LastPass allows you to easily store, manage, and sync your usernames, passwords, and other data (like RoboForm Pro… but free)

With malicious people constantly roaming the internet to pick their next victim of identify theft, fraud, spam, etc. it is increasingly important to mix up your passwords (not use the same password for everything) and create stronger, longer passwords. However the one problem with using multiple and stronger passwords is that they are all hard to remember and keep track of. I know in particular for me my problem is not that I can’t remember my passwords but rather I cannot keep track which password I used for which login. To help people with the task of managing their passwords there are plenty of software, freeware and commercial alike, out in the market currently. Most notably RoboForm Pro is a popular, and excellent, commercial software often selected for the task of password management. The problem with RoboForm Pro is it is, after all, commercial and costs money (although I have mentioned before how you can grab RoboForm Pro for free). Many people do not want, or cannot, pay to get RoboForm Pro. This is where LastPass comes in.

LastPass is an excellent free online based password management solution. Yes I said “online based” on purpose because I want to clear the air of this notion right off the bat: LastPass syncs and stores your data (passwords, usernames, form data, etc.) on their servers. However the thing is all your data (including passwords, usernames, forms, etc.) is encrypted by AES 256 (industry standard encryption algorithm) locally on your computer the moment you use LastPass to store it so not even the LastPass developer is able to see your data – when your data is stored on their servers it is constantly encrypted. The only way to ever access your data is by using the master password which you set and only you know (unless of course you tell someone else in which case they also would know). Heck LastPass’s developer takes security so seriously that there is no way to ever recover your master password if you forget it… because no one but you knows what it was. At best the developer can e-mail you the “password hint” you set when you registered your account.

Okay so with that out of the way, let me explain to you why LastPass is an excellent choice for your password management needs:

  • One password opens the gate to all your passwords

To first state the obvious LastPass allows you to only have to remember one combination of username (which consists of your e-mail) and password (be sure to use a secure password). You use this username and password to login to your LastPass account which has all your saved usernames and passwords stored.

  • Secure

I have already mentioned this but I feel I should mention it again. The moment you store any data with LastPass it is instantly encrypted using AES 256 before being stored on LastPass servers. AES 256 is an extremely secure encryption algorithm so your data is very safe. The only way to ever access your LastPass data is via your master password which only you know.

  • Excellent browser integration

LastPass has plugins for Firefox and Internet Explorer and supports bookmarklets for Chrome and Safari. Opera support is limited, however, to just using LastPass’s website.

This excellent support allows you to do easy storing of usernames/passwords and one click logins.

Here is a short video by the developer to show you what I mean:

  • Not just for login details

In addition to being able to store usernames and passwords, LastPass is a “form filler”: LastPass allows you to create “profiles” and use these profiles to easily fill out forms that require information such as your name, e-mail, address, etc.

Here is a short video by the developer showing this feature:

LastPass also allows you to create and store “notes”. “Notes” is simply like a notepad feature that allows you to type in anything and store it. Here is a short video by the developer explaining this feature:

In both videos it mentioned for you to have to go to the LastPass website to create a profile or note. Keep in mind if you have the Firefox or IE LastPass plugins installed, you can do both those tasks directly from the plugins.

  • Easy synchronization between computers and browsers

As I already mentioned above, LastPass is an online based solution. This advantage of this online based solution is that you can easily synchronize your usernames, passwords and profiles across multiple computers and browsers. After you store a new username/password or create a new profile, that data is instantly encrypted locally on your computer and then synchronized with your account on LastPass.com. When you want to use LastPass on another computer (or browser) simply login to your account (if you are using the plugins you will login from the plugins otherwise you need to login from LastPass.com) and you have full access to all your data.

  • One time passwords

Let’s say you want to access your LastPass account but are not sure if the computer you are using is infected with a keylogger or other malicious scrumware of sorts. That is where “one time passwords” comes in. LastPass has a feature that allows you to create passwords that will only work once to login to your account. Of course you would have to have created the one time password beforehand but this way you can safely login from status-unknown computers without compromising your LastPass login credentials.

