Dec 15, 2012

Give the Gift of Better Security and an Easier Online Life!

Would someone in your life benefit from a password manager that helps them generate secure passwords and fills all their data in for them as they browse?

Good news! This year, give them the gift of LastPass: https://lastpass.com/gift.php

From our new gift page you can purchase one or more years of LastPass Premium for one or more people. You can choose to forward the upgrade links directly to your lucky recipient, or you can have LastPass send the emails for you. It's that simple!

Your recipient will then have full access to all LastPass features. For more information on Premium features, be sure to check out our user manual.

From all of us here at LastPass, thank you for your business and your loyal support. We wish you and your loved ones a happy, peaceful, and secure 2013!

Happy Holidays,
The LastPass Team

Dec 14, 2012

LastPass for Windows 8, RT Updated

We have a brief note today on an update to LastPass for Windows 8/RT!
The new release has a couple minor performance improvements, but the major change is fix for a bug that caused the app to crash on login for users with a large number of sites stored in a single group.

If you were experiencing this behavior, please update to the latest version available on the Windows Store. Remember to leave a rating of the app on the store if you're happy with the new update!

Nov 26, 2012

The Windows 8 App Gets An Update!

Since the last update to the Windows 8 app, we've added even more requested features and improvements!

Of note in the latest version:

  • Grid is now supported as another multifactor authentication option
  • The "save password" option has been restored, and we added a PIN code option (configurable from the settings charm) to protect access to the app when you have "save password" enabled
  • Offline access to your vault is now available - note that you must login to the app at least once with online access, before your locally-stored, encrypted cache of your data is available without an Internet connection
  • An account creation wizard for new users, so you can create an account right from the app
  • Showing and accepting pending shares (for Enterprise users)
  • Additional time intervals for the "do not prompt" option 



For those currently using the LastPass app, you'll see that we now default to show the appbar when an item is selected in the vault, instead of immediately launching the site, after users reported trouble figuring out how to select an item so they can get see the edit and copy options. If you want to revert this option, you can so so at any time in the app's settings. 

Let us know your thoughts in the comments below - and be sure to leave a review in the app store!

Nov 13, 2012

PCMag Declares LastPass A "Best Product of 2012"

PCMag recently published its list of "Best Products of 2012", and we're honored that LastPass has made the list!

The team at PCMag has compiled a list of the 99 products and services that they deemed the best of the best this year - and just in time for the holidays.

A majority, including LastPass 2.0, have received the Editors' Choice Award this year, but the article goes on to note that only four products on the list have earned 5 stars, mentioning: "That's a perfect score, a rare accomplishment. This rating is not given lightly: It means our analysts deem the product bulletproof."

We're proud to say, LastPass is one of those bulletproof products!

We're thrilled to be recognized as a leading security service and the choice password manager. As always, we continue to work hard to provide a quality product, with valuable features, for free, to make online life a whole lot more manageable. We're especially thankful for our awesome users for their ongoing use and promotion of LastPass.

Cheers!
The LastPass Team

Nov 8, 2012

Use Twitter? Time to Change Your Password.

Update: Twitter has now confirmed in a blog post that it was a technical error, rather than an issue of compromised accounts, indicating that "In this case, we unintentionally reset passwords of a larger number of accounts, beyond those that we believed to have been compromised. We apologize for any inconvenience or confusion this may have caused." We apologize for any alarm caused by our post in our effort to alert users to any potential threats.

Reports are now circulating that Twitter may have been hacked. Although no official statement has been made by Twitter at this time, a large number of users are already being forced to go through a password reset process following reports of compromised accounts with spammy posts and DMs.

For those whose accounts appear to be affected, Twitter is forcing you to submit one of three pieces of personal information when attempting to login - your phone number, email address, or Twitter handle. After providing the data, a password reset email is immediately sent to the user:

The email contains a link to a page where you can create a new password, although it doesn't request the old password or require you to enter the new password twice. It does seem phishy, but from what we can see, if you're forced to go through this process you can't log back in to your account until you follow these steps.

Details are still emerging about the situation and whether it's truly a "hack", but we highly recommend that all users update their Twitter passwords. Use LastPass to login, and update your Twitter password with a new one generated by LastPass. Run the LastPass Security Check (located in the Tools menu of the browser addon) to check if you are re-using your Twitter password on other sites. If you are, we highly recommend you change those as well.

Because no official dump of user's passwords has been reported, LastPass Sentry will not currently alert you if you have been affected. If you're new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.

We'll keep you posted on any further updates that emerge.

Nov 1, 2012

LastPass for Windows 8 Gets an Update!

An update to the LastPass Windows 8 app has been published to the Windows Store and is now available for download!


As we promised previously, we've added a number of improvements, including:
  • A favorites folder in the vault
  • The password generator
  • Support for password reprompt settings for editing and filling sites
  • Improved appearance of the master password reprompt dialog
  • A "do not prompt" option to the master password reprompt dialog
  • Adding the appbar to the browser, with a more obvious way to return to the vault and log out
  • Automatically showing the appbar for new accounts, to guide you on what to do next
  • A warning on login if caps lock is on
  • A server-side change to enable shared folders and linked personal accounts for Enterprise users
In addition to reviewing initial feedback from users, we've also implemented a number of minor improvements and fixes, such as a parsing error reported by some new users and a fix for type-to-search activating when master password reprompt dialog is showing

What do you think of the update? Let us know in the comments below - and be sure to leave a review in the app store!

