The Complete Guide to Simplifying and Securing Your Life with LastPass and Xmarks
Table Of Contents
If you’re like most people, the keys to your entire life are stored online. Your bank accounts, health records, work files, tax returns, vehicle registration information, and just about every other important document is stored somewhere in the cloud. While this means that you can easily access all of your important information wherever you are, it also means that you have a lot of passwords. And keeping track of all of those passwords is really hard. That’s why LastPass was created.
This guide will take you through the basics and some of the more advanced features of LastPass, from storing your passwords to checking the level of your online security. It will also explain Xmarks, a bookmarking and open-tab-syncing service formerly known as Foxmarks. Between these two apps, you’ll be able to access all of your important information online, securely, no matter where you are! (If you’d like to learn more about the security features of both apps, you can jump ahead to the Security Features section.)
What is LastPass?
LastPass is a password management system —it helps you keep track of all of your passwords in a single place. By entering a master password, LastPass will automatically fill in any password that you’ve previously saved, directly on the page. The benefit of this is two-fold. First, you only have to remember a single password to unlock all of your sites. The huge convenience that this offers is obvious. Another benefit that you might not have thought of, though, is that you’ll almost certainly be safer online. Most people have a tendency to choose passwords that are related in some way, and if someone gets a hold of one of them, it’ll be a lot easier to guess or crack the rest of them. LastPass allows you to choose difficult-to-guess, difficult-to-remember passwords for every site.
What is Xmarks?
Xmarks is an app made by LastPass that does for your bookmarks and open tabs what LastPass does for your passwords. You’ll be able to easily sync your bookmarks between different browsers and operating systems, and you can access the tabs that you have open on another computer. While this doesn’t provide any security benefits, it does make moving between devices a lot easier!
Both LastPass and Xmarks are browser extensions, and are available for Chrome, Firefox, Safari, and Internet Explorer. LastPass is also available on Opera. (They’re also available for mobile platforms; see section 5 for more information about using these apps on the go.)
Installing Extensions For Desktop Platforms
To download LastPass, just go to www.lastpass.com. On the homepage, you’ll see a link that says “Download Free.” Click this link and LastPass will display the recommended version for you (it determines this based on your operating system and your browser). If this is the right version, just click Download and follow the instructions.
If the recommended version isn’t the correct version, use the tabs across the middle of the page to navigate to the correct operating system and browser. Find what you need, download it, and follow the instructions to install.
While you’re installing LastPass, you’ll have to choose a master password. This is going to be the password that unlocks all of your other passwords, usernames, and a wealth of other sensitive information. Don’t make this choice lightly! Make sure that you choose a secure, memorable password that no one will be able to guess. This is the last password you’ll have to remember, after all, so don’t be afraid to make it a bit longer and more complicated than you’re used to. Just make sure not to forget it.
To install Xmarks, go to www.xmarks.com and click Install Now on the homepage. This will bring you to the link for the recommended version of the app. Again, if this isn’t the correct version, you can click “See All Downloads” below the Download button to choose the right one. Follow the instructions to get started.
Once you’ve installed LastPass, you’re ready to get started! This section will walk you through saving your first password, setting up a form fill, adding a credit card, and using the vault.
Adding Site Information
For LastPass to fill out your usernames and passwords automatically, it has to know what they are. Fortunately, it’s really good at pulling your username and password from the page that you’re on and making it easy to save. But if that doesn’t work, you can also add a site manually.
To create your first record, make sure that LastPass has been installed and that you’re logged in (click on the LastPass icon in your browser; if it asks for a password, you’re not logged in yet).
Next, go to a website that requires a username and password. Type in your username and password, and submit them. Once you’ve logged in, a pop-up banner will appear at the top of your browser window asking if you want to save the site. Click “Save Site” and enter the name of the site (and any other information, if you’d like to be more thorough). Finally, click Save.
That’s all there is to it! That record is now saved.
Sometimes LastPass won’t save your login information automatically—this can happen if the page is set up in a strange way or there some sort of coding issue that isn’t letting LastPass access the information. If this is the case, click the LastPass button in the menu bar, then click Tools and Add Site.
