You know you're supposed to use a password manager. In fact, you've been meaning to set one up for a long time, but haven't taken the plunge yet. Even popular ones, like LastPass, seem like a pain to set up. Good news: Getting started with a password manager is easier than you think. Password managers are an essential part of your online life. They create strong passwords that are difficult to crack, they keep track of those passwords so you don't have to remember them and they make it easy to change your passwords after a hack. You have a lot of great choices, but for this guide we're going to focus on LastPass, one of our favourites, in your web browser. We like LastPass because the free version has all the features most people need, and it syncs across a single platform (like your PC, Mac or mobile device). The free version of LastPass includes everything we'll cover in this guide. For an additional $US12 ($16)/year you can also access your passwords from other platforms (like Windows and Mac, or Mac and iPhone and so on) and get some additional options for multifactor authentication.
Download and Install LastPass In Your Browser
- Head to the LastPass downloads page and install the extension for your preferred browser.
- After the installation is complete, you'll see a new icon in your toolbar. Click that icon and select "Create an Account now".
- Type in your email address and create a master password. Make this password strong, it's the password you'll always use to access LastPass, and all of the passwords you create and store with it. Don't forget this -- you don't have too many options if you do.
There's also a LastPass Mac app, but most people will find the browser extension is all they need. If you plan on accessing LastPass from your mobile device, go ahead and download the app for Android, iOS or Windows Phone too, but be prepared to sign up for a premium subscription if you want to sync passwords between multiple devices.
Save Your Login Information for the Web Sites You Visit
Now it's time to save your passwords in the LastPass vault. There are a few ways to do this, but the easiest is to just use the internet as you normally do, and save your passwords as you log into each new site. That way LastPass does the work for you.
- When you arrive at a site with a login page, type your username and password, but don't click the sign in button.
- Click the LastPass icon inside the password field, then click "Save credentials for this site".
As you do this, your LastPass account will gradually fill up your vault with all your passwords and login information. Now, when you revisit those sites, LastPass can automatically enter your username and password for you.
If you used your browser's built-in password manager in the past, or if you've used another supported password manager, like 1Password, you can import all your login information directly into LastPass. This process varies depending on which manager you used before, but you'll find all the information you need over on LastPass's Importing Passwords guide.
Fix Your Weak Passwords with the Security Challenge
Next, let's fix all those junky, easily-hacked passwords you've been using. As you enter more and more passwords into LastPass, you'll want to go in and audit those passwords and create better ones. There are a few ways to do this, but as you're starting out, the simplest method is to use LastPass's built-in security challenge.
- In your browser, click the LastPass icon > My Vault.
- Click the Security Challenge tab.
- Click Show My Score.
- Enter your LastPass password when prompted.
- Wait for LastPass to analyse all your passwords.
LastPass will show you a report of all your passwords, divided into four self-explanatory sections: Change Compromised Passwords, Change Weak Passwords, Change Reused Passwords and Change Old Passwords.
Click on each section to expand it and see which passwords LastPass recommends you change. For many popular sites, LastPass can automatically change your password with no real effort from you. Just click the Auto-Change button and LastPass will automatically create a new password for that site in the background and save it so you can use it the next time you visit.
If a site doesn't support auto-change, you need to update your passwords manually. LastPass tries to make this as painless as possible, but it's still a little work:
- Click "Launch Site" and LastPass will open that site in a new tab.
- Log in with your username and password, and find the change password section in the account details for that site.
- In the new password field, click the LastPass icon, then select "Generate a New Password". LastPass will create a new password for the site.
- When prompted, select "Save Site" to save your new password information.
Depending on how many different sites you're fixing here, this can be a long, cumbersome process, so fire up a movie on Netflix and set aside a bit of time to take care of them all.
Add Form Fill Information for Speedy Checkout and New Accounts on New Sites
In addition to handling passwords, LastPass can also securely store your credit card information and address to help speed up the process of creating new accounts when you sign up for an account at a new store, retailer or any web site. Setup is easy:
- Click the LastPass icon in your browser.
- Select Form Fills > Add Form Fills.
- Enter all the information you want to store here.
LastPass has tabs to enter in a variety of information, including your name, address and credit card information. Adding this information to LastPass makes it so when you create an account on a new site, LastPass can automatically fill data in for you so you don't have to type it.
This is completely optional, but it's a useful feature built into LastPass, and your information is encrypted along with your passwords and other data. If you're not comfortable or don't want to store something like your credit card here, it's still worth adding your name and address so you don't have to re-type it everywhere.
Add Multifactor Authentication to Your LastPass Account
As you'd expect from a tool designed to make your digital life more secure, LastPass supports multifactor authentication. Once enabled, your master password alone isn't enough to log into your LastPass account and access your vault. You'll also need a passcode obtained from an authenticator. This extra layer of security keeps your LastPass account safe, which subsequently helps keep all your passwords safe as well. Setup takes just a few clicks:
- Click the LastPass icon in your browser and select My Vault.
- Click Account Settings.
- Click the Multifactor Authentication tab.
- Click the pen icon next to the authenticator you'd like to use and set the "Enabled" drop-down menu to Yes. Then follow the on-screen directions.
The process here is different depending on which authenticator you want to use. Usually, you'll add LastPass to the app of your choice, then the app will give you a code to enter into LastPass in your browser. LastPass supports a number of common multifactor authentication apps, including Google Authenticator. LastPass also has its own Authenticator app, which includes a nifty one-button approval system that simplifies logging in. If you don't already use any of the other supported authentication apps, the LastPass one is a good one to start with (even though it only works for LastPass).
That's it. Setting up LastPass is easy, and the only headache comes from that potentially lengthy password auditing process. Thankfully, it's a one-time thing, and once all your passwords are strong, you only have to worry about changing one if a site is hacked.
Finally, while many of us don't need its advanced features, it's worth pointing out that LastPass can also share passwords with other people, grant emergency access to your account to a loved one and can even securely store notes you might not want others to see. For now though, go ahead and just pat yourself on the back for finally getting a password manager set up after all those years of putting it off.