Oct 9, 2014

LastPass Enterprise Is Now RSA Ready

https://lastpass.com/enterprise_overview.php


LastPass Enterprise, used by 8,000 companies to help employees manage passwords and secure logins, has joined the RSA Ready Technology Partner Program and now supports RSA SecurID as a second factor of authentication.

RSA SecurID is a “token” (hardware or software) that’s assigned to a user and generates codes at fixed intervals that are unique for that user. Until now, RSA SecurID has focused on internal system access. With the new integration with LastPass, companies can expand the benefits of RSA SecurID across all platforms.

By pairing SecurID with LastPass’ Enterprise password management system, companies can help lower the threat of password misuse, mitigate the risk of breaches, and improve compliance organization-wide.

Once RSA SecurID is enabled on a LastPass Enterprise account, users are first prompted for their LastPass login (their email address and master password) and are then asked to enter the RSA token code. Since new codes are constantly generated (typically every 60 seconds), user accounts are better protected from attacks.

Over 40 million people and 30,000 companies are already using RSA SecurID, providing the opportunity for many to maximize their investment by pairing RSA SecurID with LastPass Enterprise.

LastPass Enterprise administrators can configure RSA SecurID from the Enterprise Admin Console, and will need to open up RADIUS access to LastPass' servers.

Get started with a free trial today to see how LastPass Enterprise can help you and your team be more productive and secure, or reach out to our Sales team with any questions.

https://lastpass.com/enterprise_trial.php

Oct 8, 2014

Getting More Done on Android Has Never Been So Easy

With the LastPass app for Android, the only thing you have to worry about is your LastPass master password, and LastPass takes care of the rest.

Logging in to an app? LastPass fills it for you.
Browsing on Chrome mobile and need to login? LastPass fills it for you.
Have a fingerprint reader on your phone? Add it to LastPass as a PIN code alternative.

Everywhere you go, LastPass is there to streamline your mobile experience. See it in action:



For more details on how to set up and get started with these features, check out our video tutorial. (And if you're an Apple user, see our post here for great new features on iOS, too!)

Our latest update to the Android app supports Shared Folders for both LastPass Premium and LastPass Enterprise users. Universal access and real-time updates are a priority for us, and these new features give you easier on-the-go access to data and the ability to change settings at a moment’s notice.


You can open the “Manage Shared Folders” feature from the menu on the top right of the vault (or your device’s menu button). From there you can create new Shared Folders, add users to the Shared Folders, edit permissions, and remove users from the folders. Add logins to the folders by changing the "Folder" field in the site "edit" menu.

Shared Folders and the logins added to them will sync automatically to the vaults of any LastPass users given access to the Folders.

Other updates include changes to reduce the network and memory usage of the app, to help you save even more battery life on your smartphone.

And in addition to our existing support for the fingerprint readers on Samsung phones and tablets, we’ve also added support for the Synaptics fingerprint readers that other manufacturers are now adding to their phones, like the new XOLO Q2100.

The update is now available in the app store! The LastPass Android app is part of our Premium service for $12 per year and our Enterprise service for teams. Both have a free trial so you can check out the features first or upgrade today to sync LastPass to all of your mobile devices.

https://lastpass.com/go-premium

Oct 7, 2014

7 Ways to Make Your LastPass Account Even More Secure

So you know you should be using strong passwords to protect your online accounts. And you ran the LastPass Security Challenge to help you keep improving your passwords.

But did you know there are even more security features in LastPass that can help you better protect your account and the data you store in it? Check out these seven security features, and challenge yourself to enable at least one today:

1. Lock Down Your Account with Multifactor Authentication


Multifactor authentication, or two-factor authentication, requires that a second piece of information be entered before allowing access to your account. This essentially creates another barrier to entry if someone’s trying to gain unauthorized access to your account.


LastPass supports 10 multifactor authentication options, so choose the one that works best for your workflow and enable it in your LastPass Settings in your vault. If you have a smartphone, we recommend checking out Duo Security, Toopher, or Google Authenticator. For LastPass Premium users, we recommend checking out the YubiKey.

2. Restrict Access to A Specific Country



Lock down your account by only allowing access from a specific country or countries. For example, if you only ever login from the US, then you would restrict access to the US. Open the “Settings” menu in your LastPass vault to adjust your restrictions. If you plan to travel, just be sure to add any new countries before you leave, and remove them when you return!

3. Logoff Automatically When You’re No Longer Browsing


Keep your LastPass account safe from prying eyes by setting it to logoff automatically. In the LastPass browser extension icon, you can launch the Preferences menu to enable the autologoff options. You can set LastPass to logoff automatically after a set period of time when the browser is either closed or goes idle.

4. Reprompt for the Master Password 

 


LastPass can also prompt you for your master password when you take specific actions (viewing a password, editing secure notes, etc) or when you’re launching specific websites (such as banking or billing logins). The password prompts help protect your account from prying eyes, should someone start browsing while you’re still logged in to LastPass. Turn these prompts on in the LastPass Settings menu from your vault, or edit a specific login in your vault to reprompt on a site-by-site basis.

5. Monitor Account Activity with Security Notifications



LastPass can alert you to certain actions taken within your account, which can help you confirm changes you made as well as identify any unauthorized access to your data. In the Settings menu in your vault, go to the “Security” tab to manage your email preferences, where you can enable the alerts for master password changes, email address changes, site login username or password changes, and more.

6. Keep LastPass Activity Hidden with a Secret Email Address


Rather than have LastPass send critical account notifications to your primary email address, you can set up a secondary, secret email address that is only used as a security email for LastPass.


Once you add this email address in your Settings under the “Security” tab, this means that any sensitive notifications, such as those for account recovery or disabling multifactor authentication, will be sent to the security email address rather than your primary email address. So even if someone gets access to your primary email address, they won’t be able to login to LastPass if you’ve locked it down with a strong master password, multifactor authentication, and an obscure security email address.

7. Combat Keylogging with One Time Passwords


If you know you’ll be traveling or using an untrusted computer, like that in a library, hotel, or even at a friend’s, use a “throwaway” password to login to your account. The throwaway password, or one time password, works exactly like it sounds - the password that’s generated for you can only be used to login to your account once.


Generate the throwaway passwords by clicking the menu at the top right of your vault and launching the one time passwords page. You can generate as many as you need and print off the list to be carried with you. When you login at www.LastPass.com you can choose the One Time Password login option, and type in one of the OTPs. This protects you from keylogging by allowing you to bypass entering your master password with the secure one time password.