Tuesday, April 22, 2014

LastPass

Many of us know about the Heartbleed bug introduced in OpenSSL. It's in the news everywhere. Some places told you to change your passwords right away. Really, the better advice would have been to not even visit those sites until they actually fixed it on their end first. If they hadn't updated their OpenSSL, then your new password may very well have been viewable in memory and parsed by someone exploiting the bug.

Now, for those sites that did update, you should go change your password. This is where I need to stop you and ask you if you are using a password manager. There are many available. Some free, some not, and others that offer both options. LastPass is one of those that offers a free and paid version. Basically, if you want to pay $12/year to use it on your phone, that's the only big difference I saw.

Why would you want to use a password manager? Sounds like you're giving someone else the keys to the kingdom? Well, it might sound that way. The code isn't open source, so we'll just have to take their word for it, but the claim is that they don't even know the passwords you submit. If you want to know more, you might want to watch this video explaining the technicalities. Really though, it improves your security overall. You can automatically generate secure passwords, then not have to remember them because of the automatic fill-in feature that it supports. If you do need to look up the password though, you can do that through the menus. This is handy for when you can't remember these and need to submit them to log in to a mobile app, for instance.

They take a lot of measures to ensure that the data you submit is safe. Could it be exploited in the future? Maybe so, who knows these days? At this point, the weak point that I see is that if someone can guess your master password, then they might be able to take over all your accounts. You can add more authentication steps to prevent this, as well as alerts I believe. So in the large scope of things, it seems pretty safe for the time being.

LastPass logo is copyright 2008-2013 LastPass.
Post a Comment