LastPass Password Manager Review

Summary

There is no easier way to remember your passwords on multiple computers and operating systems than by using LastPass. Lastpass is a good solution for people who regularly move between multiple computers and operating systems. It uses a browser plug-in to work with most popular web browsers on most operating systems. Data is replicated between a central LastPass vault and local workstation vaults enabling access to one password list no matter where you are.

Password managers enable one strong password to protect all your other passwords. Lastpass includes form filling abilities to allow a single login to automatically log you in at all other web locations. With this convenience, a little risk is involved.

1. RISK#1 If your master password is compromised you lose all your passwords. All password managers share this risk. Lastpass mitigates this risk through several multi-factor options.
2. RISK#2 Once you've authenticated with the password manager, an injected script (XSS) can steal your session and access your password store. This risk is unique to browser based managers like lastpass. In the past year there have been two XSS vulnerabilities found. The first vulnerability was within the Lastpass code and was fixed within hours by them. The second vulnerability as not part of the Lastpass code, and was a Operating System vulnerability on Google's Chrome OS. Lastpass could not fix Google's code, so they made changes to make the vulnerability more difficult to exploit.

Despite these risks, using one strong password to guard the rest is better than sharing one password for all your sites.

Lastpass is a "Cloud Based" password manager. This means LastPass keeps a copy of all your passwords on Lastpass servers. Depending on your perspective, this can be an asset or a liability. The architecture of their offering is secure, provided a highly secure master password is used. Laspass stores an encrypted copy of all your passwords on every computer you install it's browser plug-in on, providing access to all your passwords in minutes from anywhere. This means password changes done on any one computer will automatically synchronize to all your computers.

You're not alone if you question the safety of keeping passwords scattered around. In reality, if a highly secure master password is used in combination with their premium multi-factor authentication, the local copies cannot easily compromise your passwords. The cloud copy of your data does not keep your master password, so it is nearly as safe as the local copies.

Lastpass offers a dizzying array of features. The core purpose of any password manager is providing a means to recall a username and password. Some password managers only store user credentials. LastPass also offers automatic form filling. When you visit a site you’ve saved the password at before, lastpass can automatically fill the username and password for you. LastPass excels at this function and rarely has problems.

Page 1      Page 2       Page 3       Page 4       Page 5       Page 6       Page 7       Comments