Oct 19, 2012

Know Someone Who Needs a Password Manager? AllThingsD Recommends LastPass

In the market for a password manager, or know someone who is? Bonnie Cha, senior reviewer at AllThingsD, recently published an overview of the top three password managers and recommends LastPass overall!

We all know we're supposed to use unique, strong passwords for all of our accounts - and a password manager helps you achieve that, without any extra headache. It also makes logging in to your favorite sites completely effortless. In her video review, Cha mentions that LastPass is a good option because "it's easy to use, and it's free, and offers more than enough features."

So if you're looking to spread the word on password management, or are on the fence yourself, read through her write-up here, or watch her video review below:


If you were to recommend LastPass, which feature would you highlight?

Oct 15, 2012

LastPass Sentry Now Checks Your Entire Vault!

We recently introduced LastPass Sentry, a new feature to help LastPass users be more proactive about their online security by alerting them when their email address is included in the latest breaches of online sites and services (think LinkedIn).

We're excited to announce that LastPass Sentry is now also supported as part of the LastPass Security Challenge! The update means that a full check can be performed locally against your entire LastPass vault to look for accounts that may have been affected by a breach, in addition to the ongoing monitoring of your LastPass account email address.

How LastPass Sentry now works:
  1. Sentry still performs daily checks, with the latest updates to the PwnedList database, to see if LastPass account email addresses are on the list.
  2. If a match is found, an email notification is sent to the LastPass user, notifying them of the domain that was breached and the potential risk. 
  3. Users can also run the LastPass Security Challenge (from the LastPass Icon's Tools menu) and select the option to look for breaches of their stored accounts. 
  4. If any matches are found between the PwnedList database and the data in your vault, notifications are sent to the affected email addresses with information on the breach and a reminder to update your passwords.
  5. We then recommend updating the password for any affected accounts, and any other accounts using that password (which the Security Challenge will help you identify), using LastPass to generate a new, strong password.
As we mentioned previously, the feature is available for all free and Premium users, as well as corporate Enterprise users. In the case of Enterprise users, both the Enterprise administrator and the affected employee will receive notifications that a match has been found.

We plan to continue increasing the frequency of our database checks to work towards real-time notifications and further enhance the service to provide ongoing value to our users.

What do you think of the update to LastPass Sentry? Leave your thoughts in the comments below!

Oct 11, 2012

How Will You Make a Difference for Cyber Security Awareness Month?


Did you know that October is National Cyber Security Awareness Month (#NCSAM)? It's an initiative to help spread awareness of cyber security threats and educate the public and private sectors on topics of online safety and security. There are a number of ways you can get involved with the NCSAM initiative and make a difference in your community.

But as a LastPass user, you already have the power to make a big difference. How? By taking advantage of the features LastPass offers - and helping others learn about secure password management and LastPass.

Want to make a big difference in someone's online life today? Recommend LastPass.

It takes 30 seconds and your effort may earn you Premium credit for your LastPass account. It also gives you that warm fuzzy feeling that you've helped someone else master their passwords.

Together, we can fix the password problem.

How are you using LastPass to support Cyber Security Awareness Month?


Oct 1, 2012

LastPass For Windows 8 Is Here!


With just under a month to go until Microsoft releases Windows 8 and Windows RT to the general public, LastPass is officially ready for the new platform, with the LastPass Windows app now available in the Windows Store!

The LastPass app provides access to all of your stored data and the core functionality of the password manager, but some features are more limited due to the nature of the platform.

Tips for Using LastPass in Windows 8:

  • Launch the app and login to automatically sync your stored data. 
  • The first folder in your vault will be displayed by default, but you can use semantic zoom (click the button in the lower-right corner) to view all folders or scroll horizontally through all folders and stored sites.
  • Right-click (or swipe up) on the lower part of the vault to access the app bar, with options for adding a site, adding a note, refreshing sites, or logging off.
  • Right-click (or drag down) a site name in the vault to access the edit, delete, and copy username & password functions.
  • Left-click or tap a site name to launch the login within the LastPass app, where LastPass can fill your usernames and passwords. 
  • If you have more than one matching login for a site, click or tap the LastPass icon to select another entry.
  • In the LastPass embedded browser, the icon is always visible in the top-right corner, where options are available to open the vault, fill forms as you shop, use the Save All Entered Data function, and fill matching logins. 
  • The app is integrated into search, which means you can start typing in the LastPass vault to intiate search or open the Charms menu to enter a keyword to quickly find matching login information. 
  • From the Charms menu you can click or tap "settings" to set a time limit for "autologoff after idle".

Known Limitations of the App:

  • YubiKey and Google Authenticator are the only multifactor authentication methods currently supported.
  • There is no generate secure password option - we anticipate adding this with the next release.
  • Fill form profiles cannot be added, edited, or deleted.
  • LastPass cannot hook into Internet Explorer unless you're in IE desktop, so copy-paste from the LastPass vault to the browser or elsewhere is the only workaround (bookmarklets aren't an option either).
  • Global LastPass account settings aren't accessible in the app, so you'll need to use the desktop version to manage your account.

More Improvements to Come!


This is the first release for Windows 8, so let us know what you think in the comments below!

[Update] Users must be running Windows 8 RTM to see the LastPass app in the Windows Store and run it on their computer. If you're running the Release Preview or Consumer Preview versions, you'll need to upgrade to the official version of Windows 8, through MSDN or at time of general release on October 26, to use LastPass on Windows 8.

[Update 10/26] An update is currently pending release by Microsoft with some awesome improvements. Keep an eye on the blog to know when it's published!

