Dec 29, 2010

LastPass for Windows Phone 7 Has Arrived!

LastPass is now available for download in the Windows Phone 7 marketplace!

Once installed, the app allows you to view your vault and search for your saved sites:

After logging in to your account, a small menu appears at the bottom of the screen, allowing you to select "launch mode", in which tapping a site launches it in the embedded browser, or "details mode", in which tapping a site allows you to view the data saved in the site entry.


There are some known limitations with the app; autofill will only work on sites that use javascript, an issue which we hope Microsoft will address. The app is also currently read-only, which means you can't add or change site data, although we will adjust this for future releases.

Thank you for your patience as we resolved issues and pushed forward through the approval process!

Dec 14, 2010

Windows Phone 7 Update




We have had many users ask us when the Windows Phone 7 app will be available and our response for the last month or two has been 'any day now'.

Unfortunately, it is still not available today. As a team that prides itself on trying to be quick to deliver LastPass on the newest platforms and devices, we feel like we owe an explanation to all users who have been eagerly waiting.

As you might already know, Windows Phone 7 is nothing like the previous Windows Mobile devices. They changed everything, including the distribution model for apps. All installs must go through Microsoft (similar to Apple's control of iPhone apps) and all apps must be first approved. This is where the major holdup has been.

LastPass hasn't received much help during the submission process. Attempts to inquire about more details regarding app rejection were unhelpful. That makes fixing problems difficult when we are unable to reproduce on our test device. We were also told we would have to pay money to talk to an engineer about bugs we believe are their own.

But as long as we think we are making progress, we will continue to submit and push forward. Stay tuned!

Dec 2, 2010

LastPass Acquires Xmarks!


In our efforts to bring you expanded, go-anywhere access to your data, we're excited to announce that LastPass has acquired Xmarks! It's a great opportunity that not only ensures the survival of the Xmarks add-on, but will also enhance our mission to provide the best data-syncing tools out there.

Xmarks, formerly known as Foxmarks, provides the world’s leading browser add-on for cross-browser bookmark sync that has successfully grown to over 4.5 million users syncing more than 1 billion bookmarks across 5 million computers. Xmarks has become an integral part of the browsing experience for millions of users, and you can rest assured that we will continue to expand the service in the coming months.

Xmarks is transitioning to a "freemium" business model, the same model that allowed us to grow into a thriving, profitable business. The browser add-on and the vast majority of what users have enjoyed will remain free. Users can then opt to purchase Xmarks Premium for $12 per year, which includes new enhanced features like Android and iPhone mobile phone apps, priority support, and more. The Xmarks and LastPass Premium offerings are also available bundled together at a reduced subscription rate of $20 per year. For current LastPass Premium users, this means you can upgrade today for only $8 more per year.

We believe the acquisition will prove to be a success because of the common mission shared by LastPass and Xmarks. Xmarks complements LastPass' vision of secure, universal access to the information that gives you entry to your digital life. As the ultimate cross-browser, cross-platform team, Xmarks and LastPass will work together to help more people simplify their digital lives and access their data from anywhere, at any time.

We're excited to welcome Xmarks to the LastPass family, and hope you will support both of these great services through your business and your Premium subscription. For more information, please check out the FAQs.

The LastPass & Xmarks Teams

Nov 24, 2010

LastPass for Opera 11 is here!


Now that extension support has been added with Opera 11, we're excited to announce that we have a plugin for Opera!

Given that Opera 11 is still in Beta there may be a few kinks for them to work out, but the plugin has the same functionality as the other browser add-ons. Now you can easily access all of your favorite sites and other stored data!

You can head on over to the Opera extensions gallery to download: https://addons.labs.opera.com/addons/extensions/details/lastpass/

Nov 19, 2010

Tip: Be Prepared for Travel Mishaps with LastPass!


There are few worse traveling experiences than losing your wallet, with the accompanying process of canceling cards and replacing personal IDs. So before you head out of town this holiday season, make sure that you're prepared for the worst by creating Secure Notes in LastPass.

