Using LastPass

lp-956I recently accepted the position of Secretary in the Twins Cities chapter of the International Information Systems Security Certification Consortium (ISC)2-TC, and in order to send me the passwords for certain online chapter assets, it was requested that I sigh up for the password management product, LastPass.  I have written previously about LastPass, KeePass, and RoboForm as recently as June 16.  These are great tools that so far, I have experimented with but not used.  Now I am registered with LastPass, and the experience has been interesting.

For example, every time I login anywhere, LastPass flashes a message in my browser asking if it should remember this password.  If I say “yes,” in it goes, and the next time I log into that resource, my use and password information are filled in form me automatically.  Got to say it is convenient.  Other useful feature include saving form fill information, which Google has been doing for me already, storing secure notes, such as SSN and drivers license numbers, generating a random password using your own parameters as to length and complexity, updating and sharing passwords (how I got hooked into this), and setting up multi-factor authentication.  Since I use Google Authenticator, I set this up too.  Not as simple as I would have liked, but eventually I got it registered.

So I am still thinking it would be more secure to use the system I have been using to create Long, Complex, Unique and Memorable passwords.  The only place these passwords reside is in my own memory, and if the bad guys get in there, well I may just have bigger problems.  My main objection has been that in the event someone got a hold of my laptop, then with my master password they can get into everything else.  Now, with two factor authentication set up through Authenticator, this is not as serious a problem.  They would have to have my laptop and my phone – not impossible, but this does make it more difficult.

The one word of warning:  LastPass seems to be presenting me with the opportunity to remember my Master Password when I log in.  Under NO CIRCUMSTANCES should you have your computer or browser remember passwords for you, especially with a password manager program like LastPass.  Then the thief doesn’t even need your master password, since your computer is going to supply it for them at startup.

All in all, LastPass appears to have merit, and if you are using it, i would recommend continuing to do so, and if you are considering it, well – get going already!  You can download LastPass from their website.

 

 

 

http://wyzguyscybersecurity.com/should-you-store-your-passwords-in-the-cloud/

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment