LastPass: Your Guide for Secure Password Protection

Intro

When browsing the internet in this day and age, you may not realise how vulnerable you are to data theft, even just by logging into Facebook to send a message your personal data is being shared with millions of people around the world.

Some may remember the incident last year with the data breach into Facebook, where 50 million users had their personal accounts compromised which allowed hackers to access them and take control.

You may have noticed that websites you have signed up to in the past have since sent out e-mails asking users to agree to the terms of service regarding their data protection under the General Data Protection Regulation (GDPR). However, don't be fooled by thinking this means your data is now protected, far from it.

In this blog post I will be talking about an application called LastPass, and how by setting up your account today, you can maximise your data security by using randomly generated passwords for each site you store your data on.
What is LastPass?
LastPass is a free to use password manager that remembers your passwords and makes logging in simple with a single click. But what makes LastPass unique is the ability to create secure passwords for each account you use, on any device you are using!

By remembering only one master password, LastPass will auto fill your login details, so you never have to remember and type out all your details again!
last-pass-logo
LastPass logo

How does LastPass work?
Getting started
Once you create your LastPass account, you will be asked for a master password. This is the only password you will have to remember.

When logged in, you can add your existing sites to your vault or create new accounts which will be automatically added. Your vault will look similar to this depending on what device you are using:
last-pass-example
Example of LastPass Vault

Creating secure passwords
LastPass has a feature where you can randomly generate a password from 1-99 characters long. The generator has the option for you to include uppercase and lowercase letters, numbers and symbols.
last-pass-generate
LastPass generating a password

You can use this generator to change the existing passwords you store or create a new password with a single click when creating a new account. I will explain in the Security Challenge section about changing existing passwords.

To generate a secure password when creating an account, you will be prompted with a clickable icon in the password input, and with a single click, you can fill in your generated password.
last-pass-gen-icon
Prompt to generate password

Security Challenge
This feature of LastPass allows you to calculate a percentage of how secure your passwords are. Below is an example which shows vulnerable areas in this accounts security.
last-pass-security-challenge
LastPass Security Challenge example

When shown your Security Score you can see how secure your passwords are and what to do to improve them. In this example the score is quite high, however the passwords are still vulnerable.

LastPass makes it easy to improve your passwords, by providing direct links to the sites that need improving, and on some sites, having an option to fully automate the change for you.
last-pass-security-improve
LastPass makes it easy to improve passwords

At the top we can see there is one site where we can click a single button which is the 'Update Now' button. When pressed, LastPass will auto change the password for you. Currently this feature is available on over 75 sites.

There are 3 other sites which require us to change the password manually. However, this is made simple by LastPass providing a direct link to the site where you can change it.
last-pass-detailed
Detailed summary of password security

A detailed summary is provided displaying all of your passwords, with the strength of your passwords, when they were last changed and direct links to where you can change them.
My personal experience with LastPass
I have been using LastPass for around 2 years now and have come to the realisation that I have become fully dependant on it when browsing the internet. So dependant in fact that whenever I have owned a new device, one of the first components I install is LastPass - everytime.

In my first year of using LastPass I never took advantage of the security features. I only used it as a password manager where I could store all my passwords then log into sites with one click. This worked great for me but I really came to love LastPass once I paid attention to the security features.

I was put off by the idea of having randomly generated passwords for each account I use, as I thought it would be more of a hassle than just remebering them, but infact it was quite the opposite! Since getting LastPass to generate secure passwords for each account, I have never had to remember one ever again (except for my master password)!

Once I started to use generated passwords, I then became obsessed with password security and started to really push the limits of LastPass. My account security score is now in the top 1% of users on LastPass! Although this is quite unnecessary to some, I have a few tips to really ensure you get the most out of using LastPass:
  • Randomly generated master password
    I found that using a randomly generated master password is essential for your account, as without a secure master password, if someone was able to get into your account, it would be pointless having secure passwords stored inside it.
    Obviously it would be annoying to type out a secure password each time you log in, so I have my password saved in a .txt file on my PC and in my notes on my phone to copy and paste into it. I also have written the password down on a sheet of paper which I keep safe, so I have it backed up in case I lose the notes on my devices. Sometimes it can take a little longer to find the .txt file or note to copy and paste the password into your LastPass log in, but trust me, this is the most important security measure for your passwords.
  • Don't store non-generated passwords
    Some accounts I used to store in my vault that contained a password that I could remember off the top of my head, as I would have to use them when not logged into LastPass. I found that keeping these in the vault increases the risk of someone getting into your account as I used to use the same passwords, so if someone found out that password through my LastPass then they could have access to more accounts I use with the same password. Storing these log in details elsewhere like a .txt file is a good idea, plus improves your Security Challenge score.
  • Don't use the same master password as a stored password
    If you decide to not have a generated master password, then I must stress that you must not do the above. If someone was to find out a password you use on a site, they could log into your LastPass using that password, then you've lost all your accounts and important data. Your master password is the most important security measure to protect your data, and it is essential you use it correctly.
  • No need for premium
    You may notice when using the app that you have the option to upgrade your plan. In my two years of using LastPass, I have never once needed to upgrade as the features do not appeal to me. I have managed completely fine without it, but you may differ. You can have a look of the features of premium here. Right now I'm sat in my uni overdraft, so dishing out tips to every developer and software I use is not an option unless I plan to not save for food for the week, but I know that once I am free, I will definitely be purchasing an upgrade to at least thank the developers for their hard work, and for making my time using the internet much simpler.

Finally - be aware that LastPass is not 100% secure! In fact, if you use the internet, nothing is! You should know that there have been issues in the past where LastPass has been vulnerable, which I will link below. However, there have not been any issues since 2015. Since then, LastPass have been aware of those issues and have massively improved upon their own security. I have done all I have to ensure my password security, even by being in the top 1%, but I know that without LastPass, I would be a lot less secure by using the same easy-to-remember passwords across every site I use.

To get started, you can download LastPass from the app store on IOS or Android, plus you can install the Chrome or Firefox extension.

References:
LastPass Hacked – Identified Early & Resolved
LastPass CEO Explains Possible Hack
Hack of cloud-based LastPass exposes hashed master passwords
How I made LastPass give me all your passwords