In the world of password managers, LastPass is a highly recognized name that features smart design and simple browsing integration. Users can sync passwords and confidential data across multiple devices and operating systems, which makes LastPass a highly convenient solution. The downside is that the integrity of the service has been questioned since the servers were previously compromised. LastPass is a proprietary solution, which means that it is not open for independent audit. This would raise concerns among users who expect the highest standards of security and privacy. Still, LastPass is easy to use and would be an ideal solution for those who don’t have advanced technical skills. Here is more about this password manager.
Cloud-service based password manager LastPass, uses AES 256-encryption to protect passwords locally and then stores them online. The transfer is done via secure SSL connection and the password stored online is further secured using a random salt and 100,000 rounds of PBKDF2-SHA256. Since encryption/decryption is carried out in your browser and only you hold the master password and decryption key, it could be said that LastPass offers end-to-end encryption. However, password recovery is supported because LastPass makes a password hash out of your master password + username and then sends it to its servers. The master password should be combined with the username and password in order to be recovered.
The incident that raised concerns about the security of LastPass, took place in 2015 when the servers were hacked. No master passwords were stolen since these are not stored by LastPass. However, other data was obtained, including account email addresses, authentication hashes and password reminders. This data could potentially allow hackers to figure out master passwords, although the process would probably take a long time. In addition, it should be kept in mind that if authorities request LastPass to provide this information (which is enough to unveil the master password), they would likely hand it over.
Unfortunately, LastPass has been affected by hacking in the past and information has been previously stolen, which indicates that there are serious weaknesses in the system. Allowing password recovery may be a practical option, but it is also considered as a vulnerability. Furthermore, the fact that information that can lead to the master password is stored in a centralized database, makes the system more likely to be hacked. Since the software is closed source, it is not possible to verify that it actually does what it is meant to.
LastPass states that it doesn’t share personal information with anyone, except to comply with the law and to facilitate the development of their products. Personal data is not stored on their servers, unless you choose the option to store login history or other functionality that requires them to keep information stored. In order to use the Android app, you would need to agree to a large number of permissions, which is another reason of concern. On the bright side, LastPass provides detailed information explaining why each permission is needed. In the end, you would need to rely on the commitment of LastPass to protect your data. Open source is not a perfect solution, but is by far the most secure one and while it is likely that LastPass does keep passwords secure, it would be advisable to avoid using it for information that is highly confidential.
There is a free and a premium version, as well as an Enterprise solution that will suit small businesses. It is possible to sync across unlimited number of devices, including computers running Linux, Windows and Mac OS X, as well as Android and iOS mobile devices. In order to sync from desktop computers to mobile devices, you will need the LastPAss Premium plan, which is available for $12 per year. The Premium plan offers support for two or more factor authentication (2FA) through multiple devices. It is possible to test the service for 14 days through a free trial and Premium subscribers can also avail of a 30-day moneyback guarantee.
The features supported include auto-form-field completion, auto-generation of secure passwords, secure notes to store private information, multifactor authentication (including biometric functionality), the possibility of importing existing password form your browser, shared folder to manage and access accounts shared with family or friends, as well as the option to share website login details with someone else. US customers also have real time credit card monitoring that allows them to prevent unauthorized use.
How to use LastPass – Desktop version
After signing up for an account and installing the browser plugin available for Chrome, Opera, Safari, Firefox and Internet Explorer, you will be able to use LastPass without major issue. As previously mentioned, one of the strongest aspects about this password manager is that it is very easy to use. It will import passwords saved by your browser and then turn off the browser’s integrated password saving features making sure that all passwords are managed by LastPass.
A web based keyboard is used for login, which helps to prevent keyboard logging. The password forms show a star to the right, displaying a number that indicates how many logins have been stored by LastPass for that website. If a new username or password is entered, the impressive password capture feature will give you the option to remember them in the future and this can be set to automatic.
LastPass for Applications
This option is only available for Windows users and it allows them to install an app that gives them control over their account from the desktop. LastPass for Applications grants direct access to the LastPass Vault and Secure Notes, which allows you to turn passwords and other information directly into programs that stand alone.
The Android mobile app gives you access to passwords anywhere you are. However, in order to sync with your desktop account, you will have to buy a Premium account. The app offers a smart design and appealing design. It is straightforward and gives you access to a large selection of features supported by LastPass. If you are used to the web version that is normally used on the desktop, you won’t have any issues with the app.
If you need to access a link, it will be opened within the browser included in the LastPass app. If you use this built-in browser to navigate the web, LastPass will fill in passwords and forms. It will also take care of creating new passwords and other tasks. Samsung Galaxy’s fingerprint scanner is supported, which allows you to access the app without hassle.
Although the LastPass browser is effective and highly functional, it is not at the same level as Chrome or Firefox. It lacks some options that these browsers support, but this is not a major issue since LastPass works well with other browsers like Dolphin, the default Android browser and Chrome.
If you are looking for a password manager that is easy to use, sleek and that offers a wide range of practical features, LastPass may be the right answer. It is available for a reasonable price and the browser integration is quite good. There are multiple authentication factors supported, including biometric authentication, which is impressive. The downside is that there are many security concerns surrounding LastPass, particularly since it has been hacked in more than one occasion.
Although no crucial information was stolen (and security and encryption are overall effective and strong), the fact that password recovery is allowed and that data is stored in a central database, may facilitate hacking issues. Since LastPass is not an open source solution, it is not open to independent inspection to confirm that it is not subject to backdoors or other issues. Nevertheless, LastPass could be the right choice for anyone who wants an easy and feature-rich password management solution.