Sep 28, 2012

The LastPass Autofill Menu in Chrome Gets a New Look!

For those of you using LastPass with Chrome you may have already noticed some changes with a recent update to the LastPass addon - the LastPass autofill menu is now searchable!

The drop-down dialog is also wider to provide a better overview of matching logins, including username and time of last use. As you start typing out a username or other keyword, the selection autosorts to narrow your choices.

It's a small tweak, but one that aims to make the autofill menu more usable for those with dozens of matching logins for a given site.

The updates have also been pushed to Safari, and will be pushed to Firefox and Internet Explorer in the near future.

Tell us what you think in the comments below!

Sep 18, 2012

LastPass Featured on TIME's 50 Best Websites List!

TIME has just published it's annual list of the top 50 sites and services, and we're honored that LastPass made the cut - first, no less! (Okay so it's not ordered, but we'll take it.)


But on a serious note, we're thrilled to be recognized as the leading password manager, and we continue to strive to provide a top-notch service that helps make online life a whole lot more manageable. And as always, we're thankful for our awesome users for their ongoing use and promotion of LastPass.

Cheers!
The LastPass Team

Sep 17, 2012

Introducing LastPass Sentry: Always on the Lookout for the Latest Breach

In response to a number of high-profile breaches (including LinkedIn, Last.fm, and the Apple UDIDs), we've provided LastPass users with tools to check if their data is on the leaked lists, and have notified users directly as we've discovered their compromised data. We wanted to take this a step further, and partnered with a company dedicated to finding and aggregating all leaks as they're occurring, to provide a much more comprehensive service.

Today we're excited to announce our partnership with PwnedList to offer LastPass Sentry, a new feature that will help LastPass users be more proactive about their online security.

With LastPass Sentry, we'll use PwnedLists's comprehensive (and growing) database of 24 million publicly leaked usernames and passwords to perform daily "checks" against LastPass account email addresses to look for positive matches.

How it works:
  1. Sentry performs daily checks, with the latest updates to the PwnedList database, to see if LastPass account email addresses are on the list.
  2. If a match is found, an email notification is sent to the LastPass user, notifying them of the domain that was breached and the potential risk. 
  3. Users can then run the LastPass Security Challenge to verify if the password for the breached site is used elsewhere.
  4. We then recommend updating the password for the affected account, and any other accounts using that password, using LastPass to generate a new, strong password.
The feature is available for all free and Premium users, as well as corporate Enterprise users, and is currently opt-out via the email notifications. In the case of Enterprise users, both the Enterprise administrator and the affected employee will receive notifications that a match has been found.

We're excited that the feature has already generated positive feedback. LastPass Enterprise customer Matthew Wittkin of MoreVisibility commented, "LastPass already helps us to better control and protect our digital assets. With this new feature, our administrators and employees know immediately if any company passwords have been compromised, allowing us to update them within seconds. We hope nothing like this will ever come to pass, but it gives me extra peace of mind knowing that, with LastPass, I'll be the first to know!"

We have plans to further integrate the service into the LastPass security challenge, so we can check not only the email address that you use for your LastPass account itself, but perform a local check of the entirety of your stored data. We also plan to increase the frequency of our database checks to work towards real-time notifications.

What do you think of LastPass Sentry? Leave your thoughts in the comments below!

Sep 4, 2012

Apple UDIDs Compromised: What You Need to Know

News broke this morning that AntiSec publicly posted 1,000,001 Apple UDIDs (Universal Device IDs) allegedly retrieved from an FBI computer. The group claims that in addition to a supposed 12 million UDIDs, it also gathered usernames, device names, push tokens, zip codes, cell phone numbers, and addresses for the corresponding UDIDs in the original leak, although they were not made public with the sampling that was posted.

At this point there's a fair amount of speculation about the situation, but we wanted to clarify what LastPass users should know:
  • We released a tool: https://lastpass.com/udid to check if your UDID was on the list. Note that yours could still be one of the alleged 11 million not publicly released, so caution is still recommended.
  • The leaked UDIDs in and of themselves do not pose a serious risk to users. However, there's cause for concern when UDIDs are paired with personally-identifiable information, which the hackers indicate they have in the original data set, although there's no proof at this time. Combined with your name, address, mobile number, and the types of Apple devices you own, identity theft and social engineering are potential threats.
  • Apple has moved away from allowing apps to utilize the UDID for their own purposes, but has only recently enforced this on updates. Services could still be utilizing the UDID as their entire authentication, which means you enable a certain device (UDID) to have access to the service. An attacker who has your UDID could gain access to those accounts, it's likely not highly sensitive data but could still pose a risk to tracing a UDID to a specific individual.
  • The leak is not a threat to LastPass user accounts. LastPass used to utilize the UDID as a secondary factor for logging in on iOS, instead of your standard secondary factor (ie your YubiKey), but late last year we switched to a random identifier that we store on the device that is independent of the UDID, and all old UDIDs were disabled.
The best steps LastPass users can take at this time:
  • Although passwords were not on the list of data supposedly compromised, it's never a bad time to check that your passwords are strong and unique. Run the LastPass Security Check (in the LastPass icon's Tools menu) to identify any weak and duplicate passwords, and prioritize updating them.
  • Consider enabling the free credit monitoring service to monitor for any signs of identity theft.
  • Enable multifactor authentication for added protection of your LastPass account.
  • Do not give any personal information to anyone purporting to be from Apple or other services unless you explicitly contacted them, whether via phone, email, or notifications on your device.
We'll continue to monitor the situation and update our users if any other details come to light.

