Last Pass

Working with Password Managers

Have you tried using Password Managers? Let me guess.

The Internet is open slather.. and you surf to many websites that require a user name and password..

I’ll also make an educated guess and say that you use the same user name and password for many of these sites without giving two hoots about the safety precautions that are involved. This is where a Password Manager comes into its own.

I will admit to undertaking this practice and having done so for many years without thinking of the consequences. Until recently that is. Just imagine if someone found a common user name and password that I had used, and then applied it literally across many other websites, and lo and behold, be successful in gaining access. That is surely a horrifying thing full stop.

The world of the Internet has changed over the course of the last few years. It is not such a friendly landscape that we go to now. It can clearly be described as a Battlefield. And you, as a user need to be aware of the pitfalls involved in negotiating this dangerous No Mans Land and be kitted out in full armourment in readiness for the challenge.

That might sound overly dramatic, but online theft and identity fraud are a huge business to all the baddies out there doing it. In fact, you’d be surprised at the huge lapses in security that put users online identities at risk. In the past few years, we’ve seen massive security breaches by the likes of LinkedIn, BitTorrent.org, Yahoo, Instagram, MySpace and Adobe. Pretty big names yeah? The typical lapses included the saving of user names and passwords in non-encrypted databases. Details saved as plain text or hashed info rather than salted encryption records, as is the norm these days.

So what does that mean for you? Yes, it’s a PIA to use different passwords for different websites, and then try to remember them all. Not surprisingly, in our fast paced action packed lives, we have short memory spans. This is where a Password Manager steps up to the plate. Now, having worked with Password Managers the last few weeks, there are some things which work well, and some that continue to be an annoyance. Let’s look at one PM in particular – Last Pass.

Last Pass – the good

  1. Can be installed as an extension into your web browser, thereby able to interact with all the websites you visit.
  2. The management of the websites and associated passwords is held in a vault, maintained by a masterkey [password]. Don’t ever forget it.
  3. Once inside the vault, you can organise your websites into groups/categories, and then review the passwords you have assigned.
  4. If you need to change a password, you’ll need to go back out to the website concerned, change the password there, and let Last Pass manage the change through its extension interaction.
  5. You can also set Last Pass to auto-login to any site should you want to.

Last Pass – the not so good

  1. If you visit a website that has two-factor authentication (or a double login), then Last Pass will only work for the first step, not the second. You have to manually enter the second part.
  2. Using Last Pass on a smartphone is a pain, because mobile web browsers typically don’t use extensions. To get around it, you can install Last Pass as a download app, but this will install its own browser, and it’s likely the one that you prefer not to use
  3. You will need to re-enter the master-key password each time you want to use Last Pass. The retention of the master-key password on your mobile is not a good thing, particularly if your phone is stolen or compromised.
  4. Last Pass information is held in the cloud, and not on your local desktop or laptop. Which could be a security concern for some, especially if you compare Last Pass with KeyPass (or KeyPassX for Linux), which is run from the local computer.

There are several other password Managers out there. In fact, PC Magazine did a summary round-up not long ago (7 July 2017), so you research for yourself what works for you (PC Mag article)

In Summary
I know many users (mostly phone users) are so lapse with personal cyber-safety, that much of this article will blow over their heads like a mild zephyr. Especially teenagers. If on the other hand, cyber-safety is important to you, then taking the next step to protect yourself seems like the logical thing to do.

Other Site Pages:
KeePass and KeePassX – Password Manager

spacer