With LastPass Password Manager, you have to remember only one password, and it is the master password to access your password vault. That is why they advertise it as “The last password you have to remember”, you got your answer that you’ll have to remember only the master password while LastPass takes care of all your other passwords and even forms. This review of LastPass password manager for Windows will tell you if you can trust it and use it.
LastPass Password Manager review
It took a whole lot of months for me to decide to go for a password manager. Before that, I was storing all my passwords in an excel sheet that was renamed to look like a garbage document with no extension. Whenever I forgot the password for any particular site (I was not using hard passwords at that time), I changed the extension and opened it in Microsoft Excel. But I was still afraid that someone might figure it out and all my data would be stolen.
I needed a free password manager, so I went through the available options. The first one I used was a desktop version, and I had to enter the master password every time I had to login into any of the web services. Plus the fear of getting hacked and unknown people using my login data was too much for me to keep using the desktop password manager application. I researched a bit and found LastPass, a cloud-based solution.
Cloud-Based Password Manager
Being a cloud-based password manager, I had the option of accessing it from anywhere and on any computer in the world. I just had to remember my email ID and LastPass master password to use it from other computers. This looked perfect, so I went with it, with fears about the security lapses it might be having. What if somebody hooked up to LastPass servers? But then, it is possible that someone can hack any site and steal the credentials. It is happening with many sites – LinkedIn, Yahoo, and even Amazon!
It is a risk, but it still makes your daily computing, much easier. You get stronger passwords, and you don’t have to remember them. There are some problems too – which we will discuss in a while. As a cloud-based free password manager, LastPass is good – if not perfect. Speaking of perfect, nothing is 100% perfect when it comes to the Internet. Hackers keep on trying with different techniques, and there is always a possibility of a security breach that can reveal all your data to bad guys. What security measures does LastPass take, then, to avoid being compromised? Let us check them out in the next section.
Security in LastPass Password Manager
LastPass claims that no one knows your master password as it is not stored “as is” anywhere. It is hashed, and the value of the hash is stored so that LastPass knows that you have stored the correct password. I do not know if any other word or combination can provide the same hash (in which case, storing only hash is not much fruitful as others with similar can access your vault). I invite you to comment on whether two different passwords/passphrases can result in the same hash.
LastPass claims it uses AES 256 bit encryption to store your other passwords in the cloud. In their own words,
“We’ve taken every step we can think of to ensure your security and privacy. Using an evolved host-proof hosted solution, LastPass employs localized, government-level encryption (256-bit AES implemented in C++ and JavaScript) and local one-way salted hashes to give you complete security with the go-anywhere convenience of syncing through the cloud. All encrypting and decrypting happens on your computer – no one at LastPass can ever access your sensitive data.”
I highlighted the last sentence above as it raises doubts that someone has to clear (preferably from LastPass). If all encryption and decryption happen on my computer, does it make my password vault vulnerable by leaving traces of its actions?
You have to remember it. Nothing is 100% secure! A few years back, the LastPass website had faced a security breach. Then last a bug in LastPass’s Internet Explorer plug-in had exposed the passwords of some users. But all the information you store inside LastPass is encrypted. So, if anyone ever manages to hack the LastPass servers all the person will see is encrypted information.
Features of LastPass
Before I talk about LastPass features, let me inform you that there are both free and paid versions of LastPass. In this article, we are talking only about the free version of LastPass, the cloud-based password manager.
The feature I like the most is password capture. When you sign up with a new website, LastPass prompts you to ask if you wish to save that password. If you say yes, you will get a dialog box to save the credentials and whether to autofill or autologin. If you have more than one account for a website, you can still store passwords separately on LastPass. In other words, it supports multiple accounts for almost all kinds of websites. That helps a lot but make sure you do not select “autologin” (when saving password) as it will not give you a chance to select what credentials to use. If you already selected autologin and are not able to use other accounts, you can open LastPass Vault and uncheck autologin.
Another feature is that it can capture the entire process of signing in. For banks and similar institutions, the login process is a bit different. LastPass allows you to capture all the sign-in processes so that you can auto login there too. Once you have the LastPass account, I recommend you view the Tutorials so that you know what all you can do to make your sign-in easier.
LastPass also has a password generator. It auto-detects when you are creating a password and offers you suggestions if you go for it. The new passwords can be customized with symbols and numbers, and you can also set a size for them. The best part is, once you have saved it, you do not need to remember it!
Finally, LastPass lets you import your passwords from other password managers. It supports a variety of formats so that you do not have to manually transfer data. Simply select import and select the file from other password managers and all data will be imported without human intervention. Similarly, LastPass also allows the export of data just in case you wish to move to some other password manager like RoboForm, etc.
Problems With LastPass
I did not find any problems with LastPass except that some sites create problems while auto-signing in. Some sites have captcha, and there, you have to close the Lastpass dialog after it fills the password. After closing the Lastpass dialog, you can manually enter a captcha. Since the captcha changes every time you log in, I do not think there could be any way to capture such logins.
