LastPass is a password manager utility. There are dozens of such utilities floating around on the World Wide Web and the three most popular web browsers (Chrome, Firefox and Internet Explorer) have their own little bags of tricks as well when it comes to managing passwords locally. Everyone should be at least a bit paranoid about safety online. As photographers who spend a lot of time online with our precious files we should be even more paranoid. Just having one super difficult password for all of our accounts is just asking for trouble. But remembering unique difficult passwords for every account is just not possible. Keeping it written down unencrypted is just as dangerous. This is where an app such as LastPass comes into play. And best of all its free!
Managing your passwords locally can be risky, because if someone hacks into your system they have access to everything that they need. Managing passwords online is a much safer alternative and is recommended not only because of the safety features but also because of the huge convenience that comes with it.
In this article we shall talk about LastPass specifically to explain why you should opt for managing your passwords online. LastPass uses a two pronged security mechanism to secure the data that they store in their database. First is the de-encryption cipher which is the master password and known only to you. This is not saved in their database. What does this mean? Let’s say some smart hacker is able to hack his way and gain access to the data on LastPass. Without the cipher that data is as good as a paperweight to him. Another strong feature is that you can throw some additional security curtains in the forms of restricting access from anywhere outside your country, assign a dedicated security email, set authentications and many others.
Using LastPass to assign new passwords
The trick to using LastPass for the first time is to ensure that you change all passwords to your various accounts, both the ones that you use often and the ones that you rarely visit, at least once. But first you will need to install LastPass and it does so by installing as an app on to your browser. It sits there waiting until it is required to interfere when you are logging on to a website or changing password to one.
Now, let’s say you have an account on a (fictitious) website – myfirstlastpass.com (sounds kind of weird!). You decide to login and in the process allow LastPass to record the username and password in to its vault. Here you need to know that LastPass account information is stored in an extremely secure environment.
Okay, so you log on to the website (myfirstlastpass.com) and in the process try and change the current password. You will notice LastPass icons at the form fields where you enter your current and new passwords. This means that LastPass is taking over and monitoring the values that you input here. You could choose to enter a password that you feel is secure enough or ask LastPass to suggest you something (yup it does that too). Right-click on the LastPass icon and it gives you several options. Click on ‘Generate Secure Password’. LastPass will now generate a strong password for you. You could even select how many characters long it should be. Once you like what has been generated, click ‘Accept’ and the password is populated on the new password field. ‘Save’ it on the website and confirm to LastPass that you want to store this in the database. Bang! Your new password is changed as well as stored on LastPass to be auto-populated the next time. So from then on when you try to login to that website LastPass will automatically fill out all of the fields and you just go in without even typing your credentials. If you have several accounts associated with that website, LastPass will give you a drop down option of all your accounts.
Another great thing about LastPass is that folks who work there are more paranoid about security than any one of us. This means that they do all kinds of monitoring for us. Although its not an active monitoring but we can take advantage of it by going the extra mile and doing some manual tests. For example: a little while ago there was an hasty flaw uncovered that allowed bad guys to access Open SSL. It was called Heartbleed OpenSSL bug. Many companies including banks have acted swiftly and patched this bug. But some didn’t. You can launch a test through LastPass that will go through all of your accounts and let you know which sites have a patch and if you should update your credentials. It can also show where passwords are weak and which accounts have vulnerabilities.
If you use your mobile gadget to access various accounts you might also use LastPass mobile app, which is available on numerous platforms. However, even though LastPass for desktop is completely free with no strings attached, if you want to install and use their mobile app you will need to purchase LastPass premium. It is currently $12 per year. That’s just $1 a month! We are not being sponsored by LastPass and I am not pushing you to get the premium account at all. You can be just as happy using the desktop browser plug-in and still be secure for free. You can enter the new passwords to your mobile device once and make sure it remembers it.
But if you purchase premium account, you can login to your LastPass app and it will then auto-fill login fields in your other apps. So all you will need to remember is your super hard master password and make that your last password (pun intended).
Here is a quick and useful tip for creating a master password. You can use a favorite phrase or a part of a song to make a seemingly random and complicated password. For example: Itsy bitsy spider went up the water sprout. Let’s take first letter from each word and have every other one be capital: IbSwUtWs. And not to add more difficulty lets add a number and a special sign. Since spiders have 8 legs let’s put 8 after spider with an asterisk: IbS*8wUtWs. There you go a complicated looking password which you can remember with an easy nursery rhyme.
Still here? I thought you had already opened a new window to check out LastPass. That’s it folks!