Browsing Safe Sites Securely with LastPass

July 11, 2012 at 3:04 pm | Posted in Computers, Internet, Online services, Security, Software, Technology, Web Apps | 9 Comments

You probably know that when you browse web sites and they ask for personal information or a login, you want to be on a secure server. The web address says https:// and the lock symbol shows. Your information is encrypted so is pretty safe. If anyone is “listening” to your data, they can’t read it.

But if you then use an easy-to-guess password like “password” or “0123456” (duh!), you’ve just tossed away your security. It takes hackers just seconds to break simple passwords that use common words and numbers. The fewer the letters, the faster. This is why many are getting their Hotmail accounts hacked, for example*. (Hotmail doesn’t prevent many repeated access attempts.(duh2))

If you use a harder password but use the same one everywhere, and then one of those sites is hacked, you expose yourself everywhere. This becomes increasingly important when there is growing cross-talk between services, like Googles integration, Facebook and suppliers, and so forth. You may not think it that important if someone can look at your Amazon book orders but don’t forget you gave them your credit card info too. It’s surprising what tidbits of information we spread around the Internet about ourselves. Do you remember what you entered 5 years ago?

I’ve written on this subject before:  Good passwords  Password Managers

[UPDATE: if you’d like a good password suggester, this PCTools page has a good one. Select quantity of 10 and it will give you a range to choose from. Choose one you like or run it again.]

I’ve used different techniques over the years. I tried KeePass but storage only tools are fussy to keep current. If not current, they lose usefulness fast. For awhile I used a spreadsheet in a secure Truecrypt “container” to store passwords. But this was a little fiddly to access and one day, it came up corrupted. Fortunately I was able to rescue the data. This also exposes another issue- backing it up. If it’s all stored in one place and that’s lost, you lose it all.

Storing your passwords on-line in a secure way can be the most convenient as they’re then accessible from anywhere. (with a secure password) When browser integrated, they’ll fill in forms and your remembered passwords automatically. And save new ones with a click. This makes them markedly more convenient plus you’re more likely to use a much more secure password if you don’t have to remember it.

You just have to remember one master password – for the password tool – and to log out when you step away from your computer. (NOTE: if you’re at a shared computer, closing the browser does NOT log you out of many services. The server doesn’t know you’ve closed your session. I’ve often sent people an email to themselves when I launched something like Gmail and was taken straight into their account. Yoohoo! And GMail – why have you made Logout harder to find??)

RoboForm is very well recommended but the free version is almost useless, storing only a few passwords.

Another I’ve recommended is LastPass. Gizmo now thinks it’s as good as Roboform. (See also Best Free Password Manager) It combines local software with on-line secure storage. The free version stores unlimited passwords in the cloud securely, decrypts them locally, fills in web forms, allows secure notes, and is accessible from any browser: computer, smart-phone, tablet, iPxx, whatever. (with the plug-in and your master password) Plus you can access your data when not on-line unlike pure on-line services.

Now, you may object to storing your passwords on-line but this is actually more secure than on your computer. They’re encrypted unless you open them on your local computer. LastPass staff cannot access your data, even if a court ordered it or someone hacked them. But if your local computer dies or is stolen, you’ve lost your passwords with the computer. With LastPass, they’re still stored on-line, just like your bank records.

My only quibble was that it didn’t offer a ‘generate password’ option to test strength until it senses you’re logging in to something. That sometimes doesn’t happen on a new site when you want to pick a password. However the Alt-G shortcut will bring you that option. Browse the Tools sub-menu for more.

The last setting during install is to Close LastPass with your browser. Unless you hop from one browser to another a lot, I’d recommend that change from default settings, especially if you’re on a shared computer.  If you miss it, this can be set later in Preferences.

They also have a Premium mode that adds export, on-line backup, USB-key version, separated work passwords, and more for the professional.

This site tells you how to run a Security Check in LastPass. How secure are your passwords? You may find you need to work through them to improve your security. LastPass will suggest more secure passwords that you no longer have to worry about remembering. That’s its job.

If there are some sites you expect to need to access away from your computers (say, your email), you can log into LastPass from anywhere. But simpler to have those few passwords still memorable. A nonsense name blended with characters and numbers can still meet the strong requirement. Think of a fictional nickname of someone at a prior address or having done something an amazing number of times, etc. See the prior article and comments for more tips around this.

David

*email servers have become much more secure, so nasty spammers now look for easily cracked web-mail accounts they can use for spamming. If you don’t nip such a problem in the bud (like when you started getting a bunch of bounced messages you didn’t send), you may get locked out of your account and/or have it shut down. Change the password to something secure NOW!

9 Comments »

RSS feed for comments on this post. TrackBack URI

  1. Here’s an excellent Lifehacker article on the premium service with 2nd factor USB authentication. There’s also links to other related articles.

    http://lifehacker.com/5879117/how-to-build-a-nearly-hack+proof-password-system-with-lastpass-and-a-thumb-drive

    Like

  2. […] hard-to-guess passwords, so a Password Manager can be very handy.  I talked about my fav – Lastpass – here. Safe surfing! […]

    Like

  3. […] make sure you use LastPass or some other tool to securely store that unrecoverable Boxcryptor password. In a place that can be […]

    Like

  4. […] login details and remember strong passwords for you. Way better than browser tools. I’ve recommended this before. RoboForm is also well-recommended but not […]

    Like

  5. More advantages to LastPass?
    https://fornow.wordpress.com/2014/04/11/heartbleed-what-is-it/

    Like

  6. Just read an article on Dashlane, a newer player in this market. It suggests a nicer interface but you have to pay to get cloud storage. Same issue as with Keepass. Free is not available everywhere. The interface is also not integrated.

    Sounds good but as I note above, if it’s not storing it online, it’s not backed up and could be lost. Not what you want with your passwords. As I note, this is more secure.
    http://www.pcworld.com/article/2043301/review-dashlane-is-a-robust-password-manager-with-a-gorgeous-interface.html

    Like

  7. […] have strong passwords, especially if you plan to share the media through the Internet. A tool like LastPass can help you track all your passwords […]

    Like

  8. […] readers here know, I’m a fan of LastPass, a free PC password manager. The premium version, for $12 a year, adds many other features […]

    Like

  9. Here’s a useful Update.
    A new password manager that also allows you to use temp email addresses, tracker blocking and more. For a fee, you also get temp credit card numbers, etc.
    https://abine.com/

    You can turn off it’s password manager if you already use one like that above.
    https://dnt.abine.com/#help/faq/faq-usepwm

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.