Aug 24, 2012

For the Love of Passwords: Thoughts on Ars Technica's Post & End-of-Week Link Round-ups

If you missed it, Ars Technica's Dan Goodin wrote a fascinating article this week on why passwords have never been weaker -- and crackers have never been stronger. Goodin explains the importance of unique, generated passwords for all of your accounts, tackling concepts like hashing, dictionary attacks, rainbow tables, and salting. The main take-away points:
  • Passwords are less secure than even a few years ago, thanks to advancements in hardware and password-cracking techniques, including the sheer speed at which they can be executed
  • Hackers have created rules and algorithms to cut through our "clever password tricks"
  • It's critical to use a unique password for each site, and a password manager is the best way to achieve this
It's stuff you've heard us say before, but the data he uses to back up the above provides a really convincing argument (if you have the time, the article is worth a read in its entirety).

With a password manager like LastPass, you're well on your way to more proactively protecting your data - the security challenge can also help you identify weak and duplicate passwords, and the password generator can help you set long, unique passwords for each account. Data stored in LastPass is encrypted and decrypted locally, and is protected behind a whole lot of encryption technology, including salted hashes. But above and beyond that, LastPass is also staying far ahead of the threat landscape by implementing PBKDF2, which Goodin notes significantly increases the time and computation required.

A few other articles this week that caught our eye:
What caught your attention this week? Share in the comments below!

Enjoy the weekend,

The LastPass Team

Aug 17, 2012

If You Do One Thing Today To Improve Your Online Security, Do This



The week is winding down and we're sure you're getting excited for the weekend, so here's just one, simple step you can take today to increase your online security:

Update the password for your email address, and make it a secure one.

It may be old advice for some of you, but if you've been putting off the process of strengthening your passwords, don't delay any longer in making your email account's password as strong as it can be. Do. It. Now.

Why? It's a known tactic that hackers target sites with weaker security, to then harvest email addresses and passwords that they can test against other, more popular (and important) sites. With rampant password reuse, it gives easy access to critical accounts where you've used the same login details. There have been an unending stream of database breaches in the last several months, and the login information for tens of millions of people have been posted on the web.

For most people, their email account is a window to their personal, financial, and even work life, so it's critical to (1) use a unique password and (2) to use as long, strong of a password as you can manage, which means it can't be guessed and isn't dictionary-based.

LastPass can obviously help there, by generating a long, secure password for you, then remember it so you don't have to - it's as easy as a few clicks. Now you really don't have an excuse!

There are many more elements that go into being proactive about protecting your data, but it's a good starting step. If you're looking for even more ways to increase your online security, check out our round-up of security tips & tricks from the past week:

11 Ways to Make Your LastPass Account Even More Secure via How-To Geek
10 Online Security Tips for Gen Y via Mashable
Turn on Two-Factor Authentication via Lifehacker

And now you can relax just a little bit more this weekend!

Best,
The LastPass Team

Graphic courtesy of Lifehacker.com

Aug 8, 2012

Want to Up Your Online Security? Follow These Steps Now.

If you haven't seen the recent reports of Mat Honan's devastating hack, it's a powerful tale and one worth reading in its entirety. It's in part a cautionary tale about the current security practices of online services, but given that and other recent breaches, his situation raises bigger questions about what we can learn from the situation and how we can prepare ourselves moving forward.

There are two overarching messages we want LastPass users, and the web community at large, to take away from the story:
  • Proactiveness and preparation are key in mitigating risks of attacks, and
  • Protect your email account like your online life depends on it, because it pretty much does these days.
And a password manager like LastPass can help with both. Here's how:
  1. Change the password for your email account(s), now. We have seen alarming statistics on the number of leaked passwords out there, including leaked email username and password combinations. A password generator like the one built into LastPass allows you to create unique, long, strong passwords for each of your online accounts. The LastPass security challenge can also help you identify any weak and duplicate passwords still lurking in your vault. One account's password compromised = all accounts compromised that use that password, or that give access to the password reset functions for other accounts.
  2. Protect your email account(s) with multifactor authentication if possible. Google has increased efforts to encourage all Gmail users to set up multifactor authentication. If your email service offers the option, enable it as soon as possible. You'll ensure that just knowing the password for your email account will not be enough to let someone in.
  3. Replace answers to "security questions" with obscure, non-personal responses. Truthfully answering security questions can put you at risk for social engineering. Use a password generator or create bogus answers that you can then store in a note in LastPass - if you do ever need to reference it, you'll have access to the bogus answer, but you'll ensure that your personal information can't be used against you.
  4. Set up multifactor authentication for your LastPass account, now. By adding multifactor authentication to your LastPass account, you're requiring another piece of secure data to be entered after you submit your master password, but before you can gain access to your stored data. So even if your master password is somehow captured, by a keylogger or even by someone you thought you could trust, you'll keep them locked out because they won't have that second piece of login data.
  5. Create a "security email address" for your LastPass account. Although protecting your primary email address(es) should be a high priority, you can set up an obscure email address to be used in the case of account recovery, multifactor authentication resets, and other critical changes to your LastPass account.
  6. Run the Security Challenge, and get proactive about your security fitness level. Located in the Tools menu of the LastPass addon, the Security Check allows you to keep an eye on weak and duplicate passwords, and reminds you of ways to improve your overall online security (such as #4 above). Take full advantage of LastPass security options, like autologoff on browser idle and restricting IP address to certain countries.
Remember, LastPass is just one tool you should have in your arsenal, but one that can help you be proactive and mitigate potential risks. You should also be following standard practices like avoiding the use of open WiFi, running up-to-date antivirus software, avoid using public computers, and always backup your data - but that's a post for another day.

