Jan 13, 2012

New Year's Resolutions with LastPass: #5 Generate Your Answers to "Security Questions"

While the password generator is key for diversifying and strengthening your account passwords, it's also a great tool for providing answers to common "security questions" for your accounts.

Security answers are often included as a second form of login verification or as part of an account recovery process, most frequently with online financial institutions and email accounts. Although many sites have made an effort in recent years to increase the obscurity of the security questions (at least, we hope they're generally better than this), the fact remains that the answers to common security questions are more accessible than ever before. Even if you're not a high-profile target, by generating answers with the LastPass password generator you'll help reduce the risk that someone may use security questions to compromise your accounts.

When registering for new sites that require an answer to a security question, it's simple to quickly generate an "answer" and add it to the new site entry stored in LastPass.

Let's say you're signing up for a new Gmail account. After going through the set-up process, we go into the account settings to create a security question & answer for account recovery purposes.

After selecting a question from the drop-down options, we go to the LastPass Icon, choose the Tools menu, and open the "Generate Secure Password" feature:
When the dialog opens, you can check "Show Advanced Options" to customize your generated password:

Click "generate" to create a new password with your customized options, then "copy" to copy the password to your clipboard. Go back to the security answer field, and paste the generated password. After confirming that your new answer is accepted by the site, you can go to your LastPass Icon, click on the site name listed at the bottom of the menu, and open the "edit" dialog. Paste the generated password in the Notes, also noting which security question you chose.

If you know you're using personal information for security answers, set aside some time to login to those accounts, generate a new "answer" with LastPass, and store the update in your site entry. Accounts for online banking, email, social media, and credit cards are all good places to start.

Generating answers with LastPass doesn't directly affect your Security Check score, but it will improve your overall online security.

The LastPass Team

Jan 11, 2012

New Year's Resolutions with LastPass: #4 Root Out Insecure Account Data, Store Miscellany in Secure Notes

LastPass allows you to condense all of your login data to one secure yet accessible account. This removes the need for you to rely on documents with lists of passwords, browser password managers, or worst of all, those sticky notes taped to the bottom of your keyboard or posted around your office and home.

Take a few minutes to track down any remaining password files that have not been imported to LastPass. If you still need the login or data, add it to LastPass before deleting or shredding the file.

Places to look for passwords include:
  • In your browser password manager, typically located under the browser's Tools menu.
  • In Excel files on your personal and work computers.
  • Notebooks, planners, and amongst your general paperwork.
  • Scraps of paper pinned to message boards, or taped to the computer, keyboard, or mouse pad.
  • Emails sent to you by the sites you use. A number of sites still email plain-text versions of your password and other account information. Once you've confirmed the site is stored in LastPass and the password is a generated one, delete the email.
  • Notes made to Outlook "Contacts".
  • In text messages, logs of chat conversations, and other digital correspondence. Consider the Share feature if you need to send login information to family, friends, or coworkers.
Consider adding other scattered personal data to LastPass as a "backup file" to help with future emergency situations. If you're carrying it in your wallet or could potentially need the information while traveling, a LastPass Secure Note makes a good storage option.

Types of data to "backup" to LastPass may include:
  • Credit cards, including customer service telephone numbers and account information linked to the card. If lost or stolen, you can pull up the secure note, and quickly cancel the card.
  • Passports, with contact and address information for the nearest US Embassy, and other data needed to replace a lost or stolen passport.
  • Frequent flier IDs and hotel loyalty cards.
  • Health insurance IDs and other medical record information to help make filling out forms at the doctor's, dentist's, and other offices a breeze.
  • Metro passes and associated account information.
  • Gift cards or coupon codes for online accounts.
  • Pins, lock numbers, and other access codes, for both digital and real-world locks.

We hope our tips help reduce some of the e-clutter that accumulates from your online accounts, as well as increase your security by reducing the risk that someone happens across login information left lying around. With the go-anywhere accessibility of LastPass, you'll also ensure you have records of your accounts and personal data when you need it most.


The LastPass Team

Jan 9, 2012

New Year's Resolutions with LastPass: #3 Replace Weak and Duplicate Passwords

With a newly reorganized vault and the results of the Security Check in hand, let's roll up our sleeves and go through the steps to update those weak and duplicate passwords.

We recommend starting with important passwords - online banking, email addresses, online shopping accounts with stored credit card information - that are critically weak (the bar is red in the results) or that share passwords with other logins. Set a goal to work on a handful of accounts at a time, over several days or weeks if needed, until all passwords are at a 'strong' level. This is likely the hardest resolution on our list, but an important step to increasing your online security with LastPass.

To start with the most critical areas first, we want to pay attention to the Security Check results that display the number of duplicate passwords, the number of sites with duplicate passwords, and the number of weak passwords:

The Security Check's detailed results makes it easy to identify these problems and correct them. The sites are ranked from weakest passwords to strongest passwords, with the weakest showing a shorter red bar, and the strongest showing a longer green bar.

As we've shown before, updating a site's password requires logging into the site itself, then using LastPass to go through the password change process. By clicking "visit site" next to the weak password in the Security Check results, LastPass will take us to the login page for that entry:

For example, if a Gmail login is very weak or is currently the same as another password, we'll click "Visit Site" and be directed to the Gmail login page, where LastPass will autofill the data:

We can then navigate to Gmail's "account settings" page, where we can access the page to change our Gmail password:

On the password change page, LastPass will present a notification bar, allowing you to first autofill the existing password, and to then generate a new password. Note that when you click the "Generate" button, you can check the "show advanced options" box to customize the length of your password, and the types of digits, characters, and letters that will be included in the generated password.

When the fields are complete, save the account changes. LastPass will present another notification bar, asking you to confirm the change to an existing account, or to save a new site entry. When clicking "confirm", a dialog will appear allowing you to select the entry to which you want to apply the change.You should then repeat this process with every site that contains a weak or duplicate passwords, working your way through the Security Check results. Note that, after updating the username or password for a site stored with LastPass, you can go to the "edit" dialog and click "History" to see a record of changes made to the entry:

We hope the article provides a helpful push for you to remove duplicate and update weak passwords. You're well on your way to topping the Security Check!

The LastPass Team