Every couple of weeks, we hear about another site being hacked and user account information being stolen. Security evangelists are constantly asking the community to choose complicated passwords and to not reuse the same password for multiple sites.

The biggest complaint I hear is that the above makes remembering passwords impossible. But guess what… you don’t need to remember them because of a fantastic free tool called Lastpass. Lastpass is a strong and easy to use password manager that offers 85% of its functionality for free and has plug-ins for most modern browsers.

Why do you need it

We want you to use complicated password of 10 characters of more which include uppercase and lower case letters, numbers and symbols. Plus we want you to use unique passwords for each site you register with. And you should be changing your passwords at least once every 90 days. Enough said. That is why you need a password manager.

Installation

If you use Internet Explorer, Chrome, Firefox or Safari, you simply choose the universal installer and the program takes care of the rest. For other browsers, you simply go to their download page and choose your browser specific plug-in. This second option is also interesting if you move from one browser to another later, you can simply download the appropriate plug-in for your browser, log-in with your credentials and voila (you have all your passwords within 60 seconds).

The Vault

After installing the plug-ins and rebooting your browser, you will see a new Lastpass icon. A grey icon means you are not logged in (while a red one means you are).  If you click on the red icon, you can go to your password vault where all of your passwords are securely stored. As expected, you can organize your passwords in folders and groups, share/delete/edit individual passwords and search for the entry for any specific saved site.

It is beautifully simple

Whether you use the free or paid version, you get the same level of security and protection. Paid users get access to the mobile apps, removal of ads, faster support and the ability to use two-factor authentication to secure your LastPass login (using a YubiKey or USB key with special identifier).  I use the free version and have enabled two-factor authentication with LastPasse’s Google Authenticator integration.

You install the free Google Authenticator for iphone or Android, then enable it for Lastpass using a uniquely generated QR code from the LastPass settings tab, which looks like this:

And everytime you log in from that point on, you will be asked for your LastPass password and then the unique Google Authenticator code (that changes every 60 seconds):

This means that even if someone steals your LastPass master password, without this unique Google authenticator code (that changes every 60 seconds), they won't be able to log in. We call this two-factor authentication because:

1. It uses something YOU KNOW (aka the master password)
2. and something YOU HAVE (which is the unique token code generated by your smartphone app)

 Conclusion

Your LastPass passwords are encrypted and stored on their servers which means you can access your passwords from any internet connected computer (via the LastPass add-on or you can even use their site as the Launchpad for use on a friend’s PC).

This is a fantastically simple yet extremely powerful tool to protect your passwords and therefore your online life.  The tool can auto-generate strong passwords when you register for new sites or change your password on an existing site (usually will even detect this automatically). It has a form fill feature where you can create different profiles with different information (personal, business, etc) and you can then use LastPass to auto-fill website forms. It has free two-factor authentication support via Google Authenticator.

I can’t recommend it enough. I use it every day and it is one of the first apps I install on every computer I own.

Screenshots

 The vault

 Site edit dialog box