May 24, 2013

How to Manage Hundreds of Passwords with LastPass

Our pick for this week's question for the LastPass team:

What's the best workflow for managing hundreds of passwords and accounts? - David P.

Once LastPass becomes the hub of access to your online life, the number of stored accounts and data in general will grow. Organization becomes essential, and there are a number of tricks that will help you more easily manage your data and get the most out of LastPass as your password manager.

Organize Sites into Logical Groups

As you add sites to your vault, logical "groupings" of your data will likely emerge.
To get started with grouping your sites:
  • Click the "Create Group" button on the left of your vault to add a new group
  • Drag-and-drop individual site entries from one group to another to re-organize them
  • Create group names that differentiate by category, such as "Shopping", "Financial", or "Social"
  • When saving new sites, click the "Group" field to choose an existing group or create a new one
  • Create "subgroups" within groups to further divide your sites

Create Identities for Different Environments

If you're using LastPass in different environments, such as a personal computer and a work computer, Identities will help you separate your data based on what you need access to in each environment. To get started with Identities:
  • Select "Add Identity" by going to the "Identities" tab in the vault
  • Create a name for your Identities to easily distinguish between "Home", "Work", etc.
  • Move all relevant data from your main vault to the new Identity
  • When you switch to a different identity, from the dropdown in the LastPass vault, only data available in that identity will be filled as you browse, filtering out anything you don't want to see in your vault
  • Edit an Identity at any time by clicking the "edit" option in the Identities tab

Use the Right-Click Menu Options for Quick Changes

As you continue to add more data to your vault, you can keep up with your organizational system by dragging and dropping your sites between groups, or by using the right-click menu options to quickly move your data or make changes.

Right-click on a group name to re-name it, create a subgroup within that group, or delete the group to remove all sites stored in it.
Right-click on a site name to move it to edit, delete, or move the site to a new group or subgroup.

These are just a few tips to better organize and manage your data in your vault. What tips would you share for managing hundreds of passwords with LastPass?

Have a question for the LastPass team? Let us know in comments or send us a note at marketing[at] If we choose your question, you'll get a Tshirt!

May 23, 2013

Twitter Releases Two Step Login Verification

Twitter has officially released multifactor (otherwise known as two step) authentication for logging in to user accounts. The company announced on Wednesday that it now supports SMS-based multifactor authentication to verify accounts. This method involves setting up a designated phone number with the Twitter account, so that each time the user wishes to login to the account they are sent a text message with the randomly-generated code that they must enter before gaining access to the account.

We strongly encourage anyone using Twitter to get started with their login verification today. To do so:
  1. Visit your Twitter account settings page.
  2. Select "require a verification code when I login".
  3. Click on the link to "add a phone" and follow all prompts.
  4. After you've enabled the login verification, you'll be asked to enter the six-digit code that Twitter sends to your phone via SMS each time you try to login.
They also created a great short video on getting started:

The only downside we currently see is that Twitter does not support "page admins" at this time. A company must have one Twitter login to manage a brand page, unlike Facebook and G+ that allow individuals to have their own logins who then have admin access to manage a brand page. This means that the company must enable the login verification set-up with one particular phone, and ensure that whoever needs access to the brand's Twitter account has access to that phone.

In general, though, we applaud Twitter for releasing two step authentication, and it seems to reflect a greater trend of services implementing improved security options for their users. And we agree with Twitter's previous statements that companies and individuals also have a responsibility to follow best security practices, which includes the use of a password manager and following through on enabling available security options. We hope to see brands and individuals taking advantage of the new offering.

Will you be enabling Twitter's two step authentication option? Share your thoughts in the comments below.

May 20, 2013

Network54 Hacked: What You Need to Know

Network54, a host of online communities and message boards, confirmed on May 17th that it was hacked via a SQL injection attack, affecting 2.4 million emails and passwords. LastPass has partnered with Network54 to encourage their user base to utilize a password manager moving forward to help mitigate any potential risks of future hacks.

Enter your email address in our tool here to see if your Network54 account was affected. Even if you don't recall signing up for an account, we strongly recommend checking.

The tool asks you to enter your email, then computes its SHA-1 hash, then sends the result to to search our list of the leaked email hashes. A hash is a mathematical function that is simple to perform in one direction but is difficult to reverse, meaning it would be difficult to re-construct the email address that you enter into the LastPass tool. The hash will not be stored or logged.

Unfortunately it appears the passwords were stored in the clear, so we strongly recommend that anyone affected update their account password immediately, and work to update any other weak or duplicate passwords for other accounts.

The LastPass Security Challenge will help you identify any weak or duplicate passwords stored in your LastPass account, so you can launch those accounts and go to your settings to update the stored password. Use LastPass to generate a long, unique password, and save your changes to the account itself and to your site entry in LastPass.

Want to learn more about increasing your security with LastPass? Check out these related blog posts:

Get Proactive With the LastPass Password Generator
Multifactor Authentication: What It Is and Why It Matters
How to Create a Secure Master Password