Dec 2, 2009

New LastPass website and LastPass version 1.62.0 released

As you've hopefully noticed LastPass has revamped its website, but this wasn't just a cosmetic improvement, we've revamped our help section, our FAQs and downloads page to make them more intuitive and easier to find information. It also gives us a chance to feature the awards and great comments we keep receiving.

LastPass version 1.62.0 has also been released, we've focused on improving Chrome and Safari support mostly, and making using a multi-factor device easier by allowing you to remember the computer you're on to avoid being prompted for it going forward. This makes it easier to do things like require multi-factor on your laptop, but make things quicker and easier on your desktop. Remember computer support works with LastPass Sesame, Yubikey and our newest feature: LastPass Grid.

LastPass Grid is a free multi-factor authentication solution available to any user -- no hardware required, no premium LastPass membership required. LastPass Grid video

Using LastPass Grid is easy, print it off, fold it in half and put it in your wallet. Used with the remember this computer feature you might only need to enter Grid coordinates a few times, but you can rest easy knowing that even if someone determined your LastPass master password, they'd still also need to have your Grid to get in. This is a big road block for anyone attempting to access your account, and really enhances the security of LastPass.

You may want to login to your mobile devices before enabling Grid (or any multi factor) so you can take advantage of restricting mobile access too.

LastPass encourages everyone to take advantage of multi-factor authentication. With our new remembered computer support and now with LastPass Grid we're removing a lot of hassles out of using multi-factor.

Nov 24, 2009

LastPass Featured by PC World

Technology and Security Journalist Erik Larkin recently featured LastPass in his article for PC World.

He highlighted the recent large-scale password stealing headlines pointing out that average users are highly vulnerable and effused that everyone should take steps to protect themselves.

From the article:

LastPass fills in your username and password for verified sites that match a real URL; phishing scams that use similar but fake Web addresses won't deceive it. And because you don't type your password, keylogger malware can't capture your keystrokes and nab your password.

The full article can be found here:
Keep Your Passwords Private--and Handy--With LastPass

Nov 12, 2009

LastPass for iPhone 1.60 on the app store

LastPass 1.60 is on the iPhone app store It is for premium LastPass customers only.

It's much better looking now if we do say so ourselves including FavIcons for all your sites.

It makes it easier to copy & paste data out of form fill profiles and provides options such as the much asked for capability to disable the app icon badge which indicates you're logged in. There's a number of stability fixes too.

We're still looking to expand its capability and have a few new features in the works (easier transitioning from iPhone Safari -> LastPass and some additional security options). We're looking at bookmarks, but if there's other features you're interested in please let us know!

Oct 29, 2009

LastPass 1.60.0 released, x64 for IE

This is the first build that includes includes support for the x64 version of Internet Explorer. If you're using a 64-bit windows it's available on https://lastpass.com/download.php and will allow both the 32 bit (default IE) and 64-bit IE to work.

We've started work on Fennec, Mozilla's new mobile browser -- looks like it could become a powerful addon since it has full support for addons built-in.

The Google Chrome addon is improving and is now up near the URL bar at the top right in a style that's closer to the default compact toolbar on Firefox. We're testing some new UI concepts here like displaying a colored icon that spins to indicate a possible action, we'd like to hear if you like it better (or not). The extension bar is disappearing from Chrome so it was a good time to try this. Also it looks like Linux Chrome is being worked on so hopefully OS X chrome won't be too far behind.

Safari and Chrome support for Sesame and Yubikey have been added. We're also planning a free multi-factor solution (paper based) as we want everyone to be able to use multi-factor authentication even if you can't spare $1/month.

We've added a number of new password managers that LastPass can import from include Clipperz, PINs and SplashID (on top of the dozen we already support, including Google Chrome import from the installer which was just added). As always if you can get a non-binary export for your legacy password manager, send us the format and we'll build an importer.

Release notes: https://lastpass.com/upgrade.php

Oct 27, 2009

The PC World 100: Best Products of 2009

We are proud to announce that LastPass was selected as #46 in PC World's list of best products of 2009 yesterday.

LastPass is in good company - the iPhone 3GS, Windows 7, facebook, intel's new processor, and twitter just to name a few.