Here is a video by the developer for this feature:

  • Create backups of your data

Since LastPass is online based and your data is constantly synced with LastPass servers, you technically always have a “backup” in case you lose the data on your computer (plugins store your data locally as well as sync with LastPass servers). However you can also use LastPass portable to create backups on USB drives.

  • Import and export your data easily

Not only does LastPass have the ability to import data from Internet Explorer, Firefox, RoboForm, 1Password, KeePass, MyPasswordSafe, Password Agent, Password Safe, Sxipper, Passpack and TurboPasswords but it also allows you to export your data from LastPass to Firefox’s password manager, a CSV file, or a LastPass encrypted file.

  • Cross platform support

LastPass works on Windows, Mac and Linux enabling you the freedom of working on multiple platforms and still access all your passwords and other data.

Now there are still some features I have not mentioned above, but I figure the above ones are good enough to get you interested in this software.

There is one small bug I am facing with LastPass however. It is a really weird bug to be honest. After I install LastPass I am unable to visit any URLs from within Windows. For example if I try to visit a link from an e-mail within Outlook I get an error. Or when I double click on the LastPass icon on my desktop I get an error. The error looks like this:

2009-08-16_171400

Now the error in of itself is odd. What is more odd is how I fix it. I simply run RevoUninstaller, click on LastPass, and click “Uninstall”. However I don’t actually uninstall LastPass. I select select “Advanced” and let Revo run it’s first step until I get the LastPass popup window asking me if I am sure I want to uninstall:

2009-08-16_210823

At that point I just click “No” and close out RevoUninstaller. After that I am able to access links from Windows. Weird I know. Maybe a Vista bug.

Anyway, to conclude yes even with all the security measures there is an element of trust with storing your personal information, such as passwords, on servers that may be thousands of miles out of your control. However overall I feel LastPass is an excellent choice for free password, and other data, management.

You can get LastPass from the following link:

Click here to go LastPass.com and get started

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

25 comments

  1. Venus

    @Leonel:
    I got similar errors with clamav on the LastPass firefox plugin – 2 detections for PUA.Script.Packed-1 & 3 on PUA.JS.Xored. Haven’t checked them on VirusTotal yet tho. I suspect clamav is mainly detecting potential threats because of the way the plugin accesses hard drives to store data.

  2. David

    I haven’t yet found a password manager other than Roboform that allows a URL related prompt to be displayed for manual fill-in.

    In the UK, many financial sites require variably selected characters to be filled in – not the complete password. Sometimes this MUST be done using embedded virtual keyboards or drop-down lists.

    I’d love to replace Roboform after the license change which offended many in v7, and for onward compatibility with FF updates from v3. Alas, Lastpass doesn’t match UK requirements. Developers?

  3. Leonel

    I ran the download through VirusTotal and clamAV indicated that there may be a virus/malware called PUA.Packed.PECompact-1 associated with this download … following is the description that I found for this virus:
    PUA.Packed.PECompact-1 Description:

    Trojan (or Trojan horse) is a harmful program that looks legitimate or integrated into legitimate software wait for users to load and execute. PUA.Packed.PECompact-1 enters and installs the target computer without knowledge or permission when you open unknown email attachment and instant messaged, opening a picture, etc. Once executed, PUA.Packed.PECompact-1 can change desktop background, display and allow hacker to get unauthorized remote access to the infected computer, corrupt files and break the system, or even leave other malicious malwares or violate user’s privacy. Before PUA.Packed.PECompact-1 screw up your computer and steal your confidential information, you’d better remove PUA.Packed.PECompact-1 as soon as possible.

  4. darren

    Can you tell me about Xmarks : Secure password sync?
    How is its security compared to LastPass?
    I’m asking because I already use Xmarks to store my bookmarks and it would be convenient to use a single program to sync both my bookmarks and passwords.
    But of course security is my priority.

  5. Ashraf
    Author/Mr. Boss

    @Krusty: I agree with you that they should give the user the option of syncing it with their servers or not – that would make the service 100% better. However they do force you to sync because so yes you can access the passwords from different computers.

  6. Krusty

    My question is why do you have to send it to your secure servers?

    Why is it not a standalone program?

    Is this done so your can access your passwords from different computers?

    I think it would great if you could install it to a jumpdrive, then it truly would be secure, because you could remove it and use it on other computers.