Fill out the information in the record that comes up, making sure that the URL and password are filled in at the very least, and your site will be saved.
Auto-Filling Login Information
Filling in the username and password fields on a login page with LastPass is very simple—in fact, it’s usually done automatically. You’ll notice when you go to a page that you’ve saved that your username and password will already be in the correct fields. Just press the login button and you’re good to go.
Sometimes LastPass won’t automatically fill in the information, however (usually this happens only when you disable autofilling from the record view). If it doesn’t, you can click the LastPass icon that appears at the far right side of the username or password field to select the site information that you’d like to have filled in.
You can also use the Show Matching Sites option from the extension menu (accessed by clicking the LastPass icon in your menu bar) to choose which record it should use to fill in your information. Just click on the site information that you’d like to use and click AutoFill.
If all else fails, you can copy your username and password without having to look them up. To do this, open the extension menu, and click Show Matching Site. You’ll notice when you mouseover any of the sites that two icons appear on the right side of the menu: one that looks like two people and one that looks like two locks. If you click the icon that looks like two people, your username for that site will be copied to your clipboard, ready to be pasted into the username field. Clicking the two locks will copy your password—just get your cursor into the password field and paste it in.
Updating Login Information
Almost as important as saving your login information is updating it when it changes. Fortunately, LastPass is really smart when it comes to keeping track of when you change your passwords. If you go to a website and you enter a different password than the one LastPass has stored, it will ask you if you want to save the new site information. Just click “Save Site” (or “Confirm”) and you’ll overwrite the old password with the new one.
You can also save the new password in a new record—for example, if you have more than one account on a specific site. Just select “Save as New Entry” and you’ll now have two options next time you want to log into that site.
Of course, you can always manually update the information for any site by opening up the vault and editing the record (see the following sections for instructions on how to do it this way).
A LastPass Record
The most basic item in LastPass is a record.
Each record contains the following fields:
- URL: the address of the site that you want to sign into (this can be a specific login page or the top-level domain).
- Name: the name of the record (usually the name of the site).
- Folder: the group that the record belongs to (this is optional).
- Username: the username used to sign in.
- Password: the password used to sign in.
- Notes: you can store any notes you like here; if you have an extra PIN or a security question, this would be a good place to record it.
There are also some check boxes at the bottom of the screen.
- Favorite: adds the record to your favorites group to make it easily accessible.
- Disable AutoFill: LastPass won’t automatically enter your information when you go to the site.
- Require Password Reprompt: you’ll need to re-enter your LastPass master password before you can use the autofill and auto-login features.
- AutoLogin: LastPass will automatically fill in the username and password, as well as log you in.
The URL field is always automatically populated, and the username and password fields are almost always filled in when you save the record for the first time. If you see that they aren’t filled in when you save the record, you can go back and edit it later.
There are a few more useful features available on the record page. First, you’ll notice that the password isn’t in plain text; it’s in a protected format. If you want to see the password, you can just click on the eye in the password box to reveal it. Second, there are links to your username and password history, both of which can be useful if you’re going to be changing your credentials. Next, you’ll see a bar under the password field that goes from red on the left to green on the right. The further the bar goes to the right, the more secure your password is. An extremely secure password will have a bar that goes all the way across the password field and ends in a bright green color.
Finally, you’ll see that there’s a link for sharing the record, which we’ll come to later.
So how do you access your records? Through the vault.
The vault is the primary screen from which you manage LastPass. From here, you can launch a site, add a new record, edit a record, and manage your identities and form fill profiles. To open your vault, just click on the LastPass icon in your browser and select “My LastPass Vault.” If you’re on a browser that doesn’t have the extension that we installed above, you can go to LastPass.com and sign in from there—you can get to your vault that way, too.
In the vault, you’ll see a list of all of your sites in alphabetical order (or organized in folders, if you choose to do that). To launch a site, just click on the name of the record. If you want to edit the record (or just see your password in plain text), click on the pencil to the right of the record. There are also links to share and delete your records.