We highly recommend all LastPass users follow the above steps, and as soon as possible. We also call on your help in spreading the word about secure password management to family, friends, and coworkers who would benefit from the ability to achieve higher security standards while making their online life easier. If you want to recommend LastPass, you can do so here: https://lastpass.com/friendemail.php and receive Premium as a thank you!

The LastPass Team

Aug 1, 2012

Increase the Security of Your LastPass Account with Two New Options

At LastPass, we're always thinking of ways to better protect users and offer security options that allow users more fine-grained control over the protection of their stored data. That's why we've added two new security options now available to LastPass users in the account settings dialog, which can be opened from the LastPass vault: the ability to restrict logins to selected countries and to disable access from TOR.

Restrict Login to Select Countries 

 


This option is pretty straightforward - you can check one or more countries from which you wish to allow access to your LastPass account. When selected, you can only login to your account from an IP address that originates from the countries you permitted.

The setting is not checked by default, but we do recommend using it as another layer of protection. You can later adjust it if you'll be traveling and need to access LastPass abroad.

Disallow Logins from TOR

 


If you're not familiar with TOR, it was originally developed for protecting US government communications but is now used for a variety of purposes, by normal people, the military, activists, and others for secure, anonymous use of the web.

Because TOR has been associated with hackers who employ it to stay anonymous, and since the majority of LastPass users don't have a reason to use TOR, you can now disallow logins from TOR. We recommend checking this option if you never use TOR. The setting is not selected by default, but if you haven't logged in to LastPass via TOR over the last 30 days, you'll see the option will then be checked in the settings dialog.

Enabling and Disabling the New Settings


All LastPass users will now see the new security options in the settings dialog, accessible from the LastPass vault when you're logged in.

If you're in a pinch and need to disable either setting, you will see an error message when logging in that points you to a URL where you can follow the steps to disable the setting(s) by using email. Remember, if you've enabled a security email address for your LastPass account, the disable emails will be sent there instead of your account email address.

Multifactor Authentication Is Still Highly Recommended for Added Security


Using multifactor authentication with your LastPass account? You're already well-protected from potential threats that these settings are meant to protect you from, but it's worth enabling the settings for the added protection.

If you're not using multifactor authentication, we highly recommend looking into the available options. There are both free and Premium multifactor authentication options that help you better protect your stored data by requiring that a second piece of data be submitted when logging in to your account.

We continue to look for ways to better protect LastPass users. As always, your security and privacy are our number one priorities.

The LastPass Team

Jul 25, 2012

The Official Winners of the LastPass Sticker Photo Contest!

The votes are in, and LastPass users worldwide have selected their 10 favorite sticker photos!

Several weeks ago we announced a giveaway to LastPass Superfans in our newsletter. The prize was a LastPass sticker, and the mission was to send in a photo of the sticker on your car, your computer, at your desk, at a local sight, or wherever you wanted to show your LastPass love. We then asked LastPass users to help us pick YOUR favorite photos - and here they are!

If you missed it, all entries can be viewed on our voting page: https://lastpass.com/swagvote.php - there were hundreds of entries, with some pretty amazing ones even outside of the top 10 ten picks.

The winners received LastPass Premium and their photos get a shout-out below. You guys certainly have a sense of humor!

#10: "'Wake me up and that will be your LastPass.' Cottage Country new Kenora, Ontario. Just threw the sticker I had received. Bear left shortly after and I was able to retrieve the sticker. Lucky it landed where it did."
#9: "Shh! Don't tell my password!"
#8: "LastPass Bearded Dragon"
#7: "A photo of me wearing my welding helmet watching the rare event of a solar eclipse in Albuquerque, NM 2012. You can't see it in the photo but the moon is in the center of the sun. You can see the reflection of the eclipse to the lower right of the picture. Best part of it all is how the LastPass sticker looks on my helmet. Everyone out there watching the eclips was asking me what the sticker was for. My answer was, 'It's the best Password Manager on this planet and it could be yours, too.'"
#6: "LastPass-ified our server room door."
#5: "In case of compass failure refer to LastPass."
#4: "I love LastPass on my desktop, laptop, iPad, iPhone, and Android tablet. Anywhere I go, LastPass is there!"
#3: "Comparing standard security practices with the amazing security of LastPass."
#2: "The sticker on top of my key ring from work."
and #1: "Keeping your most sensitive assets secure since 2008."

Have a favorite that didn't make the top 10? Tell us which one and why you liked it in the comments below.

We hope you all had fun with it, because we certainly did! Thanks again for sharing the LastPass love.Stay tuned on our blog, Facebook, Twitter, Google+, and our newsletters for future promotions.

Thanks,
The LastPass Team

Jul 23, 2012

Invite Friends to LastPass, Receive Free Premium!


We've noticed that LastPass has spread fastest by word-of-mouth recommendations from our dedicated, enthusiastic users. And since sharing is caring, today we're happy to announce that you can earn LastPass Premium for every person you recommend to LastPass!

