PROS / LastPass Premium includes a number of convenience features in addition to password management – cross-browser and cross-platform support, for example.
CONS / The completeness of LastPass Premium does not invite obvious criticisms, but capturing applications passwords is sometimes trickier than capturing web site passwords.
VERDICT / LastPass Premium is a wonderful way to manage passwords. The features are not difficult to apply, and it functions on many platform types.
“Halt! Who goes there?”
“Um. Dunno. I can’t remember my username or password.”
If you have lost control of your passwords, you are at risk. The first step to recovery is to admit that you have a problem. Do you use the same or similar passwords on multiple websites? Do your passwords contain any human-language words? Where do you store your passwords? How often do you change your passwords? The answer to the problem of out-of-control passwords is password management software, especially the Top Ten Reviews Silver Award winner, LastPass Premium.
The simple act of installing LastPass password software advances you toward better online safety. At its core, this password manager makes it easy to store usernames and passwords, implemented as a browser extension. All password manager software does that much, but what distinguishes LastPass Premium is the concentration of features that go beyond the basics and the careful attention to usability. For example, when you download LastPass, it examines your computer environment and recommends the best plugin package depending on your operating system and browsers. The installation process includes an inventory of insecure passwords. LastPass has a password generator that lets you find strong replacement passwords for the weak ones. For example if your password was “User123,” you could replace it something stronger, such as Hr0mVwCEDlgw. Even though the strongest passwords are impossible to remember and difficult to type quickly, the way that LastPass works removes any objections to using stronger passwords.
The LastPass plugin to your browser remembers sites that require logins and whenever you go to such a site, it presents what you need. You can configure it to automatically log you in. Or it can pop up the details so you can log in manually, with the convenience of being able to read your login information right when you need it. You never have to sit down and laboriously type into LastPass all of the sites you visit and their passwords. It imports any of the logins and passwords that your browser might have captured. And then in the course of your online activity, it asks you whether it should save your passwords and logins as they occur. As you amass lists of passwords, logical groupings will appear. Therefore, LastPass lets you organize your lists according to identities. For example, you might have a personal identity and a work identity as a way to arrange your login lists.
There are a couple of other convenience features worth noting. You can create a form-fill profile that securely saves credit card numbers that you can apply whenever you buy something online. Most password managers include form filling, but less common among the competition is the ability to create secure notes that are associated with the sites you log into since sometimes secure logins require more than a username and password. Even less common is the ability to share a login for a particular URL with someone else without revealing your password. With LastPass, you could let someone you trust visit a website that requires your credentials. Sharing is also a convenient feature in a work situation where you want to share a company login to a third-party site.
As if generating and managing passwords were not enough, LastPass supports many additional security options that promote safety. Let’s start with the localized security options. You can decide what LastPass should do between internet sessions. For example, you can decide whether it should log off every time you close the browser. You can also set it to log off after your computer is idle for a specific amount of time. Clipboard contents are another potential vulnerability if you are copying and pasting usernames and passwords, which is why LastPass lets you decide how quickly to clear the clipboard. Another example of a useful localized security option is the ability to require a password re-prompt that forces re-entry of the master password for sites that you determine to need extra security.
LastPass also provides additional security options at the global level. For example, whenever you change the email address or master password for your LastPass account, you will get an email in case someone tried to wrest control from you. You can also control the length of time that any of your sessions exist on the LastPass server. A related option is the ability to kill other sessions when you log into your LastPass account. For example, if you close your browser at work and don't select the option to log off whenever you close a browser, you will be able to log in from home but when you get back to work you will need to re-enter your master password.
Additional LastPass security options abound. For instance, to prevent keyloggers from capturing mouse clicks (especially when you are on an unsecured public Wi-Fi hotspot), a virtual on-screen keyboard accepts your email and master password without pressing actual keys. The majority of LastPass competitors do not offer a virtual keyboard. Another defense against keyloggers is the ability to create one-time passwords that you can use to log into your LastPass account.
LastPass provides another means of frustrating keyloggers: multifactor authentication, a second step that you must perform before you can access your account. Right now the practice is more common in Europe than in the United States. The way it works, for example, is that you might receive an email or a text with a one-time-use code that you must type into your online account in addition to your password. Even though only a few password management software publishers provide a secondary authentication method, LastPass Premium supports several:
- Google Authenticator
- Grid Multifactor Authentication
- Sesame Multifactor Authentication
- Yubikey Multifactor Authentication
- Fingerprint Authentication
- Smart Card Authentication
Just as LastPass Premium has more features than competing products, it also supports more browsers and platforms. It can attach itself as an extension to quite a few browsers, including Chrome, Firefox, Internet Explorer and Dolphin. It is compatible with Windows, Mac OS and Linux. The list of mobile devices that can take advantage of LastPass beats the competition because, in addition to supporting iOS, Android and Microsoft Surface RT, LastPass supports Blackberry, Windows Phone and Windows Mobile, Symbian S60, and HP WebOS.
Help & Support
Access to help and support is via email. The LastPass support website has useful resources including well-written FAQs, access to a user forum and the user manual.
Until fingerprint and retinal scanners come into their own, there is the pressing need to create, change and manage passwords and to employ passwords of increasing complexity. Without password management software such as LastPass Premium, you would need to exhibit extraordinary discipline to achieve a comparable level of security. Even if you had the will to generate strong passwords, store them securely and retrieve them conveniently, it is difficult to imagine duplicating on your own the ease with which LastPass manages passwords and supports access from a PC, Mac, iPhone, Android, Blackberry or Windows Phone.