Nowadays most of us have loads of different usernames and passwords for different sites and it can be a pain to remember them all and go through the process of resetting accounts if you lose or forget one of them. Are there any tools which can help us save and manage passwords and login details?
There are actually quite a few password management tools, but in this article we will focus in particular on the LastPass tool, which is a browser extension which can save all your logins and password details for sites you visit and also allows you to set one master password which will give access to all these logins without having to remember all of them individually.
It is a great tool for both convenience and security. Let’s look at the issue of password security and the solution programs like LastPass offer in more detail.
The Problem That LastPass Solves
The simple problem with password security in modern times is that many of us simply have too many accounts, usernames and passwords to really effectively manage them all in a way that is truly secure.
Security experts for example tend to recommend that we change our passwords once every 1-2 months but in reality how many people are going to do that when some of us may have several dozen or more separate accounts all with their own passwords? Who wants to go around changing all of those passwords individually every month or so?
This standard advice is not practical for people with lots of different login details. One compromise we often come up with is to use very simple easy to remember passwords, or perhaps even the same password for all our sites so we will never forget it. Other people carry around around all their passwords in a notebook, which has its own obvious security problems.
There are a couple of problems with these options in this day and age. Firstly, the easy to remember passwords are often easy to guess ones as well, so they open the door to getting hacked, especially if passwords really are kept simple and without even complex character like hashes and slashes to break them up. Some people even use their name or some other obvious phrases to make sure they can remember it.
Secondly, there are robots nowadays that are scanning the internet 24/7 trying to guess passwords for all kinds of accounts. That’s all they are programmed to do, all day, every day – trying to guess login details to different accounts. If all your passwords are either very simple, obvious phrases or the same for all sites, then sooner or later a bot may guess correctly and get into one of your accounts.
We embedded below a fascinating video by security expert Frank Heidt, where he talks about his experiences dealing with hacks. He confirms that one of the most common hacks on private individuals is just from bots guessing passwords correctly and he therefore recommends we use separate, complex passwords for all account logins.
Frank Heidt confirms that bots guessing passwords and software that is not up to date are the most common cause of computers and accounts being hacked.
But we mentioned above the problem with this. Most people have so many accounts and logins now that changing all these passwords every 30-60 days isn’t going to happen.
There has to be a compromise which means you can use unique complex passwords for different sites without having to remember them all, which is where a tool like LastPass comes in.
A 5 minute run down of the LastPass tool
How LastPass Works
Summary of Key Features LastPass Offers:
- It is a browser extension compatible with all major browsers; a smartphone app is also available
- Free and Premium versions available, Premium currently $3 per month. Single and multi device memberships available.
- Ability to save login information to all your sites into a Password Vault that means you don’t need to re-enter them. Free version has limited spaces in the Vault; Premium has unlimited spaces.
- Ability to generate and store unique, long and complex passwords for all your sites for added security and manage them with one Master Password.
- Autofill form feature to save and automatically input standard personal details such as name, address, card details etc. into online forms to save time.
- Super secure AES-256 encryption alogrithms plus other security protocols keep all your data safe and secure. LastPass never knows your personal data and passwords as they are stored on your device and not remote servers.
- Secure notepad feature to store useful private information.
- Secure share feature that allows you to send private information to other LastPass users in a secure encrypted form.
Click here to get LastPass.
LastPass is a password management tool that can effectively merge all your existing passwords under the umbrella of one “master” password that will give you access to all these accounts. It is a great way of securing all your login accounts whilst only having to remember one password.
LastPass comes primarily as a browser add on, compatible with all the major browsers like Firefox, Chrome, Safari, Opera and Internet Explorer. It is also available as an app for smartphones and tablets. Once installed it carries out all password encryption and storage locally and not remotely, which is an added security benefit.
It allows you to set a Master Password, which you should make as long and complex as possible, mixing up special characters like slashes, hashes and dots with numbers and letters. The longer the password and the more different character types it contains, the harder it is to crack.
The good news is that once you set and remember this password, that’s all you’ll need to remember as LastPass allows you to add login details for other accounts you use and set and store their passwords.
As you login to different sites, it will ask you if you want to save the login details for that site for future use. The Master Password allows you generic access to all your stored account passwords without having to remember them individually.
LastPass avoids the problem of having to enter and manage passwords individually by creating a Master Password with which you can then manage all your other accounts
What’s more, LastPass can generate unique, long, complex passwords for all the different site logins you save and store them under your Master Password, so all your accounts will have unique complex passwords as recommended by security experts, but you will only have to remember you Master Password to access them all once you have saved them.
LastPass is an excellent browser add on tool not just for convenience but for security. A free version is available but has limited features; a Premium version is available for around just $3 per month per user, which is great value considering the password security it gives you. See their site for more details.
Why Having a Long Complex Password Matters
The great benefit of LastPass is that it allows you to set long, complex and different passwords for all the sites you log into. This is important for online security because the length and complexity of a password affects dramatically how easy or hard it is to crack.
As we have already mentioned, there are bots on the net whose only function is to guess login passwords for different accounts, all day every day. Some of these bots use very advanced software which can guess many different passwords per minute, so if your password is not very long or complex it will not take them long to guess it and hack your account.
Making a password even slightly longer or more complex on the other hand, dramatically increase the time it would take for even advanced hacking software to crack the password. Any complex password more than 12 mixed characters will basically never be cracked in any relevant timeframe. See our table below for a demonstration of this.
