Of all the password management utilities out there, I consider LastPass the most elegant compromise between convenience and security, and if you’re not using it already, I recommend you start. It’s mostly free, plugs into nearly any browser or smartphone and just works.
- Universal: LastPass offers extensions for Firefox, Internet Explorer, Chrome, and Safari on Windows, Mac, and Linux. There are a few gaps (Opera, mainly), but they’re covered in large part by free auto-filling bookmarklets (covered below) and desktop, portable USB apps, and mobile software, offered to LastPass’ premium subscribers.
- Simple: LastPass has a multitude of options, settings, tools, and other knobs to twiddle. If all you want, though, is a better kind of universal password manager that remembers your log-ins, simply install the browser extension, log into LastPass, and let it do its thing. It automatically prompts you to save passwords and form data—though you can turn that off—and fills out username/password fields, with an easy switch to another login name.
- Secure, yet dummy-proof: LastPass uses a single master password to log into your account, sure, and if you lose that, you have to jump through quite a few hoops to get it back. But it is, technically, recoverable.
The short version of LastPass’ safety and privacy setup, and its technology is that the only thing stored on LastPass’ servers is a heavily encrypted bundle of your passwords and the sites they belong to—a form of host-proof hosting. They don’t have the encryption key to your passwords (only you do), and the encryption and decrypting all takes place on your own computer, where a backup copy of LastPass’ records is always kept. If LastPass became evil, or got hacked, the nefarious doers would have to buy one of Google’s server farms to break into its users’ passwords. And the service strongly encourages using strong, secure, randomized passwords with web sites, and it ends the use of insecure password storing by browsers.
Intrigued? Even just a little interested? Here’s how LastPass can make your web browsing, or maybe the browsing of a friend with really weak passwords, more convenient and secure. Go ahead and create an account if you’d like, but LastPass actually recommends creating that account from a browser extension or software download.
The primary means of getting your username and passwords into your web sites. They’re all slightly different, but work basically the same: you click an icon, log into LastPass with your One True Password—making sure not to set your extension to remember that password—and then just go about your browsing. When you hit sites that ask for a username and password that you already know, LastPass will drop down a tiny little toolbar and ask if you want to save them. If you need a new username and password, you can have LastPass generate a random, highly secure couple, save them, and never worry about remembering them again.