#StandWithUkraine
Andrey “Rarst” Savchenko —  — Software — browser, password, security

LastPass — website password manager

Strong passwords are important for security. I think by now we mostly got that point across. But even then “I am not gonna do it” remains common non–action, like John Oliver puts it to Edward Snowden.

Managing strong passwords is hard. LastPass is a password manager that makes it easy.

What it does

LastPass is an online service that stores and synchronizes passwords. It works through browser extensions to access and fill them on sites.

LastPass interface

LastPass interface.

It does for you the annoying parts of strong passwords workflow:

  1. Generates passwords.
  2. Remembers passwords.
  3. Types passwords into login forms.

It makes complexity of the password irrelevant to convenience of it.

Strong features

LastPass synchronizes passwords across all your browsers and devices. It has the most impressive software/plugin/app line up I had ever seen. It includes not just “mainstream” browsers, but many less so (like an old Opera) and special builds like portable Chrome and Firefox.

Other than passwords it can save notes. These can be arbitrary text or one of templates (such as documents or server access details).

LastPass can audit your passwords collection and notify you about issues, such as:

  • weak passwords;
  • password reuse;
  • accounts on sites that had security breaches.

Access to LastPass itself is password–protected with support with many two–factor authentication options. It has:

  • its own 2FA app;
  • works with standard protocols/apps (like Google Authenticator);
  • and even offers option to print a grid of access codes.

Downsides

Most of the kinks I encountered have to do with form manipulation. LastPass has to interact with websites inside a browser page and some of them do less well. On some of the sites I frequent it fails to fill in login details partially or completely.

Thought it is still quite easy to copy login details from the extension into a form. It is less smooth than usual, but still beats remembering and typing long complicated password yourself.

The most notable limitation of free version — it only syncs passwords within one platform. So you can use it on desktop or mobile, but not between the two.

Other functions exclusive to paid versions are:

  • more 2FA options (support for hardware tokens and fingerprint readers);
  • sharing passwords between accounts.

Enterprise versions adds things relevant to integration in “serious” business infrastructure.

Overall

LastPass has worked out well for me over time. It improved quality of passwords I use and ease of it. Audit feature also keeps me disciplined about getting rid of old and weak passwords.

If you don’t use password manager I would recommend you to try. If only to run audit and see how strong your current passwords are.

Home LastPass.com

Related Posts

2 Comments

  • janw.oostendorp #

    I use Keepass to pretty much the same effect. Big plus: Passwords are not a 3rd party server. Big minus: It's local by default. If you want it on your phone or whatever. You need to set up some sync yourself.

  • Andrey “Rarst” Savchenko #

    Yeah, it is matter of priorities. I have to use a zoo of browsers across different computers, so for me the seamless sync that I don't have to mess with is important benefit. :)