Organizing The Vault And Finding Records
The default organization of the vault is to have all of your sites alphabetized in a big list. It can take quite a while to find a specific record if you’re scrolling through a list of hundreds! Fortunately, LastPass also includes a search bar that gives you real-time results as you type. If you want to find the record for Facebook, just typing “fa” in the bar should be enough to help you find it.
If you want to be a bit more organized, you can add folders to keep your records in groups. This can be useful if you want to find a record that you don’t remember the name of, but you have an idea of what kind of site it is. It also makes it a bit easier to launch sites from the extension menu.
To put a record into a folder, go into the record editing screen and type the name of a folder in the Folder field. If you haven’t created a folder with that name yet, you can create a new one this way. If you’re putting the record into a folder that’s already existing, you can use the dropdown menu to see a list of folders in your account.
Another way to organize your records is by using identities, which provide access to only certain sets of records. See the Identities section for more details.
The Extension Menu
While the vault contains the full functionality of LastPass, you’re more likely to be accessing what you need from the extension menu, which you can access by clicking the LastPass button in your browser. You can use almost all of the features of LastPass from this menu, and there are links to the vault for everything else.
Let’s go through each option, one at a time.
- Search bar: allows you to search for records, just like in the vault.
- My LastPass Vault: opens the vault in a new tab.
- Sites: opens a list of all of the records stored in your vault, and allows you to launch the site or perform other useful actions, such as copying the username or password of a specific site.
- Form Fills: opens a list of saved form fills and links to the vault.
- Generate Secure Password: generates a new password according to the options you choose.
- Secure Notes: opens a list of secure notes that you’ve saved in the vault.
- Show Matching Sites: displays a list of records that match the URL of the page that’s currently open.
- Recently Used: displays a list of recently used records.
- Tools: allows you to run a security check, manage identities, and perform more advanced tasks.
- Preferences: opens the preferences pane in a new tab.
- Help: opens the LastPass helpdesk in a new tab.
- Logoff: logs you out of LastPass.
Form Fill Profiles
In addition to saving your usernames and passwords, LastPass will also save the information that you use to fill out common forms, saving you a lot of time when you’re entering shipping information or contact details.
To add a new set of contact information, click on “Form Fills” in the extension menu and select “Add Profile.” A new tab will open containing a number of blank fields for you to fill in—things like name, address, phone number, e-mail address, gender, and birthday. If you save this information, LastPass will be able to automatically fill it in next time you need it.
You can also save a default credit card or bank account in this profile so you don’t have to choose which card you’d like to use next time you need one.
Many people, however, use a number of different credit cards. LastPass lets you choose the one you want to use to fill forms, giving you the flexibility to use whichever card you want (this is really useful if you have credit cards registered in different countries, or if you use different cards for different types of purchases).
To add a new card, just go to Form Fills and select “Add Credit Card.” Fill out the required information and hit Save.
Once you’ve saved a profile, filling out forms is easy. When you see the “fill form” button in a field, just click it and select the profile (or credit card) you’d like to use to fill the fields on the page. If you’ve saved a default credit card in your primary identity, you can fill in your credit card information, shipping address, and billing address in a single click.
If you don’t see this button, you can always click the extension menu, click Form Fills, and select the profile or card you’d like to use.
LastPass is a great security measure, because it allows you to have a lot of different passwords for your sites, so if a site gets hacked and someone gets a hold of your password, they won’t be able to use it to get into any of your other accounts.
But this doesn’t do you any good if you use LastPass to save a bunch of similar, low-security passwords. Fortunately, it can do the hard work for you and come up with a randomly generated secure password. When you’re asked to enter a new password on a page, you’ll see the “generate password” icon in the password field.
Click that to open up the password generation box. You can take the first generated password, or change the settings—you can choose the number of characters, whether or not special characters are used, whether the password should be pronounceable, the types of characters that are used, whether to avoid ambiguous characters, and whether to require all character types (most of these are found under the advanced settings).
