Securely Synchronize Your Browser Passwords With LastPass

Ads by Google

synchronize passwords It’s hard not to find a website these days that doesn’t require some type of registration or login. With every login of course, there is almost always a password. With the password comes with whatever requirements the website has to improve security.

So after you’ve registered at your bank, your three credit cards, your Facebook, your Digg and your blog, you’re so exhausted with usernames and passwords, you begin using your browser’s built-in “Remember This Password” feature. The problem with using this handy feature is that you’re never required to enter another password again. Remembering all those passwords can be quite hard, unless of course you have a method to create strong passwords that are easy to remember.

Now you go home for Christmas, hop on your parents computer to check your latest stock portfolio, and you spend the next hour trying to recall your password. This is where a program like LastPass saves the day.

LastPass is a Firefox or Internet Explorer browser add-on that stores all of your passwords locally and synchronizes all of them to any other browser (with the same add-on) using 256-bit AES encryption. The only two requirements is one strong password and one of the previously mentioned browsers.

last pass password manager

After going through the incredibly easy flash-based installation tutorial, the application asks for a strong password as protection and then offers the option to import passwords from Firefox, IE, RoboForm, KeePass, Sxipper and a few others.

Once you have all of your passwords imported, they’ll fill all of your identifiable username and password boxes appropriately.

Ads by Google

synchronize firefox passwords

If a site isn’t stored in the database, it will simply ask you to remember the password, as your current browsers already do.

Lastpass password manager

Again, all of these passwords are stored locally. LastPass uses highly sophisticated code to allow this to happen, so nothing sits out in the cloud.

Once stored, the database is easily accessible to view form information if it needs to be modified in any way.

last pass

Along with its great password capabilities, LastPass also includes:

Form Filling

Whether it be for credit card payments or simple site registration, once the they have all the correct information, LastPass takes care of all of the typing.

Password Generation

Generate incredibly strong passwords if you can’t come up with your own.

Site Sharing

Share a site with another member of your family.

Site Logging

Monitor what sites are being logged into, when and where.

As you can see, LastPass has what many of the commercial form fillers, like RoboForm have, plus the added sync capability. The form filling also separates it from password managers, such as PassPack and Clipperz.

If you are already willing to locally store all of your passwords through your browser, you really can’t go wrong with LastPass. It does the exact same thing, in a much more secure fashion.

Again LastPass works in both Firefox and Internet Explorer, on Mac, Linux and Windows.

What are your thoughts? Do you have any better sync solutions? Concerns?

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Mozilla Firefox Fans
Mozilla Firefox Fans
10 Members
Safari Browser Tips
Safari Browser Tips
7 Members
Internet Explorer (IE) Tips
Internet Explorer (IE) Tips
2 Members
Best Mobile Browsers
Best Mobile Browsers
7 Members
Google Chrome Mastery
Google Chrome Mastery
5 Members
Ads by Google
Comments (33)
  • Ski22

    @Prowse. You comments show that you do not fully understand how encryption works and the pitfalls and challenges of implementation. Many people brought up excellent points. Now I’m not saying Lastpass is not safe. But the points people brought up are very valid concerns. I will go though several of them.

    1. Just because the the creators of Lastpass are professional programers, does not mean they will not make implementation mistakes. Implementation is the hardest part of encryption. There are so many attack avenues to be concerned about. And it’s impossible to be 100% sure everything is implemented correctly now and in the future. That is why you see Microsoft, Apple, many other big companies continuously come out with security patches to their software. Because it was not implemented correctly. Fixing security flaws and implementations will be never ending.

    2. Someone had the concern of a master password backdoor. This is very valid. I’m not saying Lastpass has one. But it is very possible. When you program an encryption, you have have it encrypt to both the user’s password, and a master password. The personnel at Lastpass does not need physical access to you computer to unlock your database. A copy of your encrypted password database resides on the Lastpass servers. They have access to everyone password databases on their server, and *if* they programmed a master backdoor password backdoor, then they can decrypt anyone’s password database right from *their* server.

    3. Someone brought up the point where what if there is flaw in a Lastpass software release, and it starts sending data in plain text. Your response was that it was impossiable because it would not be the right length and have the right headers. And it would be rejected. That is wrong on 2 accounts. First, what if the block of data was the correct lenghth and did have the right headers, but the data inside the block was plain test. Unlikely, but very possible if Lastpass accidently implements a new release with this type of bug. Second, even if it did have the wrong record length or wrong header, your local Lastpass still attmepted to send the block of plain text passwords through the internet. Sure the Lastpass server rejected the block, but that was *after* it went through many internet servers in plain text on it’s way to the Lastpass server.