Yep, that's right - for every friend, loved one, and coworker you invite to LastPass who then signs up for an account, we'll give you both one free month of Premium!*

From your LastPass vault, you can click the "Tell a friend!" option. You can then get the word out by:
  • Using your email contacts - After you allow access to your Gmail or Yahoo contacts, you can select friends, family members, and coworkers to invite. You can remove someone from the list by unchecking them. You can also manually type someone's email address to ensure they're included.
  • Posting on Facebook or Twitter - Post a simple invitation in one go to suggest that your followers check out LastPass.
  • Sharing your unique referral link - Copy-paste your unique referral link to your blog, emails, personal site, other social accounts, or wherever you'd like! Anyone who signs up for LastPass after using your link will count toward your referrals.
You can return to the page directly at https://lastpass.com/friendemail.php at any time to send out more invites. When someone signs up as a result of your recommendation, you'll get a confirmation email, and one month of Premium will be added to both of your accounts.

You can each rack up a total of 2 years of complimentary Premium - if you want more, you can extend your Premium by purchasing more at any time for $12 per year.

Remember, Premium gives access to our suite of mobile apps for smartphones and tablets, as well as additional security features, LastPass for Applications, and priority support from the LastPass team.

With your help, we can continue to spread the word on how to better manage and secure your online life with LastPass, and help people remember those pesky passwords, no password reuse needed!

Thanks for spreading the LastPass love!
The LastPass Team

*We reserve the right to revoke Premium for anyone who is found to be referring LastPass to fake accounts.

Jul 16, 2012

Stop using the same key for every lock!

Would you use the same key for every lock in your life? Would you hand that key out to every company you ever interact with? Now imagine that making copies of keys are free and instantaneous, storage of the keys with nearly every company is unsafe, and the keys can be used remotely even from other countries. Do you see the insanity of reusing passwords yet? Friends don't let friends reuse passwords. 

In the past week LastPass disabled nearly a thousand LastPass accounts due to users reusing their LastPass master password with Yahoo Voices and Billabong, both of which were hacked and had public releases of username and the associated passwords. 

All the disabled users broke all rules for protecting themselves, the three most important being:
  1. Never use your LastPass master password for any site or purpose.  Your master password is very important.  Treat it as such.
  2. Use LastPass to generate random passwords for every site you use. That way when these sites are hacked you get to laugh about it instead of stress and scramble. LastPass provides a security check to help you validate this.
  3. Utilize the (free) multifactor security options LastPass provides.
We know it's tempting to reuse passwords, that's why we built LastPass. Using LastPass you can get the convenience of a single password (your LastPass master password) without the security problems created when you actually reuse passwords.

Multifactor is your second line of defense, it allows your master password to be compromised without your account being compromised. LastPass provides two free and four Premium options. You can also trust your devices and your computers so you're only prompted for them when you use a new computer.  This allows the convenience you love with the security on top. We'd recommend Google Authenticator (free) or Yubikey (Premium).

While LastPass is doing its best to protect people when we see these public releases, there are many more sites that are hacked that aren't exposed. If you're reusing passwords invest a few hours today to prevent days of heart ache when the next site is hacked.  

Reusing passwords?  Not even once.

Jul 11, 2012

What's YOUR pick for the best LastPass Superfan photo?

Several weeks ago we announced a giveaway* to LastPass Superfans in our newsletter. The prize? A LastPass sticker. The mission? To send in a photo of the sticker on your car, your computer, at your desk, at a local sight, or wherever you wanted to show your LastPass love.

What ensued was an adventure in mailing several thousand stickers all over the world, and some of the best displays of LastPass love we've ever seen.

And now, after reviewing the stickers in-house and selecting our "staff picks", we're asking YOU, LastPass users, to help us pick YOUR favorite photos!

So, head over to our voting page, where you can up-vote 10 of your favorite photos.

We'll let the voting run until 12pm (ET) Friday, July 20th, and we'll officially announce the 10 winning photos the following Monday. The winners will receive a year of LastPass Premium and special recognition on our blog and social accounts.

Let the competition begin!

The LastPass Team

*We will run more giveaways and promotions in the future, so if you missed out on this one, don't fret!

Jul 6, 2012

Are you a UI/UX graphic designer? We're hiring!

We're looking for a talented UI/UX graphic designer to join our team!

At LastPass, we're passionate about technology, about our product and brand, and about how we can help improve people's online lives in a meaningful way. We're a committed, driven team, and we love what we do.

About the job:
  • Improve the look, the feel, and the UX of LastPass & Xmarks, from both the web and within the products themselves
  • Provide graphic assets for marketing programs and other user-facing initiatives
  • Take ownership and responsibility of the product and the brand
  • Work across disciplines with team members, including product, sales, marketing, and support

About you:
  • At least 1-2 years of professional design experience
  • Highly proficient with Photoshop, Illustrator, Fireworks
  • Experience with rapid prototyping tools, wireframing
  • A strong portfolio showcasing design for various form factors and devices
  • Passion for clean design and highly usable interfaces
  • Establish consistent interactions and appearances across all web and mobile products
  • UX training preferred
  • Knowledge of HTML, CSS a plus
  • Proficiency with Prototyper, Omnigraffle, etc a plus
  • Proximity to Fairfax, VA (in the DC / DMV area) preferred

Bonus points if:
  • You love LastPass and/or Xmarks
  • You like Chipotle.

LastPass headquarters are based in Fairfax, Virginia, centrally located near the nation's capital and easily accessible by public transport. Employees enjoy flexible work hours, flexible holidays, and a great benefits package. A weekly company-sponsored lunch outing helps keep the social atmosphere relaxed (see above reference to Chipotle).

Interested? Please contact us!

Thanks,
The LastPass Team

Jul 2, 2012

LastPass iOS Apps Get an Update!