You can also access the password generator through the extension menu. And, of course, you can always come up with your own strong passwords and use those.
If you share any of your accounts with other people—whether it’s your bank account with your spouse or your Netflix account with your roommate—you might want to share your login information. LastPass makes this easy.
To share a record, the person you’re sharing with needs to use LastPass (if they don’t, they can sign up through the e-mail that they’ll receive when you share an item with them). When you’re in the vault, click on the share icon next to the record you’d like to share. In the dialog box, you can select either “Share,” which won’t reveal the password to the recipient, or “Give,” which will show them the password. (It’s important to remember that even if you select Share, it’s possible that the recipient will be able to discover what the password is.)
Once you’ve sent the e-mail and your recipient has accepted it, they’ll be able to use the shared password just like any other password in their LastPass account.
To review the passwords that you’ve shared, just go to the Shares tab in the vault.
In addition to storing your passwords and form fill information, LastPass can also securely store notes—this is great for keeping things like passport numbers, insurance information, financial details, or anything else that you always want to have on hand, but don’t want to keep on a piece of paper in your wallet or purse.
To add a note, just click on “Secure Notes” from the extension menu and select “Add Secure Note.”
The note interface is quite simple: just add a title and some text, and hit Save. If you want to add more details, you can select a note type, which will add a number of fields that are relevant to the type. For example, if you select Software License, you’ll be able to enter the license key number, version, publisher, support e-mail address, number of licenses, purchase date, and other useful information.
You can also create folders for notes; just like with site records, you can choose a folder from the dropdown menu or add a new one by typing it into the Folder field. You can also leave the field on the default value, Secure Notes.
Finally, you can add attachments. Use this option to add scanned documents, photos, or screenshots—anything you think might be useful. You can even use secure notes to store your grocery list so you can access it from your phone!
To read your notes, just select Secure Notes from the extension menu or the vault and click on the one you’d like to read.
While you can store any number of things in your vault—site records, form fills, credit cards, notes—you might not want to have them all accessible at any one time. For example, you might want to limit yourself to only work-related sites at work, just to reduce the clutter in your browser. This is what identities can do for you.
After creating a new identity (you can do this from the extension menu by clicking Tools -> Identities -> Add Identity), you assign however many sites, form fills, and notes you’d like to that identity by clicking and dragging the items that you’d like to have available. Then, when that identity is active, it will only be able to access those items.
Another good way to use identities is to create an identity for each person in your house; that way, your kids or your spouse can add as many sites as they want without cluttering up your vault.
You can have as many identities as you want—if you want to have three for home, work, and vacation, as well as one for your spouse and two for your kids, all you need to do is create them and make sure everyone knows how to use them properly.
One thing to note: using identities isn’t a good way to add security to your account. If you don’t want other people in your house to be able to see your sites, it’s best to create separate LastPass accounts.
Xmarks, like LastPass, is quite easy to use. Let’s take a look at how to get your bookmarks into Xmarks, sync them, and deal with any issues that might come up.
Once you’ve downloaded Xmarks, you’ve done the most difficult part. Really! To get your bookmarks uploaded to the server, just run the installer. It’ll walk you through the upload process for the browser that you’ve chosen. If you’ve signed into Xmarks before, you’ll be asked to make a couple decisions, such as whether you’d like to sync bookmarks on your computer and the server or to overwrite one or the other (I recommend merging the two).
That’s it! Once you’re done with the installation process, your bookmarks will be synced and available wherever else you’ve installed Xmarks.
If you regularly use two more browsers, you’ll need to download the correct version of Xmarks for each. Just run the installer and sign into each version that you need.
Once Xmarks has been installed—and if you’ve chosen to pay for a premium account—it will begin automatically monitoring the tabs that you have open in each browser that it’s running in. To open a tab that you’ve been using on another computer, just click the Xmarks logo in your menu bar and select “Open Remote Tabs.” You’ll see a list of the tabs that are open, sorted by the computer on which they’re running. Click on the name of a tab and it will open in your current browser.
