LastPass lets you securely store login credentials (among other things) and then recall them as you are logging in. The service runs as a browser extension on desktop machines or as an app on mobile devices. I’ve been using it since 2013 and could not imagine my digital life without it. No, I’m not getting paid in any way for this endorsement. In my experience LastPass fills an essential but often neglected security niche. It makes it easier for the everyday web surfer to lock down their digital world.
Security always imposes an inconvenience of some kind. You need the right physical key to open a locked mailbox. If you walk all the way down to that mailbox and forget your key, then back you go to retrieve it and try again. Lose your key, and things go from inconvenient to outright urgent. Things only get worse if that key is stolen, and not just lost. In our digital world, these keys have become virtual, and even more prolific than we could ever hang on a belt were they physical.
Login credentials are the keys to accessing vital online resources, but for most of us, the sheer number of credentials we need to recall is frustratingly large. Add to this that passwords need to be complex and unique to provide robust security, and it becomes obvious why mobile devices often contain unsecured notes about user names and passwords. People make such notes to access their various login credentials quickly. Sometimes they will even save them in a Google Doc for access across devices. This facilitates using strong passwords, but still requires a lot of manual steps for password administration, including tedious copy / paste actions. In the digital world, manual steps are opportunities for user error.
Using LastPass, you can automatically capture credentials as you create them, store them securely, and select them from an interface during login on desktop or mobile.
What if LastPass gets hacked? They got hacked in 2015 but none of my data was impacted. As they state on their website:
“LastPass experienced a single security incident in our 10-year history, back in 2015. Bottom line, no encrypted vault data was compromised. Even under this most extreme test, our systems performed as designed and protected the encrypted vault data of our users; furthering our conviction and commitment to our ‘zero knowledge’ security model in which LastPass never has your master password or access to the data within your vault.” Source: https://www.lastpass.com/security/what-if-lastpass-gets-hacked
Every day I use multiple commercial-grade resources to run my web design business. Amazon Web Services, including S3, WorkDocs, and Glacier, assist with asset management and security. Web servers, email servers, database management, and website dashboards comprise a large bulk of the credentials I entrust to LastPass. I rarely access these resources from only my desktop computer or from only one mobile device.
Here’s how it works. You sign-up for LastPass, free or paid, and then install it as an extension in your desktop browser. On mobile, it comes as an app. While you can add credentials manually for each online resource, you can also let LastPass do it for you. As you login, LastPass will ask if you’d like to save this login credential. Doing so means next time you arrive at this login screen LastPass will provide the correct credentials as an option to use. A similar experience occurs on mobile devices. If you have multiple credentials for a single resource like online banking, LastPass will let you select which credentials to use.
“Secure Notes” is another feature that I use heavily, because not everything I need to recall securely has to do with logging in.
LastPass makes online security far less inconvenient, which encourages the use of complex passwords. Better still, data is highly encrypted without any effort on the part of the user.