Feb 10, 2012

Resolutions Recap: Share Your Feedback!

Over the course of the last 6 weeks we've shared 10 "New Year's Resolutions with LastPass" posts, detailing how you can improve your security with LastPass this year and get the most out of what our password manager has to offer.

In case you missed them, here's a quick summary of the topics we covered, with a link to each blog post:
  1. Run the LastPass Security Check
  2. Organize Your Vault
  3. Replace Weak and Duplicate Passwords
  4. Root Out Insecure Account Data, Store Miscellany in Secure Notes
  5. Generate Your Answers to "Security Questions"
  6. Revamp Form Fill Profiles with These 4 Tips
  7. Update Your Account Email Address
  8. Generate OTPs to Use on Untrusted Computers
  9. Check Out Multifactor Authentication Options
  10. Strengthen Your Master Password

We'd like to know:

Did you find our posts helpful?
Did you follow any of the recommendations to improve the security of your account or try new features?
Have they inspired you to recommend LastPass to your friends and family?
Are there other questions or LastPass features you'd like to see covered?

Please share your thoughts and experiences below!


The LastPass Team

Feb 8, 2012

Resolutions with LastPass: #10 Strengthen Your Master Password

For the last installment in our resolutions series, we wanted to touch upon an important aspect of using LastPass: the strength of your master password. At LastPass, we've always touted we're "the last password you'll ever need". With only one strong password to remember and a host of customizable security options, you can let LastPass take care of the rest. So it goes without saying, then, that your LastPass master password should be strong and unique while still memorable.

Test the strength of your master password today by running the Security Check, located in your LastPass Icon menu, under the "Tools" menu. Once complete, you can scroll down to "How strong is your LastPass master password?" section.

The strength meter uses an algorithm that measures unique characters as well as number of different characters such as letters, numbers, symbols, including uppercase and lowercase. Your master password remains secure since the check is done entirely locally.

Less than satisfied with your score? Consider updating your master password. One of our recommendations for creating a strong, unique master password is to break down a memorable phrase into letters, numbers, and symbols.

For example, let's take: "I got 99 problems but a password ain't one". Thinking of memorable characters to assign to the phrase, we could end up with: "Ig96pZb@pwA1". And voila - a 12-character random password that you'll remember because you can say it to yourself as you type out the character that's associated with each part of the phrase.

If you want to update your master password, you can do so by going to "My LastPass Vault", launching the "Account Settings" link, and entering a new master password in the field. Practice logging in a few times with the new master password to ensure you'll start committing it to memory!

The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Feb 6, 2012

Resolutions with LastPass: #9 Check Out Multifactor Authentication Options

If you're looking to increase your security with LastPass, we strongly encourage you to take advantage of our multifactor authentication options.

Multifactor authentication simply refers to adding a second piece of information that must be submitted before allowing access to your account. After entering your LastPass email address and master password, you would be prompted to submit the information from another, often physical, device. This means that even if someone compromises your master password, they can't gain access to your account without the second form of authentication.

LastPass offers several options for multifactor authentication. Some are part of the basic free version of LastPass, while others are offered as a Premium feature:

Google Authenticator (Free): Once you've installed the app on a supported smartphone and added your LastPass account to the app, you simply launch the Google Auth app and enter the generated key in the browser dialog when you're logging in to your LastPass account. See our help article for more information about getting started with Google Authenticator.

Grid (Free): Grid works by generating a spreadsheet of random values that resemble a Battleship grid. Once enabled, you'll be prompted to find four values from the spreadsheet and enter them to gain access to your account. See our help article for more information about getting started with Grid.

Sesame (Premium): Once enabled for your account, Sesame generates secure One Time Passwords (OTPs) for you to login to your account. The feature can be run from a USB thumb drive, and you have the choice to copy the OTP to the clipboard or launch the browser and pass the value automatically. See our help article for more information about getting started with Sesame.

YubiKey (Premium): A YubiKey is a key-sized device that you can plug into your computer's USB slot to provide another layer of security when accessing your LastPass Account. YubiKeys are immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors. The key can be purchased from Yubico and bundled at a discounted rate with LastPass Premium. See our help article for more information about getting started with the YubiKey.

Fingerprint and Smart Card Readers (Premium): LastPass has support for a small selection of fingerprint readers, including Windows Biometric Framework, and experimental support for smartcard readers.

Three other things to note about multifactor authentication:
  • You can mark your personal device(s) as "trusted", so you do not have to enter your multifactor authentication data every time you login in that location. When you go to a device that is not saved as trusted you will then be required to submit the second form of authentication.
  • You can permit mobile access to your data to ensure you can continue using the mobile apps even with multifactor authentication enabled. You can then restrict mobile access to specific devices to prevent unauthorized access on any "untrusted" mobile devices.
  • Enabling multifactor authentication will bump up your "Security Check" score by 10 points.

We hope you'll try one of our multifactor authentication options for increased security with your LastPass account!


The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.