Feb 3, 2012

Resolutions with LastPass: #8 Generate OTPs to Use on Untrusted Computers

Logging in from a hotel computer while on vacation? Checking your email from an Internet cafe? Need to briefly use LastPass on a library or university computer? Then you should generate some One Time Passwords and carry them with you!

If you need to access your LastPass data while away from a trusted device, but are hesitant to do so because of potential keyloggers, LastPass provides One Time Passwords (OTPs) as one option for securely logging in to your account.

One Time Passwords are temporary passwords that grant one-time access to your LastPass vault. Once an OTP is used, it can never be used again. The OTP also prevents your master password from being stolen by keylogging software because you don't need to enter it when logging in with an OTP.

While you still have access to a trusted computer, go to the OTP management page: https://lastpass.com/otp.php to generate and print your OTPs. You must also be logged into the LastPass browser addon to manage your OTPs. From this page, you will see links to Add a New One Time Password, Clear All OTPs, or Print your OTPs:

To add OTPs to your list, click the "Add" link. Once you've generated a few OTPs, you can click the "Print" link to carry your OTPs in your wallet, or a copy of them can be carried with you on a portable USB thumb drive.

When you're ready to login to LastPass from an insecure computer, you can revisit the OTP management page to login with one of the OTPs on your list:

Even if the OTP is captured by malware, the password will not allow access to your account in subsequent attempts because it expires after you login with it once.

If you know you'll need to login to LastPass on an insecure computer, be prepared by generating and printing some OTPs!

The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Feb 1, 2012

Help Us Celebrate "National Change Your Password Day"!

Yep, you heard us right - National Change Your Password Day, an impromptu initiative by the teams at Gizmodo and Lifehacker. In the last few days they've worked to drum up some anticipation for, let's face it, perhaps the most groan-worthy day of celebration possible.

But that aside, we support their quest to spread better password practices and to push the idea of a password manager as the only efficient way to do the password thing right.

We know it's difficult to inspire change for how we handle passwords. After all, who wants to spend the time and energy worrying about them? There are so many reasons not to try - we're busy, we're lazy, we don't think it will happen to us, and besides, we have our one or two strong passwords that we use everywhere, right?

But there's one good reason to put some thought into passwords today, and that's LastPass. LastPass centralizes your account data, makes it easy to generate strong, unique passwords, helps you easily login to your sites, and ensures you have your data where you need it, when you need it.

So in honor of National Change Your Password Day, could you do two things for us?
  1. Run the Security Check (via the LastPass Icon, under the Tools menu select 'Security Check') and commit to updating just 1 weak password today, and
  2. Tell someone about LastPass, and how it's changed your life.

Help us #bethepasswordchange today for a more secure tomorrow.


The LastPass Team

Graphic courtesy of Lifehacker.com

Jan 30, 2012

LastPass 1.90 Released for All Browsers, Featuring Import & Export of WiFi Passwords

As many of our users may have already noted, a LastPass addon update for all browsers has been rolled out, with a few big and small changes.

On Windows and Mac OS X, LastPass can now pull WiFi passwords from your computer and save them as a new type of "Secure Note". To do so, locate your "Tools" menu under the LastPass Icon, select "Import" and choose "WiFi passwords":

Selecting the WiFi Passwords import option generates separate secure notes for each WiFi network, and stores the passkey and connection type for each. On Windows, you can then export the WiFi passwords onto other computers! The process does require a WiFi connection to import and export, and for Windows requires a separate executable that's only added when you run the Windows installer. Please see our helpdesk article for more information on using the new feature: http://helpdesk.lastpass.com/getting-started/importing-and-exporting-wi-fi-passwords/.

Also on the list of updates and improvements are:
  • HSTS support on LastPass.com for all browsers,
  • A universal installer for OSX,
  • Support for the autocompletetype attribute,
  • For Enterprise, sites can be added to, removed from, and shared between Shared Folders much more easily,
  • And a number of performance and functionality improvements.

More exciting updates on the way!


The LastPass Team