Password Length and Hack Times
|Password Consists Of:||Possible Combinations||Approx Time To Crack Using Advanced Software|
|5 Characters (Mix of Lowercase Letters and Numbers)||60,466,176||0.03 seconds|
|7 Characters (Mix of Upper and Lower Case Letters)||1,028,071,702,528||9 minutes|
|8 Character (Mix of Lowercase Letters, Special Characters and Numbers)||457,163,239,653,376||2.6 days|
|9 Characters (Mix of Uppercase and Lowercase Letters and Numbers)||572,994,802,228,616,704||9.1 years|
|12 Character (Mix of Uppercase and Lowercase Letters, Special Characters and Numbers)||475,920,314,814,253,376,475,136||7.5 million years|
You can see clearly from the table how setting a longer and more complex password makes guessing it exponentially more difficult and time consuming (Source: password-depot.de).
Downsides to LastPass
From using LastPass we can admittedly see one potential downside that may annoy some people – that passwords are only stored at the device level and not on centralized servers. Whilst this is great for security and privacy, this means that if you use multiple devices you will need to install LastPass and save your passwords individually on each device.
This also means that if you forget some of your stored passwords simply either because the PastPass tool means you have not had to use them for a while, or if you simply don’t know some of the passwords because you have used the feature which generates unique passwords for each site, then you will need to reset your passwords on any account you want to access from a device which doesn’t already have your LastPass passwords stored.
This could be an inconvenience for people on the move a lot who use lots of different devices, say in public libraries or internet cafes, since you will still need to remember all your key passwords to access accounts on any device that isn’t yours so to speak; that you haven’t already installed and saved your passwords on with LastPass.
Similarly if you lose one of your main devices with all your passwords stored you will need to reset your LastPass passwords and also your other ones if you can’t remember or don’t know the passwords for them if they are uniquely generated.
You will also need to re-install LastPass and re-enter passwords on any new devices you buy – you can’t pull them off a centralized server as LastPass does not store your data remotely for privacy and security reasons.
For this reason LastPass is really most suitable for people using only one or a few main devices to browse on, as they just need to install LastPass and save all their details once or a few times and then forget about it.
For sure it can be done on more devices but will obviously take more time to save all passwords to each device individually. Also you will need the paid Premium membership to install on multiple devices.
For people on the move more with work and travelling, often using lots of different devices or public computers which aren’t theirs, this is not so practical and so these people will realistically still need to remember all their key passwords.
For these people LastPass becomes more of a pure convenience tool, saving them having to type passwords in on their own devices at least. They will still have to remember their passwords for any device they haven’t already installed LastPass on.
Another problem I ran into was user experience on the Firefox browser at least. I found the LastPass extension on Mozilla a little clunky and irritating to use, sometimes having to refresh the page to get the add-on to work. The whole experience can just get a little annoying and make logging in to sites take a little longer than it really needs to sometimes if they just made it work more smoothly with Firefox.
Another problem I had was with the add-on somtimes clashing with either Firefox or another plugin, causing the page to freeze and a yellow “script error” message to come up on the browser, slowing down load times on occasion.
I can’t speak for other browsers on this and these problems don’t happen all the time. I also still continue to use LastPass because I still think the convenience of having all your passwords in one place outweighs any minor user experience issues with certain browsers like Firefox.
Are There Any Security Issues Using LastPass?
The fact that LastPass allows you to access all your accounts with one Master Password could of course be seen as a bad thing as well as a good thing. If someone gets hold of that Master Password you they’ve got access to all your saved account logins, which really could leave you in trouble!
This is why you should really make your Master Password very strong, at least 12 mixed letters, numbers and symbols.
That way it will never be guessed or cracked. LastPass also has a two factor authentication setting if you want it, that puts an extra layer of login security to your account. Even if your Master Password is complex though it will be the only password you need to remember once you have saved all your accounts.
If you do forget your Master Password then recovering your account can be difficult or impossible depending on your settings, so it is important to remember it. Writing it down directly somewhere is not recommended for obvious reasons but may be necessary if you struggle to remember it at first. After a certain amount of use though it is possible to remember even a complex password.
LastPass also also uses a very powerful AES-256 Encryptions alogrithm to keep all your passwords secure and protected, as well as some other security features that are a bit too technical to go into there.
Basically, your passwords are very secure with LastPass, with the encryption it uses one of the strongest available commercially, and is good value at only around $3 per month (slightly more for multi-device family memberships).
Also your passwords are only ever stored at the device level and never remotely on servers, so LastPass never has access to any of your passwords including your Master Password, and they have no knowledge of which sites you are logging into or any of your other browsing activity. If your device itself is stolen then you just need to reset your Master Password.
If you do forget your Master Password then there is a process you can go through to try and recover your account using hints and other steps. If this is not possible then you will have to delete your account and start a new one, re-entering all your passwords again. LastPass have a comprehensive FAQ section that deals with this and any other concerns.
Overall we believe LastPass is an excellent tool that provides a realistic practical solution to the problem of securing passwords on many different accounts.
If you are prepared to safeguard and remember one complex password then all of your accounts requiring a log in can be secured with long unique passwords for peace of mind, so we consider it well worth the investment of a couple of dollars a month.
Click here to get LastPass – Free trial and Premium versions available. Premium has unlimited spaces for passwords – single device membership starts at $3 per month.