But if you copy/paste the password you've bypassed that protection. Unfortunately some web sites do funky things with Javascript that confuses Lastpass, so there are indeed some sites where copy/paste is the only way to fill in the password.TimeRunner wrote:Other than some occasional browser login issues, where I have to copy a pw from Lastpass to pw field, for example, it works well. It's even free now (as I believe more revenue to LP is coming from Enterprise licenses rather than individual users).
Re: Using LastPass to Manage Passwords
Surfing the support forum discussion Firefox Update to Version 4, they haven't fixed it.Gadget wrote:...I usually use Chrome, but I opened Firefox just now and Lastpass works fine. Maybe they fixed it.
And it's probably inaccurate to say that Lastpass has broken Firefox. It's probably more accurate to say that the latest Firefox update broke the Lastpass extension (apparently temporarily), and maybe they hadn't fixed it in your time frame. That's more typical to what happens with browser extensions.
The recent reviews for LastPass Password Manager :: Reviews :: Add-ons for Firefox are mixed, but mainly due to the clunky UI design - along with a few "I had to downgrade because version 4 is not working".
My concern is that the LastPass developers appear to be ignoring (or not testing) their stuff with the Firefox development code. There's absolutely no reason for anything to break. This is a commercial company with plenty of resources to be on top of this. IMHO, the resources are working on something else and/or QA is not doing their job.
My favorite computer security podcaster Steve Gibson is now questioning their implementation of two-factor authentication: Security Now! Transcript of Episode #613, search for "LastPass Authenticator".
Re: Using LastPass to Manage Passwords
I am not sure what is going on here or what I am missing
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
Re: Using LastPass to Manage Passwords
Using Chrome is generally viewed as pretty questionable for saving important passwords.misterno wrote:I am not sure what is going on here or what I am missing
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
While I don't know all the details about the latest implementation in Chrome, the big worry is it is likely not nearly as safe as using a dedicated password manager such as Keepass or LastPass. (The problem is if everyone is stored in the Chrome browser and you get hacked, you can suddenly be very vulnerable or at least are basically solely relying on what ever else is part of the two-factor security implementation for that website.)
Edit: Reading up on the latest implementations of Chrome, it might be ok, but its highly dependent on having the right settings. In general there still would also be allot more concern about the security risk of the password manager being integrated into the browser to that degree.
Re: Using LastPass to Manage Passwords
We have used LP for years now, and have been very happy users. We pay the $12/year for the premium version too. Both of us use LP across all of our devices (about 7 total). I especially love the integration with my phone, both the browser and other apps.
We keep our master password printed out on a piece of paper that is stored in our safe deposit box. In the event of our death, we have designated family members who are authorized to access the box with a certificate of death in order to gain access to all of our accounts.
Just to point out how secure the encryption is... LP uses 256 bit encryption, which is a common standard. Even if someone were to breach LPs data storage for everyone's password files, what they would get is a binary blob of data that is encrypted with 256 bit encryption. How good is that? Consider what it would take to break even just 128 bit encryption with brute force:
We keep our master password printed out on a piece of paper that is stored in our safe deposit box. In the event of our death, we have designated family members who are authorized to access the box with a certificate of death in order to gain access to all of our accounts.
Just to point out how secure the encryption is... LP uses 256 bit encryption, which is a common standard. Even if someone were to breach LPs data storage for everyone's password files, what they would get is a binary blob of data that is encrypted with 256 bit encryption. How good is that? Consider what it would take to break even just 128 bit encryption with brute force:
http://www.eetimes.com/document.asp?doc_id=1279619If you assume:
Every person on the planet owns 10 computers.
There are 7 billion people on the planet.
Each of these computers can test 1 billion key combinations per second.
On average, you can crack the key after testing 50% of the possibilities.
Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!
Even a stopped clock is right twice a day.