We definitely appreciate the acknowledgement of our hard work and will continue to push and innovate and look forward to being on 2010's list.

The full article can be found here.

Oct 7, 2009

LastPass.com Featured on FOX News

Lance Ulanoff, Editor in Chief and Senior Vice President of Content for the PCMag Digital Network, recommended LastPass.com earlier today when appearing on "The FOX Report With Shepard Smith".

When speaking about the importance of creating strong passwords, Ulanoff stressed:
If you don't create strong passwords, you are a sitting duck.
and went on to say:
[LastPass] is so so easy. I use it all the time because I can't remember any of my passwords.
To view the complete video interview, click HERE.

Disturbing Password News

Over the last week there have been many reports of how tens of thousands of email addresses from MSN, Yahoo, AOL, Google, Comcast and Earthlink have been compromised in what is believed to be a large scale phishing operation.

Today, an analysis of the leaked passwords was released and published by Wired:
A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.
This is extremely disturbing, but what is equally disturbing are results about password-reuse recently published by Tim Nash, an Information Architect:
A scary 92% of people use the same password across all websites including their email accounts.
What most people don't realize is that if you lose control over your email account, then you've effectively lost control over ALL of your accounts. Once your email account has been compromised, a hacker can easily use the 'password reset' feature for all of your other accounts
to gain exclusive access to them. If you use the same password across multiple sites, then all of them are only as secure as the least secure site: an attacker simply has to break the weakest link in the chain.

Here are some tips to help protect yourself in the future:
  • Use a password manager like LastPass to generate complex-secure-random-unique passwords for all of your accounts
  • Never click on links within emails to open websites - always manually type the URL in the browser search bar or find it using a Search Engine
  • Avoid using untrusted computers or networks to access your critical accounts
  • Change the password to your critical accounts routinely
If you use LastPass as your password manager, consider increasing security
by using LastPass One Time Passwords. LastPass Premium members can also use a YubiKey, and/or LastPass Sesame to gain the benefits of multifactor authentication.

Oct 2, 2009

LastPass for Google Chrome Alpha

LastPass for Google Chrome Alpha has begun, we've had a good review despite it's very early status: http://www.downloadsquad.com/2009/09/30/lastpass-extension-for-google-chrome-now-available-and-it-rocks/

3 steps to install:
  1. Chrome's extension support is only available in their dev builds, so you must first install the dev channel of Chrome.

  2. Then, to install LastPass, point Chrome to: https://lastpass.com/lpchrome.crx

  3. Finally, it is recommended that you disable the built-in password manager by clicking on the Options (under the customize and control 'wrench' button). Then choose the 'Personal Stuff' tab and select 'Never save passwords' and 'Never save text from forms'.
Chrome's extension support is progressing at varying speeds for different platforms, so it is possible that Mac and Linux users might have reduced functionality compared with Windows users.

We've also added support to our Windows installer to import your Google Chrome passwords into LastPass, if you have passwords stored there you'll want to use it to get them imported: https://lastpass.com/lastpass.exe (import only, you must install with the instructions above).

If have problems installing ensure your Chrome version is greater than or equal to 4.0.220.1

Sep 23, 2009

New and improved mobile applications

We've been hard at work bringing our mobile applications up to speed, and we're excited to announce a plethora of new features released this week.

Our BlackBerry, Windows Mobile, Google Android, and Symbian S60 mobile applications now have full support for viewing your form fill profiles. Now you can rest assured that your credit card, bank account, and any other important information you have stored in your form fill profiles are always at your fingertips. These same mobile applications now also have support for switching identities, so you can define which sites, secure notes, and form fill profiles you want to see at any given time.

Our Windows Mobile and Android mobile applications now have full form filling support built into our integrated web browser, as well as support for generating passwords. They will also now respect your equivalent domains and never URLs. All these features will soon be coming to BlackBerries capable of running the upcoming BlackBerry OS 5.0 (expected before the end of 2009).

We realize that LastPass for iPhone, by far our most popular mobile application, isn't mentioned in this posting. Please understand that while all the above features have been completed for LastPass for iPhone, we've thus far found it very difficult to get updates approved by Apple and pushed out to the iPhone App Store (just as it was very difficult to get our application in the store in the first place). Rest assured that we're committed to keeping LastPass for iPhone up to speed with the rest of our mobile apps, but that Apple ultimately has the control.