Xmarks is a really simple app, so there aren’t many settings. However, you can customize your experience a bit by clicking on Xmarks Settings in the extension menu. From the settings pane, you can manually run a sync; choose whether you want to sync bookmarks, open tabs, or both;
enable automatic synchronization (recommended); and manage profiles. You can also access some advanced features that will be covered in following sections.
Like identities in LastPass, profiles allow you to sync only a specific set of information. You might not want all of your online shopping bookmarks to show up on your work computer, for example.
To create profiles, just log in to your account at login.xmarks.com. Click on “My Bookmarks” and select “Sync Profiles.” You’ll see that Xmarks comes with two built-in profiles: Work and Home. By default, both profiles have access to all of your bookmarks. To remove bookmarks from a profile, just uncheck the box next to the folder that you want to remove from that profile.
You can create and delete as many different profiles as you’d like, letting you share your bookmarks between your computers and even between family members or friends. To select a profile, just go into the Xmarks settings, select the Profiles pane, and click “Change Profile.” You’ll be prompted for your password, and then you can select whichever profile you’d like.
Restoring Old Bookmarks
Xmarks backs up your bookmarks for three months (or longer, if you’re a premium member), allowing you to restore ones that you may have deleted by accident, or if something catastrophic has happened to your current bookmark database.
To view your backups or restore them, sign into your account on www.xmarks.com and click on “My Bookmarks.” Under Tools, there’s an option called “Explore & Restore Old Bookmarks.” Click this, and you’ll see a list of your backups. To see a full list of the bookmarks in a particular backup, click the radio button next to the backup and then click “View” in the menu. You’ll see all of your bookmarks, separated into folders.
After viewing a backup of your bookmarks, you can choose to overwrite your current bookmarks with the ones from that backup by clicking “Restore” in the menu.
Sometimes things can go wrong with your bookmarks—for example, if your connection gets disrupted in the middle of a sync. If this happens, the recommended way of fixing your bookmarks is to select “Repair Bookmarks” from the Advanced tab of the settings pane.
Choosing this option will download all of the changes in your bookmarks from the Xmarks server, but won’t affect any of your unsynced local bookmarks. If something goes wrong, this is the easiest way to try to fix it.
Manual Upload / Download
If the bookmark sync isn’t working properly, and the manual repair option above didn’t help, you can force an upload or download of your bookmarks, overwriting other data. By selecting “Upload bookmarks,” you’ll send the bookmarks from your current browser to the Xmarks server, overwriting any saved bookmarks. If you click “Download bookmarks,” you’ll download all of the bookmarks on the server to your current browser, overwriting any that you’ve saved locally.
Being able to sync your passwords, bookmarks, and tabs between browsers on different computers is great, but where it’s perhaps most useful is while you’re on the go. Syncing this information from your various computers to your phone or tablet is one of the best features of LastPass and Xmarks. Both apps provide support for Android and iOS devices. There are also standalone apps available in the Windows Store, so you can keep everything synced if you’re using Windows 8 .
If you decide to purchase a premium subscription (see section 7), you can download the LastPass Password Manager app to your Android phone, iOS device, Blackberry, or Windows Phone, allowing you to access your vault and retrieve your passwords. This is great if you can’t remember the passcode for your voicemail, you need your credit card information, or you just can’t remember the password for a website, especially if you aren’t on a computer where you can access LastPass easily.
While you can integrate LastPass and Xmarks with other mobile browsers (see below), the simplest way to access this information is by using LastPass’s built-in browser. After opening the app, you’ll be prompted to sign in, and you’ll see your vault. Just tap a site to launch it in the browser.
The menu allows you to take a look at your vault and launch other sites, create new entries, or edit existing entries, just like the desktop version of the app.
While this is the simplest way, it’s almost certainly not the best. The LastPass browser is sub-par on most levels, falling behind other options in almost every category, including speed, ease of use, design, and compatibility with other apps.