Add Secure Notes for the credit cards, debit cards, driver's license, and other important documents, such as your medical card, that you'll be taking on your trip. Use the templates to document customer service phone numbers, security codes, account numbers, and other necessary information. If you lose a card, or your whole wallet, you'll not only have a record of the missing item(s), you can efficiently report and replace everything. You can securely log into your LastPass account on the hotel's computer, a friend's laptop, or your cell phone to safely and quickly access the data you need. LastPass will be there to help get you through and let you enjoy the rest of your trip.



Have a LastPass tip of your own? Share your thoughts, or send us your experiences at support@lastpass.com.

Oct 18, 2010

Computerworld Reviews LastPass

Robert L. Mitchell, a National Correspondent for Computerworld recently compared 4 password managers pitting LastPass against RoboForm, 1Password, and Clipperz.

The article provides in-depth commentary on how the latest breed of password managers are providing users access to their data anywhere and at anytime. It highlights availability, security, and usability as being critical factors to consider when deciding on which password manager to use.

From the article:
I consider LastPass to be the overall winner. Security products should be easy to set up and use, and as unobtrusive as possible, or people just won't use them. LastPass does well on all counts while working on Windows, Mac, Linux and most smartphone platforms.

It was the only product to automatically populate and submit my credentials to a Web site as soon as I surfed to a Web site -- no button-clicking required. It has a few nice features, such as an analysis of your existing passwords for weaknesses and an option to automatically delete passwords stored insecurely by your browsers. It can store a local copy of your data on all mobile and personal computing platforms, and it offers the added protection of two-factor authentication.

You can read the complete article here: 4 password managers offer security anytime, anywhere

As a follow-up to the article, Robert L. Mitchel wrote a detailed blog post recommending the use of LastPass' two-factor authentication products.

From the post:
Of the four password management programs I reviewed this week, LastPass was the only one to support two-factor authentication...

Two-factor authentication can provide an extra layer of security for laptops that travel with you on the road or if you plan to access your password database from unsecured machines, which could contain malware...

You can read the complete post here: Protect your passwords with two-factor authentication

Oct 6, 2010

LastPass How-To: Replacing a Site's Old Password with a LastPass Auto-generated One

So you've run the LastPass Security Challenge and now you know which of your passwords are "weak". You also know that replacing your old passwords with ones that you've auto-generated with LastPass will help you better protect your accounts.

Wondering what the next steps are?

LastPass tries to make it as painless as possible to replace old passwords. We’ll use a demo Gmail account to show you how to update the password for a site that you've already stored in your LastPass Vault with a new, randomly generated password.

Open the Site's Personal Settings

To begin, login to the target site and access the account settings or preferences page where you can change your password. In the case of a Gmail account, we have to go to the 'Personal Settings' section:


When you launch the ‘change password’ page, you will usually be asked to enter your old password and then a new password twice.

Fill Your Current Password

When you focus on the ‘Old password’ field by clicking on it, LastPass will prompt you with a notification bar. Select 'Fill Current' to fill in the current password you have stored for the site:


Generate a New Password

After clicking ‘Fill Current’ and autofilling your old password, you can then click ‘Generate’ from the same notification bar to create a random, unique password.

LastPass will pop a dialog box, where you can even click "Show Advanced Options" to specify the number and types of characters the new password should include:


Click ‘Accept’ to store the newly generated password in your LastPass Vault.

Autofill the New Password Fields

By clicking "Accept", LastPass also autofills the ‘New password’ and ‘Confirm new password’ fields with your newly generated password:


Save Your Password Update

Now click ‘Save’ on the website to submit the changes to your account. After clicking ‘Save’, LastPass will prompt you to either ‘Confirm’ that change or ‘Save New Site’:



By clicking on ‘Confirm’, you will tell LastPass to swap the new, generated password for the old one stored for the site. ‘Save New Site’ creates an entirely new entry for the site with your previous username and the new, generated password, while leaving the old site entry, with your username and previous password, intact.

If you choose not to 'Confirm' or 'Save New Site', the generated password will have its own entry in your Vault and you can manually replace the old password in your site entry.