Sep 16, 2009

Safari extension updated, full 64-bit Snow Leopard support

The LastPass Safari extension has been updated with full 64-bit (and 32-bit) Snow Leopard support. It also fixes a number of issues and improves the installer process to restart Safari for you.

To download go to: https://lastpass.com/lpsafari.pkg

In other news, we've been waiting nearly 8 weeks for Apple to get on with the business of approving our iPhone update with a minor amount of back and forth in that time. We feel terrible that a semi-broken version of LastPass for iPhone is out there and that we have no way to getting it fixed for our customers. Our apologies, our hands are really tied because Apple also limits us to 100 beta testers for the entire year.

Google Chrome extension is really starting to take shape, our first alpha release is measured in single digit days at this point...

Sep 2, 2009

LastPass for Safari OS X 10.5+ beta released

LastPass for Safari is now available, it has the ability to import your saved passwords from Safari built in and importing 1Password entries is easy too (LastPass Icon -> Tools -> Import) . The combination of a compiled LastPass addon plus Safari's speed means that Safari 4 + LastPass is also the fastest combination on OS X!

To get it simply fire up Safari and go to https://lastpass.com/ and hit 'Get LastPass'; if you're new to LastPass you'll also need to create an account. You'll then need to fully restart your browser (Safari Menu Item -> Quit).

We've worked hard to try to add all the features available on our other platforms, and we're largely there. There are also a few unique to LastPass Safari features like if you customize the toolbar you'll see 2 other possible buttons: Fill and Submit and Form Fill for easier access to those capabilities. We still have a few notification preferences to add, and potentially a local vault and multi-factor authentication is currently disabled.

It does work with Snow Leopard (OS X 10.6) but you must set Safari to run in 32 bit mode (Go to Finder -> Applications -> Right click on Safari and hit 'Get More Info' then set 32 bit).

LastPass for iPhone has benefited from this effort, and we're sending a new build to Apple's App Store queue tonight which has added Form Fill, Identity support, Offline network retries, local file writing, a password generator and more. Our commitment to OS X will also have us syncing your Keychain data soon too.

And before you ask, we've stared on Google Chrome and Palm Pre; they're next on the docket and will be completed soon.

Aug 26, 2009

Using a strong password more important than changing your password frequently

Larry Magid, a technology journalist with CNET News, recently discussed a study published by the Chief Marketing Officers Council that highlighted the disconnect between people fears of security risks and what they do to protect themselves.

To protect against phishing and identity theft, security and antivirus companies highly recommend that users change their passwords on a monthly basis. Larry takes issue with this saying:

While a terrific idea, it's unrealistic to expect people to change their passwords monthly though, as I pointed out in a recent post, it is important for social networkers to have very strong passwords and consider using a password manager like LastPass.

The full article can be found here.

Aug 13, 2009

LastPass vs Roboform by the Associated Press

Peter Svensson, a Technology Writer for the the Associated Press, recently compared LastPass directly against RoboForm with ease of use being one of the most important considerations.

Review: LastPass and Roboform take password management to the next level with online storage

Peter wisely discusses why the way most people store passwords is extremely insecure and espouses the benefits of password management applications. He covers how the new breed of password management applications are storing passwords encrypted online to allow universal access to your data.

From the article:


The [RoboForm] system is still cumbersome.
[...]
In providing an online storage option, Roboform is catching up to a new password management program, LastPass, that's designed from the ground up to store passwords online. Trying that, I found it slightly easier to use — at least, it didn't confront me with cryptic dialog boxes. It also has the virtue of being free, while Roboform costs $30.
[...]
Since LastPass is free and has the edge on browser and Mac compatibility, it should probably be your first pick.

Aug 9, 2009

What's a bigger problem than malware/Viruses? Poor Password Management

Interesting post by Larry Walsh, which nicely frames the issues we saw when we created LastPass:

http://blogs.channelinsider.com/secure_channel/content/authentication_and_access_control/poor_password_management_eclipses_virus_problem.html

Passwords are a huge problem at every organization I've worked with, and are typically the weakest link in the security chain, no matter what the policy has been. The solution is a single password people actually care about making secure and associated multi-factor addons to increase security. The last password you'll have to remember.