  7. Ashraf
    Author/Mr. Boss

    @Marisa: As long as your account with LastPass is still activate your passwords will be fine. As far as I know you will lose your passwords that are stored locally (but the passwords should also be on your LastPass account because they sync them automatically). Just make sure you don’t delete your account.

  8. Marisa

    Yes I tried what you recommended with RevoUninstaller and I did not get the same message as you did. I only got one pop up box asking if I was sure I wanted to uninstall Last Pass and I clicked “no”.

    Even when I am logged off from Last Pass I still can’t get the email links to work from websites I am visitng.

    Is there anything else I can try?

  9. Marisa

    Hello Again,

    Thank you for your reply.

    I decided to go ahead and download LastPass. Although I am able to click on links in Outlook that take me directly to the URL, I am having problems clicking on email links within a website.

    Either nothing happens or a new tab opens up and is blank.

    Can you help me with this?

  10. Ashraf
    Author/Mr. Boss

    @Marisa: Yes LastPass does have a USB/portable version where you can save your passwords to.

    Also, I have never used Password Corral but just looking at the features on their website I would say it is similar to KeePass. In other words both don’t have great browser integration.

    @Tanveer: As I mentioned in my review and just about to Marisa, LastPass has a lot better browser integration. Also since LastPass automatically syncs your data via their servers, it is a lot easier to use LastPass on different computers than KeePass.

  11. Tanveer

    Ashraf:

    I use KeePass. How do you compare KeePass with LastPass? I have had no issues with KeePass – it sits quietly in the system tray and when I want to fill-in a login/password, I use a key sequence. And I believe with KeePass everything is stored locally on your hard disk – not on any server.

    And this is my first post, but I really commend you for the time you give to write reviews and give suggestions to people like me who don’t have much time in hand to do software research. Thanks and Ramadan Mubarak!

    Peace be upon you!

  12. Marisa

    Thank you so much for this review. The videos were very helpful.

    Can passwords stored with LastPass also be stored on a USB memory key as a backup?

    How would you compare LastPass with Password Corral,the software recommended by another reviewer from GOTD?

  13. david roper

    What a wonderful review.

    I am the 8th commenter yet the first voter. Oh, well. ???

    I don’t know what I am saying but I trust you, so Ramadan mubarak “back at you.” Just remember me at Christmas. ;-)

    Now for Roboform Pro. I use it, too, and I would probably have just used this LastPass if I had understood it well. Oh, I found it a long time ago but I didn’t understand the safety involved. Encryption on my laptop and storage on their server. Couldn’t be better.

    I will stay with Roboform but only because my cheap butt has already spent the money with them. LastPass would certainly have been my choice if I were starting over. And I would probably have sent the guy $20 for writing such a strong and yet easy to use utility.

    Oh well, I’m happy that this LastPass is still available for free for my family members and friends. Everybody reading this needs either LastPass or RoboForm Pro if they use the Internet at all. Seriously.

  14. rezcky

    Salam ashraf
    Suddenly what I see that ur website has become very active and spring to life.. alot of freebies and lot of info that really benefit me and other readers .. please do write more and more as we need that valuable info especiallly newbies like me..

    happy fasting .. as for me ramadhan falls on this saturday
    rezcky

  15. Ashraf
    Author/Mr. Boss

    @Farrukh: Wasalaam. The developers and owners actually cannot read the databases/data files. As I mentioned in my post, all the data you store on your LastPass account is encrypted while it is stored on LastPass servers. The only way the developers/owners would be able to see it is to either have your password (which they can’t see) or to crack AES 256 encryption.

    However I totally understand your fear. I myself prefer to stick to RoboForm Pro.

  16. Farrukh

    AOA
    I’m always in a fear that there are multiple methods of tracking people’s UserNames and Passwords.

    This tool seems to be a cool thing, but after all, its developers and owners can read their databases/data files, so they are the ones who have access to UserNames and Passwords.

    I know, what you may be thinking that in Windows Microsoft also have access to Windows security files? But at least they are not unknown and at least security risk on their side is very low.

    At least, its difficult for me to trust a Free Tool which holds my security credentials.

    I always prefer to remember my user names and password by implementing a sequence in them.

    Best regards
    Farrukh