Lastpass, doing your passwords right…
When it comes to online passwords you can not be too safe, simple rules such as do not use the same password for multiple sites. use padding in your passwords, don’t use dictionary words.
While this all sounds great, the simple fact of the matter is, keeping multiple passwords for all those social sites, web tools and online backing systems is just not something you are going to keep in your head, well not if you’re doing it right you won’t.
Todays news that there are potentially 6.5 Million linkedin.com passwords being breached is a perfect example of just how vulnerable your world can be if you are using the same passwords across your social and banking sites.
The answer is holding those multiple passwords in a location you can get to them, knowing that vault of your most important information is itself secure.
The answer here is Lastpass which does just this as a site which yes, is based in the cloud, however is all about the securing of your data and passwords, when those sites who are not so worried about it get hacked.
How can this be secure? As most people I work with will tell you, i’m not a fan of the cloud, lets face it, it’s a bit like dangling all your washing over a dirty well and hoping it doesn’t drop in and get dirty.. Not a sensible thing to do, usually..
The technical details are cited on Lastpass’s website however the nuts and bolts are this.
LastPass helps find insecure passwords stored on your computer so you can store them securely in LastPass and remove the easy access by malicious software. LastPass uses SSL exclusively for data transfer even though the vast majority of data you’re sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic — the amount of data is trivial so the extra encryption doesn’t hurt. Our policy of never receiving private data that you haven’t already locked down with your LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone got in. If LastPass can’t access it, hackers can’t either. A large number of PBKDF2-SHA256 rounds are utilized to create your key, with the ability to increase the number of rounds over time to render brute forcing your master password impossible.
Imagine you’ve put all your worldly goods in a lead lined, safe with 3ft walls, and lasers all over the place, and the only person with a key is you.. Welcome to lastpass…So you’re interested then? well the good news is, if you’re only browser based then lastpass is free, nada, nil.. Easy to setup, you can install a browser plugin for your system be it Windows, Linux, OsX even BSD or Solaris.. The plugin is browser based and has plugins for the popular usual suspects..
However I have a simple rule in life, if something is worth using, it’s worth paying back, helps development and keeps good software alive. With Lastpass you do this by paying for a Premium account
for a $1 (69p) a month you get access to your Lastpass account on your mobile device, they are all covered IOS, Blackberry, Android, Windows Phone as well as plugins for Dolphin HD and Firefox Mobile. Faster mail support and access to dual factor authentication..
Lastpass is well worth a look, and protects you better than you can protect yourself..
Have a read about the site, don’t just take my word for it.