LastPass still has a lot of work left in bringing to life our vision of allowing you to use a single password everywhere but we should be able to complete our first stage (web based integrations) and moved into our second phase (desktop applications, flash and Java, etc) in a couple months.

Aug 1, 2009

Easily login to your LastPass accounts from your iPhone? There's an app for that.



LastPass for iPhone has made it to the App store. LastPass in the App Store. We're very excited about this because we love using it, and find it incredibly convenient to have all your sites and secure notes available for easy access on your iPhone. The App allows you to edit and add sites and secure notes and launch sites in a built-in browser where LastPass fills in your data automatically.

Help Page / Frequently asked question




We're going to continue adding functionality and improving usability so let us know what you think and how we can make it better.

Like our Android, BlackBerry and Windows Mobile applications, this application is a part of our LastPass Premium offering. You will be able to try LastPass for iPhone for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

We're also very close to releasing our first alpha version of LastPass for Safari (OS X) so stay tuned.

Jul 17, 2009

LastPass for Android BETA


We are pleased to announce the beta release of LastPass for Android! LastPass for Android is an application that allows you to access and edit your LastPass data from a Google Android smartphone. It also features a built-in browser that will automatically fill your login information for each of your saved LastPass sites.

To install, simply open Android Market on your phone, and search for LastPass. Or if you're already browsing this on your phone, simply click here.

LastPass for Android is still in an early beta stage, and as such, we'd love to hear comments from our users on how we might be able to improve and extend it.

Like our BlackBerry and Windows Mobile applications, this application is a part of our LastPass Premium offering. You will be able to try LastPass for Android for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

Jul 13, 2009

Password Fatigue and LastPass

John Kelly of the Washington Post had an amusing article today about how much trouble it is to create a new password every 90 days:
So Many Passwords, So Little Time

Hopefully John will find LastPass and put these troubles behind him -- using LastPass' Password Generator he'd be able to specify that uppercase, lowercase, numbers and special characters are required; generate it with a click and never have to remember what it was. LastPass takes care of the rest.

The title actually speaks to the exact problem LastPass solves: one last password to remember and you can forget all the others.

Jul 10, 2009

Troubling stat of the day

I saw a statistic today that really caught my eye. pcworld.com.nz ran an article that discussed the proliferation of botnets in the last 2 years. They reported:

About 38% of the credentials stolen by Torpig were obtained from the password manager of browsers

It is certainly not a surprise to us here at LastPass, we have learned first hand how easy it is to get to the passwords that were saved by Firefox and IE.

So use LastPass. And follow our advice to import all of your browser's passwords and delete them from your computer! It will make you safer.

Jun 9, 2009

New Release

Some highlights of LastPass version 1.51.2:

-A new product called Sesame for our premium members that allows for multifactor authentication with your existing portable USB device
-Windows Mobile application now generally available as a trial for non-premium users
-Many general improvements to our core engine: improved autologin support, non-compact search shows drop down menu of sites, reduced the frequency the notification bar is shown for sites that have login forms on every page, more translations, etc.
-Support an optional way to store a disabled one-time-password on your PC in case your forget your password: this allows password recovery for those who want it without revealing your password to LastPass.

As always, a more complete list of the changes can be found here.

May 26, 2009

Are you a talented graphics designer?

We're looking to do a refresh of our website and other areas within the LastPass.com product suite.

If you are a talented graphics designer with a knack for usability, and have some ideas on a new look and feel, please contact us at support@lastpass.com. When contacting us, please send us a link to a portfolio showcasing some of your past work.

Thanks,
LastPass

May 6, 2009

1.51 Released

We have been working so hard on adding new functionality and products that we haven't updated our blog in a while. Let me bring you up to speed:

1.51 was recently released. Some of the highlights of the release are:
- LastPass can create a new form fill profile directly from the form you're filling online
- Can now more easily mix and match credit cards and profiles when form filling
- New option to prompt to login to LastPass on startup of browser
- Previous state of your vault (what groups are expanded/collapsed) is remembered
- Password Strength Meter added to generated password window, and online editing of accounts
- Include a 'Recently Used' category on Vault and in toolbar menu

For a full list of new features and some bug fixes, take a look at our Release Notes.