In the wake of our recent 2.0 release, the corresponding updates to the iOS apps are now available! As with our previous releases, the biggest changes to the core functionality of our LastPass for Premium Customers app is support for attachments in secure notes, but the release also features an improved interface and the ability to save sites from within the LastPass browser.

LastPass Wallet also got an update, with improvements to make the attachment and sync functionality more robust.

LastPass for Premium Customers

 

Overall you'll notice the LastPass for Premium Customers app has a new look that's similar to Wallet. Navigation is easier and icons are bigger and more beautiful. What do you think?

As with our other updates for LastPass 2.0 and the Android app, you can also now add documents, PDF files, images, and voice recordings as attachments to your secure notes.

To add an attachment to an existing note in the app, tap the "Notes" tab in the app, and tap a note to open it. Select "Edit" and select an attachment type to then upload an attachment from the device's camera, previously saved photos, or the microphone.
Attachments are synced to any location where you login to your account. Currently, free users have up to 50 MB of encrypted storage, and Premium users have up to 1GB.

The app now also supports saving new sites in the browser, so when you're logging into a new site you'll be able to store it by hitting the "+" button after filling in the login fields.

Any sites added will be stored in your LastPass account and synced back to other locations where you login.

LastPass Wallet

The latest addition to our mobile suite, LastPass Wallet for iOS has also received an update, with improved support for offline changes and general fixes to make accessing and managing your stored data even better.

Availability


Both apps are now available for download on the App Store on iPhone, iPod Touch, and iPad at www.itunes.com/appstore or on your device. While LastPass Wallet is free, LastPass for Premium Customers is still part of our Premium offering.

More awesomeness is on the way!

- The LastPass Team

Jun 22, 2012

LastPass 2.0 "Outperforms the Competition", Still PCMag's Editors' Choice!


We're proud to say we've done it again! Neil Rubenking, Lead Analyst for Security at PCMag, recently published an in-depth review of LastPass 2.0 and again gave LastPass five stars along with PCMag's Editors' Choice for password management. 

Rubenking covers a number of updates, large and small, to the product since he last reviewed it. He notes that, "LastPass 2.0 manages your passwords thoroughly and flexibly, with features that go way, way beyond the competition. Yes, it stores your encrypted data in the cloud, but it's a very, very secure cloud."

Rubenking cites several highlights, including:

We think his overall assessment says it best:

"Make no mistake, when it comes to smooth and flexible password management and a wealth of features far beyond the competition, LastPass still rules and it's our Editors' Choice for free password managers."

With 2.0 we've expanded the types of sensitive information you can store and manage in your LastPass account, and increased the ways that LastPass can play a more proactive role in protecting a user's identity. We're proud to again receive PCMag's Editors' Choice with five stars for our latest update, and we'll continue to work hard to provide a quality product, with valuable features, for free.


- The LastPass Team

Jun 19, 2012

LastPass for Android Gets an Update, Featuring Attachments

As a follow-up to Monday's release of LastPass 2.0, a new version of the LastPass Android app is now available! The biggest change to the core functionality of the app is support for attachments in secure notes, but the release also features enhancements to the LastPass input method and a number of fixes for overall improved functionality.

Note: The new attachment capabilities required us to update the permissions for the app, including camera and audio permissions. As always, encryption and decryption of your data occurs locally on the device, with a key that is never sent to LastPass, providing you a secure storage option with the convenience of universal access.

For you iPhone users, the corresponding update for the iOS app is pending approval by Apple, so watch the blog for updates.

Attachments


You can now add documents, PDF files, images, and voice recordings as attachments to your secure notes. If there are files that you want to keep that shouldn't be stored unencrypted on your device, or that need to be portable, then LastPass is the place to back them up.

To add an attachment to an existing note in the app, tap the note entry in your vault and tap your device's "Menu" button. Select "Add Attachment" to then choose to upload the attachment from the device's camera, the image gallery, or the microphone.
Photos can be taken through the LastPass app and saved as an attachment, or existing images in your gallery can be added to a note for secure, portable storage.

If you choose the microphone option, you will be able to record an audio or voice clip, which is then securely attached to the note for later listening.

Your attachments are then synced to any location where you login to your account. As noted above, attachments are encrypted and decrypted locally with a key that is never sent to LastPass, providing a secure storage option with the convenience of universal access.

Currently, free users have up to 50 MB of encrypted storage, and Premium users have up to 1GB. Attachments are supported on all browser addons and platforms, as well as the Premium iOS apps and the free LastPass Wallet app on iOS - any attachments you add on your Android will be available on all other support browsers and devices.

Input Method Improvements


The LastPass input method is a handy function that lets you autofill into app logins, without copy-pasting from the LastPass app itself. When you're on another app, say Twitter, you can access the LastPass input method by long-tapping on the login field, selecting "Input Method", switching to LastPass, and then using the asterisk button to bring up matching logins for the app.

In our update, when you now press "all sites" to search your list for a matching login, the sites are shown in groups so you can more easily search for the entry you need.
The settings for the input method have also been adjusted to make it more useful. When you have the PIN code enabled and logoff set, the settings now apply to accessing your sites via the input method.

You can also select to remove the input method in general, if you want to disable the feature.

 

And more!


Also introduced in this version is a "Share Page" option in the LastPass browser, so you can easily share content via your email or social media apps.

A number of general fixes and updates have also been included to help make the app more robust and more useful.

If you don't have your LastPass app set to automatically update, you can launch it now to download the update from the Google Play store. The LastPass Android app is part of our Premium offering and can be trialed for 14 days before you're prompted to upgrade.

