The security of online passwords is usually a subject of constant concern for many web users. If you use the same password for all your online activities, you are taking a huge risk. If any of the sites’ security gets breached and your one and only password becomes exposed, you are in serious trouble. If you create new passwords for everything you do online and do not have a password manager, you also stand a huge risk of forgetting the passwords of sites you visit very infrequently.
In short, using password manager is inevitable with the vast number of sites that we interact with everyday. Moreover, it is very important to ensure you use a password manager that is very reliable and safe. LastPass is the obvious choice for many people considering their history and testimonials from many users. If you haven’t decided on using LastPass or you are considering shifting to a new password manager, there is some good information for you.
What Makes LastPass Safest Online Password Manager?
LastPass brings greater security to your online activities by enabling you create a single powerful password that you have to remember, while LastPass takes care of all your passwords no matter how complex they may be.
Let’s just run through some important things you should know about LastPass.
1. LastPass Stores Your Encrypted Passwords in the Cloud for Easy Access
Being a cloud-based password manager, LastPass synchronizes an encrypted copy of all your passwords on their server. That way, you can easily gain access to your password archive anywhere you are by remembering just your “strong” master password and installing their plugin on your browser. When you change your password on one computer or add a new password, it automatically updates on the cloud. Impressively the cloud copy of your passwords does not store your master password, so it is as safe as the ones on your machine.
2. LastPass Can Be Used on Almost Any Browser or Device Safely
Though you may have to upgrade to premium in order to use some features of LastPass, it is good that LastPass provides this option. Moreover, LastPass provides extensions and plug-ins for Chrome, Firefox, Safari and Internet Explorer.
This ensures you can still use LastPass no matter which browser you are using.
3. LastPass Uses Host-Proof Hosting Techniques for Sensitive Data
LastPass servers store only collections of heavily encrypted passwords plus the sites they are meant for, but not the encryption key you need to generate the real passwords. That way, hacking into their server will not still provide access to your passwords and only users are able to access the raw data. That means encryption and decrypting of your passwords take place on your machine.
4. LastPass Lets You Use One-Time Passwords on Public Computers
Whenever you have to access your LastPass passwords via an untrusted network or in public places, LastPass provides a secure solution called One-Time Password. One-Time Passwords can be set up very easily. It lets you print out a list of passwords that can be used only once. This lets you log into your account once and immediately makes that password invalid.
5. LastPass Password Manager Makes Use of Salted Hash to Store Passwords
Most secure websites use a mathematical function to turn users’ passwords into long, complex numbers. This is better than saving passwords as plain texts, but it is still vulnerable to attacks. To mitigate this, LastPass includes some random data (salt) to plain text passwords and then hash them. These (Login hash) are then salted with clients’ usernames and stored locally. The new hash is sent to LastPass servers and then salted again before they are stored on the server to ensure maximal security is provided.
6. LastPass Provides Screen Keyboard in Case of Keyloggers
For many years, keyloggers were used to steal passwords in public places. No matter how strong your password is, once a keylogger discovers your password it is just as vulnerable as a weak password. LastPass tackles this by providing Screen Keyboard for entering your master password.
7. LastPass Offers Several Multi-factor Authentication
The ones available in the free version are Grid and Google Authenticator (for iOS and Android). Grid multifactor authentication involves printing out a set of 260 coordinates and responses. LastPass then challenges you to enter the value of four coordinates after entering your master password successfully. Others include Sesame that makes use of a USB thumb drive as well as Yubikey, which acts as a USB keyboard that provides a one-time password whenever it is activated.
8. LastPass Layers Security Techniques
In spite of the several levels of encryption, LastPass still uses SSL for data transfer. Also, they ensure automatic throttling of bogus log in attempts as part of their security features.
9. LastPass Allows Users to Restrict Logins to Specific Countries
Recently, LastPass added another security layer to their system. Users can now limit the IP addresses from which they can log into their account. This could be limited to home country alone or some selected countries.
10. LastPass Lets You Prevent Log in Attempts from TOR
LastPass security settings allow you to disallow log ins from TORs since they are mostly used by hackers to remain anonymous when surfing the web. Thus, users who don’t ever use TOR can opt to check this option also.
11. LastPass Lets You Activate Multiple Security Settings
Under LastPass settings, you can determine the logoff behavior of your browser, set multifactor authentication and clear clipboard after use as well as set an auto logout timeout. These are several options for keeping your LastPass vault secure.
12. LastPass Lets You Control Your Password Iteration Value
This is possible under general settings. This means, you determine how long it will take to check if any of your password is correct. Bigger values increase the time spent logging in, while lower values reduce the time spent. 500 is the recommended value by default.
13. You Can Enable Security Notifications on LastPass
With the security tab in LastPass settings, you can set LastPass to notify you whenever LastPass master password changes or any of the passwords and usernames in your LastPass vault. You can even set a dedicated security email address for receiving information on security threats to your LastPass account.
This is important if you fear someone else might access your LastPass account.
Password security is a real challenge on the web. Luckily, LastPass has proved to be very useful in the last few years. However, this is not a yardstick to drop all your guards if the security of your passwords is really important to you. In fact, you should decide to use a good password manager for all your online activities, but you may exclude the most sensitive passwords.