Using LastPass

lp-956I recently accepted the position of Secretary in the Twins Cities chapter of the International Information Systems Security Certification Consortium (ISC)2-TC, and in order to send me the passwords for certain online chapter assets, it was requested that I sigh up for the password management product, LastPass.  I have written previously about LastPass, KeePass, and RoboForm as recently as June 16.  These are great tools that so far, I have experimented with but not used.  Now I am registered with LastPass, and the experience has been interesting.

For example, every time I login anywhere, LastPass flashes a message in my browser asking if it should remember this password.  If I say “yes,” in it goes, and the next time I log into that resource, my use and password information are filled in form me automatically.  Got to say it is convenient.  Other useful feature include saving form fill information, which Google has been doing for me already, storing secure notes, such as SSN and drivers license numbers, generating a random password using your own parameters as to length and complexity, updating and sharing passwords (how I got hooked into this), and setting up multi-factor authentication.  Since I use Google Authenticator, I set this up too.  Not as simple as I would have liked, but eventually I got it registered.

So I am still thinking it would be more secure to use the system I have been using to create Long, Complex, Unique and Memorable passwords.  The only place these passwords reside is in my own memory, and if the bad guys get in there, well I may just have bigger problems.  My main objection has been that in the event someone got a hold of my laptop, then with my master password they can get into everything else.  Now, with two factor authentication set up through Authenticator, this is not as serious a problem.  They would have to have my laptop and my phone – not impossible, but this does make it more difficult.

The one word of warning:  LastPass seems to be presenting me with the opportunity to remember my Master Password when I log in.  Under NO CIRCUMSTANCES should you have your computer or browser remember passwords for you, especially with a password manager program like LastPass.  Then the thief doesn’t even need your master password, since your computer is going to supply it for them at startup.

All in all, LastPass appears to have merit, and if you are using it, i would recommend continuing to do so, and if you are considering it, well – get going already!  You can download LastPass from their website.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.