Last Pass – a Review

I was noticing that one of our best posts is Holly’s review of glasses.com (which is indeed a fantastic service), and I was thinking that there are other specific services that we use that could be recommended. One that I think deserves some review is Last Pass.

Last Pass is like a number of products out there, I suppose, as a password-keeper service. Holly and I had heard about Last Pass a while ago, but the inertia to change your passwords is pretty extreme. I mean, do you even know how many passwords you work out of?

Then Heartbleed happened. Suddenly, it was necessary to change all of our passwords. It cut through the inertia, and it was time to check out Last Pass. Their name comes from the thought that it will be the last password you ever have to remember. How true has that turned out to be? Read on for my review of this service: Last Pass!

Last Pass

Setting Up Your Passwords

So the first thing I suppose is setting up an account. They have free accounts, which is very handy for, well, everyone. I set up a pretty long password – 14 characters – and away you go. It installs into your browser – all your browsers – so that it can be active as you browse the Internet.

To really see what Last Pass is up to, go to a website with a password. When you log in, it might ask to save the site… but not yet. Go into the management, and go to change your password. 

Depending on your browser, the next part can work a little differently. I have tried it in Firefox, Safari, and Chrome, and I have to say I like Chrome best for use with Last Pass. I put the work into setting up my account and settings just the way I like it, turned on the sync, and I have a new favorite browser…

However it works, though, what you want to do next is have Last Pass generate a new password. You might get the little Last Pass button next to the password field (start getting used to this… you will see it all the time), and then clicking it gives you the menu. Or, from the Last Pass button up in the menu bar, and select generate password.

This should fill in a password – with specifications you set, like length or special characters – not only in one password spot, but in the usual two spots. Then you click and go! New password set.

But wait! There’s more. It will probably offer to save this site and password. We found that to be unhelpful when you first change your password. Then you’d just be saving the account maintenance page. What you want is the main login page. So log out of the site, and then go back to its main page to sign back in. With the little Last Pass button, pull up its history – which should include a “saved password” for this site. Click to add it, and click to save this site. With user name, password, and site domain all mapped together, you should have a perfect save of the site for future use.

You should be able to get in, and to test it, you can log out then back in to try. Then, you can continue on your merry way and start changing more passwords!

Initial Reactions

So, with Heartbleed being what it was, and with us wanting to change just about all of our passwords because of it – either because they had been vulnerable, or because they used a similar password to a site that was – we made up a list of sites that we wanted to change passwords for.

The list was huge.

If you don’t believe me, try making a list of your own. Bloggers especially – think about it. You have your emails. If you’re like me, you have far more of those than you need. Then you have important essentials to protect securely – your financial sorts of sites. Banking, tax preparation, things like that. Then you have your personal identity type stuff – social media. As a blogger, I have WordPress and Tumblr, which are nice with one login. Then there’s Twitter (I have 3 accounts), Google+ (changed with the emails, that’s nice), Facebook (one password as well)… Then there’s stores. Amazon, the works. Then there’s utilities. Gaming sites. Entertainment like Hulu and NetFlix. It really adds up.

And there’s two of us… so double almost all of it.

We had a few really, really annoying nights as we worked through our list of sites. At first, getting that order of operations down – where you were saving the proper site location, the user name and password, is not the easiest thing, and certainly not one to skip a step really or rush through. It’s methodical work.

And it gets trickier with repeated sites. For me, the biggest trouble was Google. I have three Google accounts. Getting properly logged out of them, and then getting in to the other, changing the password, and saving the site as the appropriate user name and password combo… I reset those passwords a lot of times in that process.

So at first, we were really annoyed, and really hoping it was worth it. Some of that frustration was with Heartbleed, to be fair… it was what made us do it. We likely would not have done as much as we did all at once without a need like that. 

Thoughts Over Time

Now it’s been a couple of months, so what do we think? There are a couple of aspects that we are really liking that are worth mentioning.

One is that there is a paid account option, a “Premium” account for $12 a year. With this Premium account, what we got out of it that we wanted was the ability to share passwords. For the things that aren’t duplicates, like Utility sign-ins and TurboTax, we have them shared so we both have easy access to them. Yes, I suppose we could have just manually entered them, but it’s nice to have them add and update in real time. Also, paying money in should help Last Pass survive – something we need to have happen to keep our passwords secure in their hands!

Thanks to our shared access, I have now signed into websites I had never signed into before – like our Internet utility, to check where we’re at with our downloads limit.

Another thing they have is an App, and having the App is essential. For one thing, you can’t really just log into a site whenever and wherever you want anymore – you won’t know the password! I mean, you can see them and try to memorize your crazy random passwords, or you can still do manual passwords and save them. But that’s not the point, right? Only one password to remember!

When you need to log into a site on a different computer, or say when you’re logging back into things like Hulu on an Apple TV or X-Box (we had to do this to keep some things working once we changed passwords!) you can pull up the password real quick through the App. Just log in to Last Pass, find the password you need, and click view. It can be clunky to type a random password, but it’s secure!

Oh, and from your phone or tablet? You can load up your Last Pass App, click “copy password” and then just paste it on a site or other App! Yeah, it’s not quite as seamless as it is from within a browser, but it gets the job done nicely! And for most smart phone apps, it keeps you logged in if you sign in once – I really only use this process regularly for my banking sign-in and for Amazon.

Overall, once the passwords were set up, this is a great service. Past the headaches of setup, it’s been really stable, easy to use, easy to access, and secure. I am actually finding it a great way to quickly switch what account I am signed into, like with Twitter – sign into one, check up on things, sign out, and Last Pass knows how to sign you into other accounts!

Whoa, I said a lot about this. Definitely worth a try, and if you’re thinking about a password manager, Last Pass is a good way to go!

Advertisements

5 responses to “Last Pass – a Review

  1. WHoa! This is why I’m a late-adopter. Thank you for doing all the work so people like me don’t have to!

    Like

    • Haha! We had family who used it and had recommended it, but changing ALL of our passwords just seemed like so much! And it was. But now they’re all different and crazy random, so we feel really secure.

      Hope my advice helps if you’re thinking about a password manager!

      Like

  2. This made me laugh. I understand the pain. So many accounts. No one to trust with all the original, secure, random passwords.that only your own brain can decipher because mnemonics.

    I know you aren’t supposed to write them down. But mine cover an entire index card and also carefully hidden on a photocopy of the index card in my office. No other way to keep up with them.

    I just can’t bring myself to trust a service with all my secure passwords that I spend an entire day coming up with every six weeks. Just can’t do it.

    *waves* Hi Katey!!

    Like

    • I’ve read that, for security, having all your passwords written down – but then random and different from one another – is far more secure than using the same few, maybe secure, passwords that you remember off the top of your head. With them written down, your main risk is people in your home. A couple of people. With them online, the risk can be any number of hackers on any number of websites!

      Do you have your browsers keep you signed in, or save the passwords there? I feel like there’s not a lot of difference between that and a password manager. I guess the cookies are local to your computer, but still…

      Like

      • I never save passwords in the browsers, but I do have them keep me logged in.

        And yes, writing them all down is more secure, I think. Especially if you write them in such a way that it’s really difficult for anyone other than you to associate the passwords with the correct accounts.

        Having a few that you remember means that you’re using the same few for multiple accounts, if you have as many accounts as me. That’s bad, because if one account is compromised, every account with that same password is also compromised.

        Like

Don't Feed the Trolls....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s