Another look at LastPass
December 9th, 2011 by David Bradley >> 4 Comments
I am giving LastPass another look. They added two-factor security using Google Authenticator to the cloud password locker service, which works for all users even those who don’t have a premium account (premium accounts let you use the password tool on your mobile device).
In 2010, you will recall Sciencetext reported on a slight glitch at LastPass which turned off the company’s loyal users. However, the speed with which the team addressed the issue and its reassurances regarding security persuaded many not to jump ship. I’m afraid I headed for the lifeboats in favor of an offline, as opposed to cloud, password locker in the form of Keepass. The trouble with Keepass is that to integrate it with your browser you need Keefox, which, as the name suggests, works in Firefox. You also lose the cloudiness and have to resort to hosting your password database on DropBox or some related cloud storage to give you access from anywhere. I used to love Firefox, but it’s slow, hangs often and chomps through RAM without ever spitting it back out.
LastPass is still around and working on making password protection even stronger. They introduced two-factor authentication using the Google Authenticator in November so it is worth a second look in conjunction with the speedy and lightweight Google Chrome browser. I am currently re-testing LastPass for throwaway accounts (I still wouldn’t trust my bank and credit cards passwords to the cloud even if there were 100-factor authentication). It is much slicker than Keepass and the autofill functionality makes it a breeze to login very quickly. It cannot cope with one or two sites I use, but I think that’s a site configuration issue and there might be a workaround. LastPass also has a password generator that can be set to almost any level of complexity depending on the demands of a particular site. The company can also audit for free your logins and let you know if any are weak or whether you’re foolishly using the same password on more than one site.
LastPass is available for Chrome, Safari, Opera, Firefox (meh!) and Internet Explorer (why would you?) under Windows, Linux, Mac, Blackberry, Android, and WebOS; in free and premium versions.
"Deceived Wisdom: Why What You Thought Was Right Is Wrong" from David Bradley. Available now on 
Leave a comment ↓
jkue1957 // Dec 15, 2011 at 6:52 pm
Last Pass was hacked, how can you trust a password manager that was hacked- sorry doesn’t make sense.
David Bradley // Dec 16, 2011 at 8:06 am
Perhaps because they were hacked.
David Bradley // Dec 16, 2011 at 8:08 am
Amazon, Google, Sony, hundreds of other companies were hacked…did you abandon all of those? Just because someone breaks in through your front door doesn’t mean you should stop locking your house when you leave.
David Bradley // Dec 17, 2011 at 8:13 am
We publicly addressed these questions when it happened, but…
Bottom line is that we acted out an abundance of caution to protect our users, risking our reputations and our business. We have had 2 types of responses: people that have praised our transparency and feel even more confident about using us and people who no longer trust us. What the latter group doesn’t know is these types of incidents happen daily around the globe, we just don’t hear about them because it is not good for business to let them out.
We have had 3rd party security audits and continue to take steps to improve and reevaluate security everyday.
Bob Billingslea, LastPass
Comment via email