Re: Using LastPass to Manage Passwords
This question is not rhetorical: what happens if you're using a computer that isn't yours and don't know the password offhand? You can't look to chrome to find it and type it in manually somewhere else, right?misterno wrote:I am not sure what is going on here or what I am missing
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
Re: Using LastPass to Manage Passwords
I rely heavily on Google services such as Gmail and Google Docs and would feel uncomfortable putting all my eggs in one basket by also relying on Chrome Password Manager for passwords for anything important like financial accounts. Chrome Password Manager is better than nothing, but I prefer a separate log-in to access passwords. LastPass also allows for secure notes for situations such as Treasury Direct as discussed above along with emergency numbers and other information and can generate secure passwords. Google tends to neglect and abandon services but LastPass's business is focused on security and their password manager software.mega317 wrote:This question is not rhetorical: what happens if you're using a computer that isn't yours and don't know the password offhand? You can't look to chrome to find it and type it in manually somewhere else, right?misterno wrote:I am not sure what is going on here or what I am missing
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
Re: Using LastPass to Manage Passwords
I personally wouldn't login to anything on a device I do not own and control.mega317 wrote:This question is not rhetorical: what happens if you're using a computer that isn't yours and don't know the password offhand? You can't look to chrome to find it and type it in manually somewhere else, right?misterno wrote:I am not sure what is going on here or what I am missing
I am using chrome in my 2 desktops at home and 1 at work and 2 android phones. All remember my passwords
So why do you need lastpass if you have chrome?
-
- Posts: 2500
- Joined: Tue Aug 16, 2011 12:39 pm
Re: Using LastPass to Manage Passwords
I use keepass as well, one its free, two it doesn't store my data online exposing it to hackers, three you can set it up with two factor authentication as well to get into the passwords.mhalley wrote:I don't feel comfortable having my pw stored online, so I use keepass and minikeepass.
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
Re: Using LastPass to Manage Passwords
For many years I didn't use a password manager but recently I started using LastPass as its gotten to be far too many to keep track of. I thought about but cant use something like KeePass because I have many devices and its just not practical to be restricted to only using my home desktop.... or to have to remember "*$&^&*0509748kdkjfo3(*$#*&%" if I want to login to a site on my tablet, phone, or my work issued laptop.
Re: Using LastPass to Manage Passwords
I've been very satisfied with LastPass for a few years now. It's not without an occasional hiccup on a given site, connecting to its server or a browser extension needing updating...but overall it's been just dandy and I could never go back to the old ways.
- lthenderson
- Posts: 8499
- Joined: Tue Feb 21, 2012 11:43 am
- Location: Iowa
Re: Using LastPass to Manage Passwords
I've only been a Lastpass user for a few months but have been happy with it. For using it on my mobile phone, if I want to open up an account using a native app, I open my Lastpass app first, copy password to memory, open up native account app and paste in password. It's one extra step but allows you to use the native apps versus going through Lastpass to log into a website.Admiral wrote:I have used LP for 5 years. No issues. I also have it on my phone but don't use it that way, and it's less convenient because you need to go through the LP app to log in to Web sites.
Re: Using LastPass to Manage Passwords
This post is worth repeating.tech_arch wrote:I personally wouldn't login to anything on a device I do not own and control.
Even a stopped clock is right twice a day.
Re: Using LastPass to Manage Passwords
I recently upgraded to the premium service to take advantage of the family sharing feature. My wife had been using Dashlane previously but switched to LastPass a few months ago, and there were some sites that we wanted easily shared between us and automatically updated for both of us when the password is changed. With the $12 annual subscription, I could set up a folder of logins to share with her. Frankly, after using LastPass a few years now, I'm happy to put up $12 a year for this service.aj76er wrote:Thank you for all the replies so far.
Do you think the premium service ($12/yr) is worthwhile?
Re: Using LastPass to Manage Passwords
Just a thought for those who want a password manager but don't necessarily trust having their passwords stored electronically.
For financial websites, I do not save the actual password. Instead, I save the password last pass generates, but on the website itself I use the lastpass generated password plus my own "pin"; I use the same pin on every website so I just copy the last pass password (or let it auto fill) and add my pin to the password to get access. Now, if my last pass master password is compromised or if something else wonky happens with their site and someone gets access to my account, they won't be able to log on using my passwords without knowing my "pin"
It is slightly less convenient, but I believe it is a lot more secure.
For financial websites, I do not save the actual password. Instead, I save the password last pass generates, but on the website itself I use the lastpass generated password plus my own "pin"; I use the same pin on every website so I just copy the last pass password (or let it auto fill) and add my pin to the password to get access. Now, if my last pass master password is compromised or if something else wonky happens with their site and someone gets access to my account, they won't be able to log on using my passwords without knowing my "pin"
It is slightly less convenient, but I believe it is a lot more secure.