The next time you login to your site, LastPass will autofill with the new, generated password. Now you really have no excuses to up the strength of your stored sites!


Have more how-to article requests? Send us a note at support@lastpass.com with your idea, and we may just cover it!

Sep 29, 2010

We've Released Version 1.70 - Check Out What's New!

We've just released a new version (1.70.0), and we're excited to announce the addition of several new features:

Secure Note Templates

LastPass Secure Notes has been radically improved to help you store and easily organize all of your confidential information. Templates for Bank Accounts, Credit Cards, Passports, Software Licenses, and many more have been added. Check out our latest screencast to see it in action:



Form Fill Support for More Languages (Beta)

We've added the ability to use our Form Fill feature with Spanish, Japanese, French, German, Italian and Portuguese. It's still in beta which means we're continuing to make it more robust, but we hope it will enhance the browsing experience for our users.

Camino Browser Support on Mac (Beta)

Although still in beta, Mac enthusiasts who use the Camino Browser can now have access to their vault! You can install it via the Safari link on our download page.

Extension for Dolphin Browser HD on Android

This one's a bit of old news already, but Premium LastPass-ers can now use the extension on the Dolphin Browser on their Droid!

Internet Explorer 9 Support

If you have already upgraded to the latest version of IE, or are planning to upgrade soon, LastPass now fully supports Microsoft's latest browser version.

Firefox 4 Support on All Platforms

If you're a technophile and love running the latest and greatest beta builds, you'll be happy to hear that LastPass now fully supports Firefox 4.

Track Sharee Changes (Beta)

Using LastPass to share sites and secure notes with friends, family, and coworkers just got easier. If you're a Premium user, you can now use our new beta Share feature to track, view, and accept changes made by sharees.

YubiKey Dvorak Keyboard Support

Use your YubiKey with LastPass Premium without having to switch back and forth between QWERTY and Dvorak keyboard layouts.

Generate Secure Password on iPad

In our efforts to continue improving our tabbed browser on the iPad, we've added the Generate Secure Password feature! The latest update is still pending approval by Apple, but we're hoping it will appear in the iTunes store within the next week or so.

Other Fixes, Improvements, and Features

We add dozens of fixes, improvements, and minor features on a daily basis. If you've emailed us in the recent past about an issue, be sure to upgrade as it's very likely we've fixed it! You can also view further changes in our release notes.

Sep 24, 2010

LastPass Adds Support for Dolphin HD on Android

LastPass has just added support for the Dolphin HD mobile browser, available on Android 2.0+. The Dolphin browser is currently the most popular browser on the Android market, and now you can enjoy browsing with multitouch zoom, tabs, and now, your LastPass vault, wherever you go.

To start using LastPass with the Dolphin HD browser, first install the browser from the Android market. After you have the browser installed and running, you can search for the LastPass extension from the Android market, select LastPass for Dolphin, and download and install automatically. Once you've installed LastPass, click on the LP icon and you will be prompted to sign in with your username and Master Password. Once you're logged in, you can fill forms and enjoy the convenience of having your passwords securely autofilled as you browse on the move.

LastPass for Dolphin HD is available today for all Premium customers. If you'd like to know more about LastPass Premium, we have a comprehensive features list on our website.

Aug 23, 2010

Another Glowing Review for LastPass

LastPass was recently the topic of discussion on WHTC's Computer Talk, as part of an episode focusing on passwords and computer security. For anyone who listened to Steve Gibson's overview of LastPass, the content and message of this show will be familiar; the hosts generally agree that LastPass is the best valued password manager currently on the market. Where this clip differs is that the CEO of LastPass, Joe Siegrist, is interviewed live and answers several common questions regarding our software and philosophy. Definitely worth a listen!

Jul 21, 2010

LastPass Gets the Green Light from Security Now!'s Steve Gibson

From the beginning we’ve touted LastPass as ‘secure password and data management.’ We’ve insisted that only you have access to your LastPass data, since only you hold the key that can decrypt your data. We’ve upheld that we employ localized, government-level encryption (256-bit AES implemented in C++ and JavaScript) with one-way salted hashes to give you complete security as you sync your passwords through the cloud.