- The LastPass Team

Jun 18, 2012

LastPass 2.0: Managing and Protecting Your Online Life Just Got More Awesome!

We're super excited to announce the release of LastPass 2.0! We're expanding the core functionality of our password manager while adding significant improvements, both on the front-end and behind-the-scenes.

LastPass 2.0 features:
  • Attachment support for documents and images,
  • Free credit monitoring alerts for users in the United States,
  • A more unified user experience, and
  • Faster start-up time and silent upgrades in Internet Explorer 
There are also countless bug fixes and incremental updates to make LastPass even more robust, more effective, and more awesome for our users.

LastPass 2.0 Feature Spotlights


We're expanding the types of sensitive information you can store and manage in your LastPass account. We're also increasing the ways that LastPass can play a more proactive role in protecting a user's identity.

Why? Because our mission is to make your online life easier and more secure, in a way you can trust, built within a great product, that's available for free.

Attachments


You can now add documents, PDF files, and images as attachments to your secure notes. If there are files that you want to keep that shouldn't be stored unencrypted on your machine, or that need to be portable, then LastPass is the place to back them up.

For example: Let's say you're traveling abroad. To prepare for the trip, store a photocopy of your passport as an attachment in LastPass. If your passport is stolen, you can locate a computer, login to LastPass, open the attachment, and print it. You now have a helpful resource for replacing your lost passport.
Attachments can be added to new or existing notes by clicking the paperclip icon in the edit dialog, and locating the file on the device. Your attachments are then synced to any location where you login to your account. Like all stored data, attachments are encrypted and decrypted locally with a key that is never sent to LastPass, providing a secure storage option with the convenience of universal access. Currently, free users have up to 50 MB of encrypted storage, and Premium users have up to 1GB.

Attachments are supported on all browser addons and platforms, as well as the Premium iOS and Android mobile apps (updates are pending release) and the free LastPass Wallet app on iOS.

Credit Monitoring


We now offer free credit monitoring alerts for users in the United States to help you more proactively protect your identity and personal data. Without impacting your credit scores, you can create a form fill profile and enable the free credit monitoring option.
If any changes are detected that could affect your credit report, such as suspected fraud or changes to your personal account information, you will receive a notification issued from TransUnion that something has happened. You can cross-check this alert with your own actions that may have resulted in the change (did you open a credit card, or take out a loan?). If you haven't done something that would have caused the notification, it's a good opportunity to utilize your free annual credit report (validated by the FTC).

Think of our free credit monitoring alerts as a way to determine when to get your free annual credit report, or simply as a way to receive more timely information than is normally available for free.

If the worst happens and your identity is stolen, or you have a number of alerts that you can't account for, then LastPass Premium credit monitoring is advisable. Available for $9.95 per month, and separate from LastPass Premium, the Premium-level credit monitoring service offers much more detailed reports on what changed and how to investigate or resolve any issues that affect your credit monitoring report.

Why credit monitoring?
  • We are dedicated to defending your data and identity and providing tools that help you be proactive, such as generating unique passwords, securely storing your logins, and using multifactor authentication options to increase the security of your account,
  • We love giving away valuable products for free, and pointing users to valuable resources to help them protect themselves and more effectively manage their identity, and
  • The Premium credit monitoring service offers true value at a competitive price.
Enabling the free credit monitoring alerts in no way obligates you to upgrade. There are no strings attached to the free service, and you can simply use it to receive regular updates or time when to get your annual free credit report (as mandated by the FTC). If you'd prefer not to go through the hassle of getting your free annual report, or want more information on a regular basis, the Premium credit monitoring service is recommended.

For more details, please see our help desk article.

Improved User Experience


Other changes have improved LastPass overall. The vault is now identical whether accessed locally through one of the browser addons, or online through the web login at LastPass.com. Users now have more direct access to LastPass features in both vaults, including more easily adding notes, updating settings and managing stored data. New users will see tabs in the vault outlining available LastPass features and their key benefits.

Faster start up time and silent upgrades in Internet Explorer also ensure an improved experience moving forward.

We've come a long way!


Between our last major release and this one, we've added some big changes to the LastPass password manager. Users who have been with us a long time may already be aware of most, if not all, of these features, but here's a recap of how we've continued to improve LastPass:
  • LastPass Enterprise: Teams large and small can use LastPass Enterprise to build shared password repositories with robust sync capabilities, enforce customized security standards, utilize reporting for auditing and compliance, and reduce time wasted on help desk calls and password resets.
  • LastPass Wallet: Currently available on iOS, Wallet backs up your billfold, with attachments, for free.
  • Multifactor Authentication: We've added support for Google Authenticator, Grid, Sesame, YubiKey, fingerprint scanners, and Smart Cards, all effective ways for you to add another layer of security to your LastPass account and your personal data.
  • WiFi Logins: Easily import and export WiFi passwords from your computer, for convenient sharing and storage.
  • Increased security: By implementing PBKDF2 using a variable, user-controlled setting, we've increased local brute-force protection, and we continue to make updates as we monitor the threat landscape.
  • Support for all major smartphones and tablets: In our promise to offer universal access to your data, we've continued to expand the browsers, platforms, and devices we support, including mobile apps for Android, iOS, BlackBerry, Windows Phone 7, and more. We continue to be dedicated to supporting new platforms and devices as the market changes.
We'd like to say "Thank you!" to all the users who have continued to use and recommend LastPass. More exciting features and improvements are on their way, so as always, stay tuned!

- The LastPass Team