LastPass support is readily available on Twitter. Their handle is @Lastpass, and they offer a fast response. The above review of LastPass is meant as support in choosing a cloud-based password manager for you. If you have any thoughts, please share.
Related: LastPass Chrome extension is not working.
LastPass download
You can download LastPass from its official website. You can also get the extension for Chrome, Firefox, Edge & Opera browsers.
i always fear using cloud based password managers. as u mentioned! i very well doubt ! what if the servers gt hacked. its a risky business.. i will suggest using a standalone software like “keepass”
Keepass is my favourite. It is more versatile than Lastpass.
LastPass is the best out there. Keepass is fine if you want to live in the dark ages and only have local access to your passwords. Lastpass is available for every device, unlike keepass who have unofficial ports, making it a massive security risk.
Last Pass is Cloud based, but you don’t need to use the cloud. You can have a portable version on your desktop or flash drive. So I can’t see how Keepass is more versatile. Also, forensic apps like Passware Kit can decrypt the Keepass’ master password/keyfile in seconds and if you use your Windows login, forget it, so again, not very useful. I ran tests on many password managers and LastPass was 100% secure.
Yes, they have had issues, security companies do, but no one has ever retrieved your password list or info from any breach proving that it’s secure, unlike Keepass. Also, being cloud based, it has redundancy which means you still have local access to your data, so if the lastpass servers failed, no worries, you can still use it.
Keepass is forever fixing security holes too, first discovered in 2012 they have fought to keep plugging the software. and lastly, if you don’t backup your Keepass data, if you have a major crash or corruption, you lose all your data.
Lastpass is not 100% safe there always backdoors that hackers can find
Check out Steve Gibsons review of lastpass in the security now podcast. I’ve been using it for years now, pay for the subscription so I can use it on my p[hone. Over 300 sites are in there, I’m secure and safe with peace of mind. Very happy. Tou didint mention the security check tool, the binaries version to store safe notes, the visa card filling, replication of paswords between multiple computers and multiple browsers, IE, Firefox, chrome, etc. Its the bees knees. Keepass ? pah I user that at work, it works, nothign like lastpass though.
I have tried to use Lastpass several times over the years (including recently) and always end up going back to Keepass as I just had too much trouble with Lastpass.
I have Keepass on all my devices, the data is automatically backed up and frankly I believe your comments re Passware Kit would only work for very simple short master passwords.
If a user has a decent Internet Security app/firewall an attacker is unlikely to even get to their Keepass data.
It takes too long to generate a password, therefore I find myself making up a password for new accounts, which kind of defeats the purpose of it. It needs to generate faster, otherwise I use it for remembering sites I visit after I have signed in, so I don’t have to sign in every time.
I already use the two years. It’s a great tool.
What if Lastpass goes bankrupt – or suddenly decides that now you have to pay for the passwords (that you don’t remember anymore)?
Then you buy the company or pay for the passwords. What if the sky starts to fall? What if gravity ceases to exist? What if a 6 turned out to be a 9??
Two features that will keep me and a lot of other prospective users from ever installing and using this software.
* For one, the cloud is still an unknown entity to a lot of people even to those who know the essentials of how it works (Maybe especially to those people). We are all aware that once anything is posted on the internet it is never lost. It can be removed, deleted, rearranged, etc. but it is still there. I think that a lot of people like minded to me will never trust using that type of system as a storage area for their passwords no matter how good the encryption and no matter how well explained that the information in not accessible to others, If I can get my information then someone very smart can figure out a way to get it also and by putting it online (so to speak, since the information is stored on servers to be accessed when necessary by the account holders) it will only create more doubt as to it’s security.
* Secondly, and this really goes hand in hand with my first reason for not being comfortable with the security of this type of software is the old saying; “If you really want to keep a secret then the best way to do so is to simply tell no one.” So you see, by using encryption software, not matter how sophisticated it may be and coupling it with public access in the billions if that many people create accounts with LastPass, then it is of my opinion that most users will not feel safe unless they are using a software program that is totally self contained on their own computer and does not risk outside entities to have access to this software therefore keeping it inaccessible from all others.
I applaud you on a great project that still has many applications for password protection even though I think it will fall mostly upon low security password applications and possibly some sort of record keeping of names and info although I may be stretching it a little with that idea. I think a great job has been done by all those involved to make this software program possible and up and running now I believe your only struggle will be with people being scared to put their sensitive information out there where they are uncomfortable that this information could be compromised.
Been using LastPass for 2 years with no issues what so ever. I can understand concerns about Cloud Services and though it’s relatively new what are your options? You can use a password service without cloud service but you will be limited or just go with the new technology. If you are frightened that your pass words can be hacked from a cloud service like Lastpass then you have just 1 option. Don’t share your passwords with anyone or service. Just hope you have a very good memory……
I use “Intuitive Password” online password manager. It’s a web-based password manager and your data is securely stored in the datacenter. With Intuitive Password, you can easily access your data at any time, any where. It works on all devices without installation.