But – what does that mean?

Well, it means that we developed the LastPass password manager so that the following three points hold true:

1. All encryption and decryption happens on your computer.

When you create your LastPass account, an encryption key is created on your computer (your Master Password, or MP, and email go through a complex, irreversible process known as hashing to form your encryption key). Any sensitive data you then save to your account is ‘locked up’ by the encryption key while still on your computer, then sent in encrypted form to LastPass’ server.

2. The sensitive data that is harbored on our servers is always encrypted before it’s sent to us, so all we receive is gibberish.

Since the encryption key is locally created each time you submit your MP and email, all that we store and have access to on our servers is your encrypted data. Without your unique encryption key, your sensitive data is meaningless gibberish. Even if someone were to mandate that we provide a copy of our database, the data would still be unreadable without your encryption key.

3. We never receive the key to decrypt that data.

The unique encryption key formed from the hashing of your email and MP is never sent to our servers. We never, for any reason, would ask you for your MP, so the key remains safely with you.

Not satisfied?

Well, don’t just take our word for it: industry expert Steve Gibson recently reviewed us on his Security Now! podcast. After an hour-long, in-depth analysis of what LastPass is, how it works, and what it can do, Steve applauded our security measures and gave us his seal of approval.

"This thing is secure every way you can imagine. And it's simple," Steve says at one point. "I've completely switched my entire solution for managing passwords, after spending days researching it and testing it and playing with it, over to LastPass."

He goes on to declare that we've "really nailed it. I mean, I don't see a single problem with this."

Thanks Steve! We've tried to cover every security angle we can think of - and we continue to add improvements based on user feedback.

There's also a follow-up episode where a few questions from listeners regarding LastPass are addressed in detail.

We’ve embedded the video below so you can listen to the discussion of LastPass, starting around the 50th minute.




Jun 26, 2010

LastPass IE Anywhere Is Here!


We've just released our latest LastPass Premium offering: IE Anywhere!

The IE Anywhere application lets you automatically login to saved sites and fill forms anywhere, at anytime, without having to install a browser plugin. It's free for all LastPass Premium users and is available for immediate download from the LastPass website!

Once copied to a USB drive, IE Anywhere allows you to use LastPass on the go or with your favourite Internet Explorer-based browser . It provides all of the dependable features of LastPass you rely on but without requiring that you install any software onto your computer.

After downloading IE Anywhere to a USB drive, you'll be able to:

Use LastPass with Internet Explorer on any computer without installing any software whatsoever.
Access your LastPass account even on computers you are not allowed to install sofware on (e.g. while at work or at Internet cafes).
Use LastPass with IE Tab in Firefox, Sleipnir, Maxthon, and other browsers based on IE.
Access and manage your sensitive LastPass account data without leaving a trail behind - no files are created and nothing is stored in the Windows registry.

More information about LastPass IE Anywhere is available at the
LastPass IE Anywhere Manual.

If you're already a Premium user, you can download the app directly from the
LastPass IE Anywhere Download

Jun 23, 2010

Native Extension for Safari 5 Released


Some early coverage already leaked to Lifehacker and Download Squad, but now we can officially announce it - we've added a native extension for Safari 5 on Windows and Mac!

Once installed, LastPass appears as a small, grayed-out icon in your toolbar:


Clicking on the icon allows you to login as normal, and from there you can access all regular features of the plugin. Any time you need to access a LastPass feature, simply click on the icon and navigate through the dropdown toolbar:


In order to install LastPass for Safari 5 on Mac or Windows you'll have to enable extensions. If you haven't done so already, follow these steps:

From the Gear Icon on your Safari menu bar, select Preferences:

Click the Advanced tab and check 'Show Develop menu in menu bar':

Close Preferences. Now that the Develop menu is shown in your menu bar, click on it and select 'Enable Extensions':

If you re-open Preferences, the Extension tab is now visible, and you can now manage your Safari extensions!

