Whenever we talk passwords, we always preach the same thing: Use strong, difficult-to-remember passwords, and different passwords for every site. Easy to say, extremely difficult to do through sheer willpower. I’ve tried many password-remembering systems, and this is what I’ve stuck with.
To paraphrase photographer Chase Jarvis, the best password manager is the one you have with you. Of all the password management utilities out there, I consider LastPass the most elegant compromise between convenience and security, and if you’re not using it already, I recommend you start. It’s mostly free, plugs into nearly any browser or smartphone, is KeePass compatible, and just works.
I like KeePass. KeePass is friendly and locks down pretty tight. But when it comes to filling in web passwords, I want the path of least resistance — and I want to convert my friends and family into more secure practices, too. LastPass offers a few advantages over KeePass:
- Universal: KeePass has a nice collection of extensions and plug-ins, but they’re all over the place when it comes to support, updating, and platforms. LastPass offers extensions for Firefox, Internet Explorer, Chrome and Safari on Windows, Mac and Linux. There are a few gaps (Opera, mainly), but they’re covered in large part by free auto-filling bookmarklets (covered below) and desktop, USB and mobile software, offered to LastPass’ premium subscribers.
- Simple: LastPass has a multitude of options, settings, tools and other knobs to twiddle, just like KeePass. If all you want, though, is a better kind of universal password manager that remembers your log-ins, simply install the browser extension, log into LastPass, and let it do its thing. It automatically prompts you to save passwords and form data — though you can turn that off — and fills out username/password fields, with an easy switch to another login name.
- Secure, yet dummy-proof: My one fear with systems like KeePass, where I’m keeping my own database and, potentially, safe-keeping my own encryption key file, is that I’ll do something stupid and delete that file, or forget that ultra-secure master password. Sure, sure — you’re a superhero of forethought and memory, and would never do such a thing. Me, I’ve had too many brushes with Dropbox sync screw-ups (my own fault for tinkering, usually) and memory gaps to leave it up to myself to serve as my own knight to protect the Holy Grail. LastPass uses a single master password to log into your account, sure, and if you lose that, you have to jump through quite a few hoops to get it back. But it is, technically, recoverable.
Intrigued? Even just a little interested? Here’s how LastPass can make your web browsing, or maybe the browsing of a friend with really weak passwords, more convenient and secure. Go ahead and create an account if you’d like, but LastPass actually recommends creating that account from a browser extension or software download.
Here’s LastPass’ (somewhat clinical) explanation of how their extensions work, demonstrated on Firefox:
Mobile Apps & Site
If you’re in a foreign land or on a sketchy Wi-Fi connection, the last thing you want to do is pass your universal LastPass password over the insecure airwaves. Set up your account with some one-time passwords, then use them whenever you’re somewhere not entirely locked down. As soon as you log in, that password becomes invalid, and, as mentioned before, your passwords don’t fly open the open air in any case.
That’s why I dig LastPass anyways, and it’s why I’ll be quietly trying to move the other computers in my house and family onto that system. If you have other reasons you dig LastPass, or another web or desktop-based management scheme, tell us all about it in the comments.