We have released a sneak peak of our iPhone application to our existing premium members. We will release it generally very soon.

We are also working on a Windows Mobile application and some other neat projects that should be available in the next few weeks. Stay tuned!

Apr 7, 2009

LastPass listed in ZDNet's "top 5 Windows tools for keeping your digital life in sync"

Yesterday, Ed Bott from ZDNet, listed LastPass in his top 5 Windows tools that help keep peoples digital life in sync. A former RoboForm user, his review praises LastPass for "its superb web-based integration" and for doing things "better".

http://blogs.zdnet.com/Bott/?p=787

From the article:

Last year, when I put together a list of my 10 favorite Windows programs of all time, one of the superstars on that list was RoboForm. Since then, I’ve found a replacement that does everything RoboForm can do and more—and it’s completely free.


[...] LastPass will make you more secure online, period.


[...] I recommend it enthusiastically.

Mar 21, 2009

LastPass awarded PCMag.com's Editors Choice for Password Management

Neil J. Rubenking from PCMag.com just published a comprehensive review of LastPass giving it 5 out of 5 stars.  His article pits LastPass against all existing password management offerings and awards LastPass with its "Editors Choice for Password Management".

http://www.pcmag.com/article2/0,2817,2343562,00.asp

From the article:

LastPass's catchphrase is "The last password you'll ever need," and I think the app does a pretty good job of living up to that claim. It has just about every software feature offered by any other password manager, as well as some the others don't have. Its multiple mobility options ensure that you can use it anywhere. And it's free! I'm switching to LastPass, our new Editors' Choice for password management.


Mar 20, 2009

First Release Version of LastPass!

The LastPass staff is proud to announce our first official release today! It has been almost 1 year to the day since we began to work on this product and we have come a long way. But rather than look back, we have our sights on the future. We have a lot of exciting products in our pipeline, some of which are nearing completion.

We have also released our premium offering this week. Among the added benefits of signing up are guaranteed support, a native blackberry application, and no ads. The entire list of features can be found here. It is only a $1 a month, which we will put towards our hosting costs and will be used to build new features.

Mar 16, 2009

LastPass for BlackBerry BETA, and LastPass Premium

We are pleased to announce the beta release of LastPass for BlackBerry! LastPass for BlackBerry is an application that allows you to access and edit your LastPass data from a BlackBerry smartphone. It can also cache your data in an encrypted file that gets stored on your BlackBerry, so it's available when you have no network coverage as well.

To install, simply point your BlackBerry browser to https://lastpass.com/, and then select the large green "Get LastPass" icon. You can also browse directly to https://lastpass.com/LastPassBB.jad.

LastPass for BlackBerry is still in an early beta stage, and as such, we'd love to hear comments from our users on how we might be able to improve and extend it.

This application is the first in a new line of features we're calling LastPass Premium. You will be able to try LastPass for BlackBerry for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

Along with LastPass for BlackBerry, LastPass Premium also gives you an ad-free experience and priority phone and email support. It's available for only $1 per month! You can read more and subscribe to LastPass Premium at https://lastpass.com/premium.php.

We plan on augmenting our LastPass Premium feature set even more in the near future, with features including YubiKey support, an iPhone application, and Windows Application support. Stay posted for further details on these features.

Feb 16, 2009

New features in 1.45

Notification Bar shown less - Changed the FormFill/Generate Password/'Log into LastPass' notifications so they are shown only when you click on the first input field rather than on page load. This is in response to some feedback that the notifications were being shown too often. You may revert back to showing on page load if you uncheck 'Show certain notifications only after click' in the Advanced tab in Preferences.

More Vault Improvements - There is now a right click menu available for sites and groups listed on the Vault. You can create subgroups, rename existing groups, move groups, etc. It is pretty powerful and should help you organize your sites more efficiently. This can also be combined with your ability to select multiple sites to perform right click actions on multiple sites at once (such as move, delete and share all).

