Tailored Cyber Security.

LastPass: How It’s Done

I’ve talked about LastPass a hundred times. Every other blog has something about LastPass. However, I’ve heard about how people use it and I’ve also gotten a lot of questions.  So now, I shall do my best to lay out every facet of how to leverage all of the glory within LastPass. Here we go!

First and foremost, use LastPass.

Now that that’s out of the way, we can get into the nitty gritty. Make an awesome master password whether you already have an account or are just creating yours for the first time. This is the LastPass…word you’ll ever need to remember. Get it? So make it a sentence or story or something like CorrectHorseBatteryStaple. You can read my post on password security if you need ideas. This is hugely important.

Ok, off that soap box. The next step is to require multifactor authentication. Woot! Sorry, I like me some good multifactor authentication. Now, the easiest way to do this is actually another tip for using LastPass properly. Download the browser plugin. It is going to make life a lot easier. Now, get after that improved authentication. Pick your poison and get after it. This is honestly one of the biggest improvements you can make in your overall security.

Now that we can log in, a common problem I’ve found is that people still use passwords that they can remember with LastPass. Don’t waste your time. Use their password generator. You can access LastPass from anywhere and at the end we’ll get to ideas for when you can’t. When you use this generator, find out each site’s password restrictions. Notice, I said RESTRICTIONS not REQUIREMENTS. Requirements are minimums, we don’t play that ’round here. For example, if you can generate a 100 character password with any special characters, numbers, caps, etc. then get after it. If a site says you can’t have a password over 32 characters and only certain special characters then you’ll need to compromise. Set the generator’s parameters properly my padawan.

Next step, change all of your internet account passwords and store them here. You can store them first then change the passwords if you want. But the easiest way to do this is to change them as LastPass offers to remember the password for you. From there, you’ll need to dig deep into the depths of your online history and try to find all of your old accounts. Maybe you want to just delete them. This is the most time consuming part but you’ll be better for it.

Finally, you’ve gotten all of your passwords changed to crazy 100 character jumbles, now what? Take the Security Challenge obviously! If you open your LastPass vault from the plugin button you should see the Security Challenge link on the left panel a little past midway down. This will check to see how many sites have the same password, how strong the passwords are, if your email address has been identified in any breaches, and give you a rating. I have a 94% security rating. What’s yours?

Bonus round. What if LastPass goes down, out of business, you can’t access it, or the zombie apocalypse happens and you need your passwords on the run?! Backups people. In the Tools sections of LastPass you can export the entire vault. Decide how important this backup is to you. Do you keep it on a USB stick on your keychain? Do you create a hidden encrypted partition on a discreet drive with hundreds of fake copies of the same file and store it in your safe for which the key is frozen in an opaque ice cube in a hidden nook in a secret freezer?! Your call my friend your call.

There’s even more to you can do with LastPass like custom bookmarklets, onetime passwords, etc. However, this should get you going. Let me know if you’d like more! Also, let me know how you use it and anything I left out.

Enjoy the only tool I’ve found that has broken the inverse relationship between security and convenience.

Leave a Reply