To use Xmarks on an Android phone, iOS device, Blackberry, or Windows Phone, all you have to do is download the Xmarks application from the App Store or the Google Play Store. Once you’ve downloaded it and signed in, your bookmarks will be synced and you’ll be able to access them in Safari or Chrome.
You can also launch bookmarked sites and open your remote tabs from within the Xmarks apps.
Other Apps That Work
In addition to LastPass’s native browser, there are a number of other apps that provide integration with the service to let you access your LastPass vault and form-fill information and your Xmarks data while you’re browsing on your mobile device.
Dolphin is a free, highly customizable mobile browser that allows you to download add-ons to increase its functionality. One of those add-ons is LastPass; by installing the add-on, you’ll be able to access your vault and automatically fill in usernames, passwords, and form-fill information.
To install the add-on, search for “LastPass Dolphin” in the Google Play store—once you’ve found the app, just tap “Install”—it’s free. Now, when you open up Dolphin and go to the Add-Ons menu, you’ll see LastPass for Dolphin Browser listed. Just tap it and use your sign-in information to get started.
After you’ve logged into LastPass, you’ll be able to fill in any information you’d like by simply going to the Dolphin menu, tapping Add-Ons, and tapping LastPass for Dolphin Browser. A pop-up menu will appear, and you can select the same options as you would on your desktop browser: Autofill, Fill Forms, My LastPass Vault, and so on.
You can access Xmarks in the exact same manner: download Xmarks for Dolphin Browser from the Google Play Store, open the browser, and go to the Add-Ons menu. Select Xmarks for Dolphin Browser and sign in with your log-in information. Your bookmarks will be synced automatically, and you’re set to go!
iOS: iCab Mobile
iCab Mobile ($1.99) is a mobile browser for iPhone and iPad
—and, while not as customizable as Dolphin, it does provide built-in LastPass integration. After downloading iCab Mobile, open it up and tap the Settings gear on the right side of the menu bar. Select Services and LastPass, and you’ll be prompted for your log-in information. Sign in with your LastPass username and password.
After you’ve signed into LastPass, you can use it just like you would on your desktop. To access the LastPass menu, just tap the four-star icon on the right side of the menu bar. You’ll see some of the familiar options—Fill for Account, Save Forms, Logout, and a link to the LastPass Web Site.
iCab Mobile doesn’t provide support for accessing your vault directly in the app, so if you want to edit entries or look at your secure notes, you’ll have to log into the web interface of LastPass by tapping the link LastPass in the menu, accessed by tapping the four-start icon. (For more information on using the web interface, see below.)
Unfortunately, iCab Mobile doesn’t yet have any support for Xmarks. However, iCab does offer import and export of bookmarks, and as well as sync capabilities for Dropbox, Firefox, and iCloud. One of these options should allow you to sync your bookmarks.
A bookmarklet is a bookmark that executes a piece of code when you use it. You can create a bookmarklet in the mobile versions of Safari and Chrome that will allow you to use LastPass. While it’s a bit more difficult to get set up and doesn’t provide as much functionality as using one of the above methods, it’ll work in a pinch and will let you continue using your favorite mobile browser, if you feel strongly about Safari or Chrome.
The easiest way to add a bookmarklet to your mobile device is to create it on your computer and sync it to your device (Xmarks makes this quite easy). To create a bookmarklet on your desktop browser, sign in to LastPass and click on the drop-down menu in the top-right corner. Select “Bookmarklets.” The resulting pop-up will explain exactly how to get the three different LastPass bookmarklets into your browser.
Installing bookmarklets directly on your mobile device is a bit complicated, and differs significantly depending on the app that you’re using, so it’s best to look up instructions on the LastPass Bookmarklets page. There are instructions for different apps and videos for setting up and using bookmarklets.
Because all of the information that you enter into LastPass is stored in the cloud, you can access it via the web interface from any computer at www.lastpass.com. This is really useful when you’re using a public computer or a friend’s computer and you need to log in to a website or fill a form that you don’t remember the details for.
