LastPass – Your Password Personal Assistant

I received a letter in the mail the other day from a cigar store that I’ve bought cigars from in the past. This letter was a little unsettling, and not the first time I’ve received a letter like this. It informed me that there had been a data breach with the company the cigar store uses to process their credit cards.

The letter went on to detail the information that had been stolen, and to inform me that, as an apology, they were going to provide me with a six-month membership to a service like LifeLock. So right now you’re asking yourself, what does this have to do with me? Well, let me tell you, I have my own ‘secure’ backup; I use a number of sites and services to let me know if there’s a problem with any of my passwords.

Every few months, I get an email telling me that one of the sites that I have a username and password on has been compromised. I think that most people would be really surprised to find out how often that happens. And more than that, how often it happens when your information is involved.

More often than, not the company does not bother letting you know. As a matter fact, have you ever received an email from a company with which you have an online account, requesting that you change your username and password? Their reason is usually they’ve changed something about how you login and you need to reset your username and password. What that usually means is, “We had a data breach and we don’t want to tell you about it.”

Probably close to two decades ago, I started using a program that was really more about automating the form-filling process then it was about password security. That program was called RoboForm. It was awesome for somebody like me, who does a lot of purchasing online. RoboForm just made it so much easier to set up new accounts on new websites, and to fill out your shipping and billing addresses. And then, about ten years ago, I stumbled upon LastPass and I felt it was a great improvement over RoboForm.

Let me tell you some of the benefits that you can get from using LastPass. Most people have one or two passwords that they use for every site they go into, so they can remember them. The problem with that is that when you get a letter like the one I received, the prudent thing to do is to go and change that password on every site you use.

That would be a heckuva task for me, and probably for you as well. Do you even know every site that you’ve ever put your username password into? Without one of these tools, I never would. With data breaches becoming more common, the security gurus tell us that we should have a different password for every site we use. I know I couldn’t remember that many passwords--I don’t think I could remember half that many passwords!

So I use LastPass.

I created one 20-character master password, and that’s all I really have to remember. LastPass remembers the rest of them—and now, they’re all long and crunchy. I have a friend who was one of those security gurus; for most of the past few years, he’s been doing Internet security for Caesar’s Palace Las Vegas. So he probably knows what he’s talking about. He’s the one who told me that a 20-character password is one that, as of today, is uncrackable. But remember, we’re not worried about somebody cracking or hacking our password; we’re worried about somebody hacking a data system that has our password.

Here’s how it works. After installing LastPass in the browser extensions, you go to a website that you have an account on--such as Amazon.com--and you login just as you normally would. LastPass recognizes that you typed in a username and password, and asks if you would like to save that username and password combination. If you say yes, there are a few more settings you can tweak: you can ask LastPass to automatically fill in that information every time you go to that website, or you can choose not to have it auto fill. Either way, this is only possible when you’re logged into LastPass. In the settings for LastPass, you can choose how long the program will stay open if there’s no activity on your computer. This way, no one else can have access to it, if you’re away from your computer.

What about if you happen to go to a website where you’ve never been before and decide to set up a new account? The website will usually ask you for your email address or username and password. Since LastPass recognizes that it’s never saved credentials for this site, a little LastPass icon pops up where the password field is, that will generate a random password for you. You have the ability to decide what the criterion is for that password.

As I’ve said, I try to use 20-character passwords, but there are websites that have a maximum of, let’s say, 12 characters. I can change that just as I’m setting up a new account on a new website.

The other thing I really like about LastPass is that it will remember a lot of your information, in addition to your usernames and passwords. I have a form set up that has all my home mailing information, and another form that has my office mailing information. This way, I can easily have LastPass autofill my shipping information for whichever location I choose.

In addition, you can have secure notes that will be password-protected, so you would need to present the password every time you wanted to access those notes. This can be a good place to have your credit card info saved. Definitely helpful if your wallet gets stolen. Plus, I save so much time, not having to enter all that information every time I want to sign up on a new website.

Once you’ve use LastPass for awhile, you should run a security check. If you’ve been putting in some of your old passwords, LastPass will tell you how many websites use the same password, which helps you figure out which one it’s time to change. LastPass will also help you do that.

Lastly, I want to talk about sharing passwords. Say you have an account on a website, and your significant other wants to make a purchase from that website. As long as they have LastPass, you can share that information with them, so they don’t need to create their own account. You decide, when you share it with them, whether or not they have the ability to see what your password is, or be able to make changes to it. Otherwise, you can set it up so they just are able to use it. While we were setting up goaskIra.com, this came in very handy with a couple of my team members.

LastPass is even more helpful than this, and I urge you to explore what it can do. But if nothing else, it’s imperative that you change how you’re doing things now. Having three or four passwords that unlock your life is not safe anymore.

​Read my LifeLock review here