More Security Options - You can automatically clear copied passwords from the clipboard after a predefined time period, logout automatically after browser has been closed for X minutes, and you have the option to delete your locally cached files.

And as with other recent releases, our volunteer translators have been hard at work to make this available in more languages. We have also fixed a number of bugs that have been submitted by you.

Jan 27, 2009

Monster.com Is hacked, Usernames and Password stolen!

Monster.com has been hacked exposing usernames and passwords:

Monster Hacked

If you used LastPass and used a generated a password, just login to Monster.com and generate a new one.

If you're part of the majority of the population that uses the same password on every site, you should be worried. Some nefarious characters have your username and password to many of your sites. This is just another concrete example of why your current password management strategy of "none" or "tiered" is a bad idea. Unfortunately this isn't rare, it's the second time it's happened to Monster.com!

Protect yourself -- use a different password on every site with LastPass. Here's the basic instructions on how to use Generated Passwords with LastPass:

Jan 25, 2009

New features in 1.44

Here are some of the new features in our most recent release:

Selective Form Fill - To selectively fill forms, simply use your mouse to highlight only the form fields you would like to fill (by clicking and holding the mouse button while you drag the mouse over the page). Then, use form fill as you normally would, and only the fields you selected will be filled in. This feature has been added to the plugins and also in the bookmarklets.

Drag & Drop on Vault - The local Vault page now handles dragging and dropping of your sites between groups. This should allow you to organize your sites quicker and easier.

Sharing improvements - If you log into your account on https://lastpass.com, you will now see a new 'Friends' tab. This allows you to see who you have shared sites with, what sites they were, and how many times they have been accessed. You also now have the ability to sharing multiple sites at a time and to share with multiple people.

In addition to these changes, some of our translations have been updated (thanks goes out to our volunteer translators). We have added numerous bug fixes and minor improvements (many of which were suggested by you).


Jan 19, 2009

Opera, Google Chrome, Safari, iPhone, Opera Mini and more with Bookmarklets

[ UPDATE ] LastPass has since released a Google Chrome extension, an iPhone App, Windows Mobile, Blackberry Android, and Symbian mobile apps which you may want to look into instead or in addition to the bookmarklets.

----

LastPass has just released 3 bookmarklets to extend the LastPass experience to all the other browsers and mobile devices in your life.

We're very proud of implementing our complete Form Filling solution in a bookmarklet too -- Now if you want to buy something on your iPhone at an online store with your credit card you can do it in 10 seconds rather than 15 minutes (or not at all), it's amazing.

If you're already an IE/Firefox LastPass user the experience is a little different -- you have to do some setup, and you have to activate the LastPass feature on each page -- but if you are on the road and can't install software, have a mobile browser, or like to use Opera, Google Chrome or Safari, this solution works quite well.

We've prepared a quick video covering setup and an example of the feature in Google Chrome:



To get started you'll want to go to https://LastPass.com/ and sign in then hit Bookmarklets. If you're a new user -- go through the installer, then use your LastPass plugin to get all your passwords working before setting up the bookmarklet.

We've also improved m.LastPass.com as part of this process to have a login simply activate your session, and your bookmarklets, rather than try to immediately download and decrypt all your data -- this is far more workable if you have hundreds of accounts, like many of you LastPassers do.

A number of people have asked how to setup iPhone here how it's done:

Jan 6, 2009

New Notification Bar Preference

We received feedback from some users that the notification bar that is shown you when you have multiple logins at a particular site was distracting because it pushed the page down.

With the release of v1.42, LastPass now gives you the ability to show the notification bar at the bottom of the page rather than the top. To try it out, simply click on the toolbar and open Preferences. On the advanced page, click on the 'Show notifications below browser' option.

Let us know what you think and keep the suggestions coming!

Jan 1, 2009

Protect yourself online: A New Year's resolution

The arrival of the New Year often brings resolutions for self-improvement - exercise more, work less, eat better, etc. But have you considered adding protect yourself online to that list?

LastPass recommends that you use a unique, strong, random password for each of your online sites. No more using your pets name or your birthday for your password. No more using the same password for each site. That simply isn't secure.

By spending a little time now changing your existing passwords to strong ones, you will reap the benefits for years to come.