To access the web interface, head to www.lastpass.com and click on Sign In in the top-right corner. Enter your username and password, and you’ll be brought to an online version of your vault. From here, you can do all of the things that you can do from the vault in your browser. Just click a site to launch it, hit Edit to get detailed information, and so on.
You can also access Xmarks online; just go to www.xmarks.com and click Log In in the top-right corner. After logging in, click on “My Bookmarks” in the menu bar, and you’ll be presented with a full list of your bookmarks; simply click one to launch it in a new tab.
Because passwords are your first line of defense when it comes to online security, they’re a really important part of your overall security precautions. Using LastPass lets you use a different, randomly generated password for every website, which goes a long way toward having a high level of security. But the app includes a few features that will help you be even more confident in your security.
LastPass Security Check
The LastPass security check gives you a high-level view of how secure your passwords are online. It shows you the number of duplicate passwords you have, the strength of each password, and an overall security rating presented both as a percentage score and as a worldwide ranking. It now includes a section on which sites have been affected by the Heartbleed bug and whether you should change your password now or later. Finally, you’ll be given tips on how to improve your score.
By running the security check on a regular basis and trying to improve your score each time, you can make sure that you’re always as safe as possible online (at least when it comes to passwords).
To start the security check, click on Tools in the extension menu and select Security Check. You’ll be prompted for your LastPass master password—enter it, and the security check will start running.
When the security check is done running, you’ll see a number of statistics, the main one being your overall security score. Obviously, trying to get this number as high as possible should always be your goal, but if you score over 90%, you’re doing a great job of choosing secure passwords for all of your sites.
The best way to improve your score is by removing duplicate passwords. If you scroll down the page a ways, you’ll see the section that gives you a score for each of your passwords. If you have duplicates, they’ll be grouped into a section with a red header bar. By changing these passwords, you’ll improve your score. You can also change the passwords that get a low security ranking—anything below 50% should be changed as soon as possible.
Finally, you can enable two-factor authentication to further increase your score. (See below for more information on two-factor authentication and LastPass.) There are also a number of other settings that affect your score—not requiring a password on your mobile device, for example, lowers your score, as does storing your vault offline (though the convenience of storing your vault may very well outweigh the security benefits of storing it only in the cloud).
Require Password Reprompt
If LastPass is always open and available on your computer, anyone with access to your browser will be able to log in to any of your sites using your information. To minimize the risk of this, you can tell LastPass to automatically log you off after a certain amount of idle time. Setting this to a very low value will make your passwords more secure.
On your phone, there are similar settings in the LastPass app; you can choose to log out of LastPass immediately upon closing the app, or after a certain period of time. The Dolphin and iCab Mobile extensions, unfortunately, do not provide this functionality. If your phone and tablet are secured with strong passwords, however, this might be a negligible risk.
Another situation in which you can require a password reprompt is when using specific form fills. When you’re editing the form fill, you can select the “Require Password Reprompt” checkbox—now, whenever you try to use or edit that form fill, you’ll be required to type in your master password. This is a good way to make doubly sure that your credit card or other sensitive information stays safe.
When you’re prompted for your master password, you can choose to not be reprompted for a while—this is useful if you’re going to be doing a lot of online shopping or repeatedly filling out similar forms. Just use the dropdown menu in the password reprompt dialog to choose how long LastPass should wait before asking you for your master password again.
With a number of high-profile breaches of security in the news lately, the importance of two-factor authentication can’t be overstated. If you’re not familiar with two-factor authentication, the premise is simple: instead of proving your identity by just entering a password, you also need to do something else to prove that it’s you.
To enable two-factor authentication in LastPass, open your account settings by going to www.lastpass.com, selecting “Settings” in the menu on the left, and clicking on the “Multifactor Options” tab. From here, you can choose to use YubiKey, Google Authenticator, Toopher, Duo Security, or Transakt as your secondary authentication method.
If you don’t currently use any of these, Google Authenticator is a good one to use, as you can download an app to your phone that will create a time-based authentication code, meaning that you can use multifactor authentication even when you’re offline (which some of the other methods don’t offer).