    4. Lastpass is NOT open source. They use *some* open source encryption routines, but the Lastpass program itself is not open source. That is the concern. There is no peer review of what really is in their software and if they have any implementation flaws or password backdoors.

  • tosim

    Will LastPass work with Opera10? And yes, I know Opera has a built-in password manager.

  • Grolo

    I only trust open source password managers.
    Lastpass could have a master password.

    • prowse

      Lastpass IS open source. A master password? To what, your local computer? That is what they would need; access to your local computer, physical access. The ONLY iffy thing that could gum up the works, is if the ONETIME password you make is cracked. The onetime IS stored on their servers for one time use. There is NO “Master” password.

    • prowse

      And, everyone, pls remember, the onetime password is just exaclt that ONE TIME. So, if you login , that is THE ONE TIME. You won’t be able to reset or change any config, because Lastpass asks you for your password AGAIN, but the one time isnt for the session, it is for the ONE TIME. I was curious, tested it, and yes, it is indeed ONE TIME. (I had to say it, because contrary to their website and to popular belief, the onetime password does NOT work through the whole session; the onetime password is so that you can reset or change your account password – that is really all it is good for)

  • Sri

    I use lastpass and love it. But I am still unclear about one aspect of the product, the security it is not explained clearly for a non technical user like me.

    The following is from Lastpass website..

    All sensitive data is encrypted locally
    All encryption/decryption occurs on your computer, not on our servers. This means that your sensitive data does not travel over the Internet and it never touches our servers, only the encrypted data does.”

    I can still go to lastpass website from a public computer and enter my login/password and see all my sites in there. All this takes is someone to know the username and password and you are toast.

    I am not complaining, I know my risks here. I am looking for more info how this encryption is done locally helps me. There is not much info about this on the website.

    • prowse

      To your last point first, there is no way that you will find out HOW the encryption works, unless you learn how to code in the application that made the opensource product in the firstplace.
      .
      .
      “…All this takes is someone to know the username and password and you are toast. …” You mean, of course, to say “Know the username and password OF THE LASTPASS ACCOUNT.” Well, duh, but that’s why you create a whacky gmail name that no one would think of using, and use lastpass’ own password generator to make a difficult to guess password. But, seriously, there is a comment above to a link that shows how to create a secure PASSPHRASE, that no one else but you would be likely to guess. Regarding use of EMAIL for a Login, that is not as secure as a separate USERNAME, impo, but perhaps Lastpass will make that change – it is on their published wish list.

  • x

    Yeah, they say that encryption occurs on the client, and only when that’s done are the files uploaded.

    But what if they have bugs in their software that sometimes causes plaintext data to be uploaded by mistake?

    It’s difficult to implement encryption into a product with no security leaks. How do you know they don’t have implementation bugs?

    I’m not going to go on an open source tirade, but seriously, you have no idea what’s leaving your computer. Even if you use a packet sniffer, can you tell if it’s strongly encrypted, and doesn’t include anything it shouldn’t?

    No, you can’t.

    I, for one, am simply not comfortable using LastPass.

    • prowse

      “But what if they have bugs in their software that sometimes causes plaintext data to be uploaded by mistake?” Because the software on their servers immediately rejects any string NOT long enough, nor any string without proper headers, and asks you to “Try Again”.

      “It’s difficult to implement encryption into a product with no security leaks. How do you know they don’t have implementation bugs?” It’s not difficult when you know what you are doing; their day jobs are as programmers, so they have practice. You would know everything of implementation – it is OPEN SOURCE.

      “I’m not going to go on an open source tirade, but seriously, you have no idea what’s leaving your computer. Even if you use a packet sniffer, can you tell if it’s strongly encrypted, and doesn’t include anything it shouldn’t?” You are on an Open Source tirade. ESPECIALLY if you use a packet sniffer you know EXACTLY what is leaving your computer. As it is OPEN SOURCE, you compare what is going out to what was just encrypted – if there is any difference, then you would have your proof of a compromise, if there are no differences in the outputs compared, then you have proof that there is NO compromise.

      “No, you can’t.” Yes, you can.

      “I, for one, am simply not comfortable using LastPass.” For many, I think you prove you know very little of programming. You obviously don’t work for the competition.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.