Jun 22, 2010

New Release for LastPass Tabbed Browser for iPad


Version 1.68.6 of our tabbed browser for Apple's iPad was released to the iTunes Store yesterday!


New features include:

  • Better progress notifications -- now has a bar indicating approximate page loading state
  • Autologout of LastPass on close
  • Prevent caching
  • User Agent override support -- you can get the desktop or the mobile version of sites.
  • Optional Image Blocking for faster loading
  • [Toggle] showing/hiding passwords when editing from vault to make it easier to copy

Resolved issues include:

  • Fixed potential crash in Save All
  • Potential multiple tabs opening for a single link
  • Performance improvements
Thank you for all of the feedback, we continue to make improvements and add features that will increase functionality.

We know many of you would love to use Safari - we would if we could, but it's still not possible right now. We do provide Bookmarklets for Safari which is the maximum functionality currently possible in the native browser. Thanks for your support in working around these limitations!

Jun 9, 2010

LastPass for Safari 5 on Mac OS X


LastPass 1.68.4 has been released for Safari 5 on Mac OS X. If you haven’t upgraded to Safari 5 yet, you should be prompted to do so. If you’re already on Safari 5, you will need to redownload in Safari and run the installer package.

We're currently hard at work on a native extension using Safari 5's new extension support through the Safari Developer Program.

Using Safari 5 on Windows? For the moment, installing bookmarklets is the best option until we have cross-platform support.

Stay tuned – we’ll update the blog with more information when we get closer to a release of the new plugin!

May 12, 2010

You Asked For It: iPad Sneak Peeks!

Here's a few screenshots from our upcoming iPad application:




You'll notice at first glance that it looks like a browser - and that's because it is! LastPass for iPad is a fully featured, tabbed browser supporting all the rendering modes and plugins that mobile Safari does, with the addition of full LastPass integration. Accessing your secure notes, automatically filling forms, adding new sites, and most major features of the desktop version are supported, with more features on the way after our first release. We've also listened to your concerns and revamped the UI for this version. LastPass iPad will hopefully be submitted and approved for the App store in the next couple weeks.

May 6, 2010

Stumped on a Mother’s Day Gift? Give the Free Gift of an Easier Online Experience!

If your Mom is still using yellow Post-its to keep track of her login information, or even worse, using the same password for everything, show her that there’s an easier way. Helping your Mom to get started with LastPass will be the gift that keeps giving: simplify her life and save her time every day while making her more secure online and off.


Your Mom may think that she doesn’t have that many accounts, but trust us, she does. You can help her setup and store her email, bank, car insurance, home insurance, mortgage, Netflix, credit card, AAA, Amazon, airline memberships, PayPal, Ebay…the list gets longer every year. Not to mention you can help her securely save notes on pins, account numbers, and access codes for everything from bike locks to a Barnes&Noble membership.


How can LastPass help to make Mom’s online experience easier and safer?

  • Never lose another password. By saving all of her login information to her LastPass Vault, she will only have one Master Password to remember.
  • Stop typing in passwords. Edit her LastPass settings so that she is logged in automatically whenever she visits a saved URL.
  • Streamline online shopping. Does Mom shop online frequently? LastPass allows her to autofill registration, billing and shipping forms with one click.
  • Keep sensitive data secure. She would be the only one with access to her LastPass password, and only she can unlock her data.
  • Separate work and home. Create an Identity for work and home and then assign sites, form fill profiles, and secure notes to one or the other.

Does your Mom prefer to browse and shop on her phone?


By upgrading to LastPass Premium for $1 a month, Mom can access her LastPass vault from her cell phone. So no matter where she is, she can view, add, edit, and delete her sites using all of the same great features.


Show Mom you love her by making her life a little easier and keeping her safe online.

Create a new LastPass account for your Mom, learn about the benefits of upgrading her to LastPass Premium, and then purchase her a premium account today!

[Photo credit: ErinM]

Apr 29, 2010

New Release Available!