Whichever method you choose, you’ll be walked through the process by the website.
Both LastPass and Xmarks provide encryption options to make sure your data stays secure. And while no security system is going to be totally foolproof, LastPass does take its data protection very seriously.
LastPass employs AES 256-bit encryption, a highly trusted and very secure encryption system. It’s even been approved for top-secret-level data in the United States government. In addition to this very secure standard, all of the encryption and decryption takes place on your computer, so the LastPass servers only ever receive encrypted data, meaning that even they don’t know what your passwords are.
Xmarks isn’t as forthcoming with its encryption capabilities, but the Xmarks settings do give you two options for encryption: login only and encrypt all. By choosing to encrypt all, you’re going to get the best security Xmarks can offer. While it’s probably not AES-256, it should be enough to protect your bookmarks. And Xmarks data isn’t encrypted on your computer, meaning that if someone were to gain access to the Xmarks servers, they’d be able to read your bookmarks.
Both LastPass and Xmarks can be used completely free of charge, but they both also offer premium versions at $12 per year. Many people happily use the free versions, but you might be wondering whether or not it’s worth spending a bit to go premium. Let’s take a look.
One of the deciding factors for a lot of people in whether or not they should invest in a premium membership is that mobile access to LastPass and Xmarks is only provided to premium customers. This means that if you have a free plan, you won’t be able to log into the LastPass apps or the LastPass extensions for Dolphin or iCab Mobile.
If you’re heavily dependent on LastPass to help you remember your passwords, this can make the decision a no-brainer. You can always look up your login information on the LastPass website using your mobile browser, but this takes time and a lot of typing. It also doesn’t autofill anything for you. If you don’t do much mobile browsing, this isn’t a big deal, but if you ever do any shopping or financial things—or log into any other service—from your iPad or your phone, it’s probably worth getting a premium membership.
LastPass can also fill in app login information on Android, making it even more useful.
Premium members can also use more advanced features of LastPass on the go, such as LastPass Sesame, which allows you to use any USB drive as a second method of authentication, and LastPass Pocket, a full copy of your LastPass information on a USB drive.
Accessing your bookmarks on the go with Xmarks will require that you pay for a premium subscription—if you choose to stay with a free one, you’ll only be able to access them online. How much this is worth depends very much on how much mobile browsing you do.
The free version of Xmarks will sync your bookmarks across computers and online, but only the premium version will allow you to sync open tabs.
The premium version also gives you the ability to backup and restore your bookmarks for a longer period of time than the standard three months, though the Xmarks website doesn’t offer any information on how long that actually is.
LastPass is partially supported by ads, and if you stick with the free version, you’ll see some of those ads. They aren’t hugely obtrusive, but if you’d rather not have them, you’ll want to upgrade.
As a premium member of LastPass or Xmarks, you’ll get priority support, so when you submit a support ticket, you’ll get a faster response. There aren’t any guaranteed response times or even guidelines on how much faster you’ll get help, but if you can’t access your passwords, even a few minutes faster might be worth it!
All in all, it’s almost always a good idea to sign up for LastPass premium. Xmarks isn’t as crucial, but it does provide a few nice features. Fortunately, both of them are quite cheap. At $1 per month each, that’s only $24 per year for both, which is definitely less than you spend on coffee. These apps are dirt cheap.
To make them even cheaper, you can sign up for the premium bundle, in which you get premium access to both LastPass and Xmarks for just $20 per year. It’s hard to say no to this price for two extremely useful apps that will make your life easier.
LastPass and Xmarks are two fantastic apps that really help you to manage your online life. By taking care of your usernames, passwords, bookmarks, and open tabs, you can spend your brainpower thinking about more important things, like how to spend all of the time you’ll save by not having to dig through a big pile of Post-It notes for your usernames and passwords!
Whether you decide to go with free or premium versions, both apps will help simplify your online life, and LastPass will do its best to help you stay as secure as possible. Don’t miss out on these services—try them out for free, and support the company if you like them!
Guide Published: July 2014
Cover Art: Azamat Bohed