Earlier this week, the LastPass team released version 1.68.0 that introduced a number of new features, performance improvements, and numerous bug fixes. Here are a few of the highlights:


-A local vault page for Chrome/Safari. This provides much faster access than the online vault since your data is already local and decrypted. This can be accessed by using the 'My LastPass Vault' menu item.

-URL Rules for limiting logins to specific subdomains, paths. This has been requested by many people, and we listened. Your rules can be configured here.

-In addition to the local vault, Chrome and Safari received many features that brings their functionality more closely inline with Firefox and IE (such as notification bars for form fill/generate password, replace site functionality, etc).

-We also tried to make it easier for our volunteer translators to access the tool and begin to help. As we said many times, we greatly appreciate their help.


A complete list of new features can be found here.

Feb 26, 2010

RSA, Google IO, and other updates

We'll be roaming the expo at the RSA conference http://www.rsaconference.com/2010/usa/ Scott will be there for the week, and Joe will be there Tuesday and Wednesday (March 2nd and 3rd). If you're out there and would like to meet, please send us an email: sales@lastpass.com

We'll be demoing at Google's IO event, May 19th-20th in the developer sandbox: http://code.google.com/events/io/2010/sandbox.html If you're planning on attending stop by and introduce yourself.

Our enterprise effort is developing nicely, one of the most exciting features is creating a 'Role' that contains all the sites you want a particular user, or set of users to have, and the capability to share those sites with your users in a completely seamless, yet secure manner. Here's an initial video of the capability:



If add and delete sites in the roles those changes are reflected automatically, we're still finalizing synchronization of changes back to the admin, but it's coming soon. If you want to see if LastPass can solve your enterprise password challenges please contact us: https://lastpass.com/enterprise_contactus.php

Feb 2, 2010

Are you at risk from the Twitter phishing scam?

TechCrunch reported today that Twitter has locked many users out of their accounts this morning requiring them to reset their password due to concerns of a possible phishing attack: VIEW TECHCRUNCH ARTICLE

The real panic for users isn't so much that their Twitter accounts might have been compromised, but rather that they might have used the identical password with other websites.

If you used LastPass to automatically login to Twitter you are immune from the above mentioned phishing attack since LastPass will only auto-fill and auto-login to sites with a matching domain name. LastPass knows never to send your confidential information to any rogue site that is trying to impersonate twitter.com.

Phishing attacks on popular email and social networking sites seems to be dramatically increasing with no end in site. LastPass users should go one step further in protecting themselves against the next large scale phishing attack: take the LastPass Security Challenge to see what other sites might be at risk from duplicate passwords and then use LastPass to generate secure random passwords to protect your online identity.

Jan 6, 2010

The LastPass Security Challenge and 1.64.4 released

Make one of your New Years resolutions greater security; take the LastPass security challenge:


As you may already know there has been another high profile release of millions of plain text passwords, in this case RockYou had 32 million users passwords in plain text, downloaded with a simple SQL Injection attack.

It's clear millions of plain text passwords are going to keep being taken. If RockYou hadn't been publicly exposed they may not have even known! SQL Injection attacks often don't leave a lot of traces of what occurred.

With every password you use an employee at the site or hacker could obtain it if the site doesn't use a non-reversible hash to store your password. If they don't properly salt the hash you could still be quite vulnerable despite the site operators believing they implemented things the right way (see: http://en.wikipedia.org/wiki/Rainbow_table ). If you use the same passwords on multiple domains you're opening yourself up to your password being taken at one site and used at another.

The security challenge will download and decrypt your data (locally as always), then compare it to a number of known poor passwords, and show you which domains you use the same password on. It'll help you protect yourself from these attacks in the future. LastPass will give you a score so you know how well you're doing and keeps track of your score history so you can track your improvement.

We'd recommend using Firefox or IE to update your sites, as the 'Fill Current Password' + 'Generate' notification bar hasn't been added to Chrome or Safari yet.

1.64.4 adds the security challenge to the menus (under Tools), and includes some long requested features: IE can run in 'tool button' mode, IE and Firefox share login state, better updating process in IE better menus in Chrome and more.

If your IE asks you to download more than once, please reinstall via: https://lastpass.com/lastpass.exe