Reply With QuoteYou log into lastpass.com (or the app on your phone or the extension in your browser), look for the site, hit "edit", and then "show password".
I'm about to pull the trigger on moving to Lastpass for password management, but I have one question:
My understanding, perhaps flawed, is that Lastpass generates very random username/password combos for your sites and it takes care of "remembering" them for you.
Question: there are times when I need to know what my password for a site is. For example, logging on to Netflix or HBOGo on the PS3 or Xbox requires entering the password for the web sites. How do you guys who use Lastpass handle that?
You log into lastpass.com (or the app on your phone or the extension in your browser), look for the site, hit "edit", and then "show password".
Also, you don't have to use the random password if you don't want to. So if you'd rather make up your own (decently secure, of course) password for those types of services, you can, and Lastpass will use it.
You can also tell it to generate passwords without capitalized letters or ambiguous characters, so they're easier to type in on your xbox or whatever.
Cool. Sounds like a very well designed app - I'm sold.
the iphone/ipad just received a major update so it's not just a glorified web browser.
Lastpass is completely free. They only charge for the mobile versions. It's pretty sweet.
$1/month is pretty reasonable.
I use my own passwords with it. I should probably use random ones, but I don't want to rely only on LP for them.
What happens if you need your passwords and aren't on-line? Also what if half the sites your on accept special characters, but the toher half don't even allow capital letters?
Last question - Jag - isn't the whle purpose of this thing is to generate big long passwords that automatically get inserted for you?
The password generator is a feature, but it's more about encouraging you to use different passwords everywhere. When you use the generator, you can specify password length, case sensitivity, inclusion of special characters/numbers/etc, so you can set it up to meet even the stupidest of password requirements (except for stuff like "must include a special character but it can't be the first character of the password")
If you aren't online, what are you going to do with your passwords? That said, it caches your encrypted password data locally when you log into the browser extension (or the desktop app), so the passwords should be reasonably current.
For password generators I like this one:
http://passphra.se/
It's good for a starting point then tweak it as necessary from there.
Last edited by ARogan; 08-22-2012 at 06:22 PM.
It's not the whole purpose, but it's a benefit. I like knowing my PWs. It's not as secure, but I'm using Lastpass as a convenience since I forget my PW all the time rather than for security.Originally Posted by jpinard
JPR - I have many programs that require passwords off-line that are synced up on-line too. Will lastpass work with MS Access in this fashion?
And I really like that you can use Google Authenticator to provide extra security.
It works in the sense that if you have logged into lastpass via the browser plugin or desktop program recently, then you can log in offline and look at/copy your passwords, yes.
I'm a LastPass Premium user but I can't tell the difference between the LastPass app and the LastPass Wallet app--anyone else know?
The lastpass wallet doesn't have all your passwords.
Or maybe it does, if you subscribe. It doesn't if you don't.
Yeah, I have to be able to access the passwords since, e.g. I sometimes need my pw on my Xbox and PS3. But sounds like that is not a problem.
What happens if you log in to a public computer with a keylogger? Won't that compromise your entire Lastpass account?
1. you can issue a temporary one time password.
2. Use the google authenticator
3. Use the mobile app on your smart phone.
Ooh, I just stumbled across something that I assume other LastPass users might have missed: Password Iterations (PBKDF2).
tl;dr version (if I understand it): Upping this from the original default of "1" to "500" increases the amount of time it takes for LastPass to login via your browser the first time you login each session, but does not slow anything else down. I increased mine to 200, and it only takes a few more seconds to log into LastPass now, so I'll probably up it to 500.To increase the security of your master password, LastPass utilizes a stronger-than-typical version of Password-Based Key Derivation Function (PBKDF2). At its most basic, PBKDF2 is a "password-strengthening algorithm" that makes it difficult for a computer to check that any one password is the correct master password during a brute-force attack.
...
[more technical stuff]
...
In terms of usability, the number of rounds used only affects the process of logging in to your LastPass account. Once you gain access to your account, the implementation of these changes will not affect your browsing experience.
They only added the feature some time after I signed up, which was a couple of years ago I think, and I'm not sure they actually reached out to the community about it via email. So there could be lots of folks not taking advantage of this.
Caveat: I'm not an internet security expert, just an internet security enthusiast.
I only signed up a few months ago but mine is defaulted at 500. It even states next to the input field that the recommended is 500. So, go ahead and up yours from 200.
I signed up a long time ago and mine was set to 1. I found out about that iterations stuff a couple months ago and increased it to 500.
You really should be using two-factor authentication with lastpass. It is very inobtrusive.
I've always been wary of using a phone app because of the hassle involved when I lost my phone or decided to get rid of it. I hate smart phones and I am toying with the idea of dumping mine after my contract is up.
So... probably not the best idea for you. It's a great option for non-luddites.
LastPass has a non-phone option for its two-factor. You print out a little grid of random alphanumerics and they ask for something from it. I have a copy in my wallet. It has no identification on it to show that it has anything to do with LastPass, and it's simple and easy whenever I need to use a machine I don't own.
I had trouble finding info on two-factor in the LastPass browser add-on, on the Settings page or in their FAQ (except for referring to YubiKey Authentication), but then I googled and found this (I should have been looking for Grid info.):
Edit: Also,Does LastPass support two-factor or multifactor authentication?
Yes. LastPass currently offers:
1. Grid - a free multifactor option styled after a battleship grid
2. Sesame - a part of our Premium package, a program that generates a one time password when logging in
3. YubiKey - a part of our Premium package, a separate physical device, purchased through Yubico, that generates a random one time password when logging in.
4. Fingerprint Reader support on limited devices as a part of our Premium package.
5. Smartcard authentication on limited devices as part of our Premium package.
6. Support for Windows biometric framework.Video tutorialAllow Mobile and Bookmarklet Access to Bypass Grid: Controls whether mobile devices and bookmarklets will be allowed to bypass Grid multifactor authentication when enabled. There currently is no method for inputting Grid credentials on our mobile apps, so this is recommended if you also login to LastPass on your smartphone.
Last edited by barstein; 08-31-2012 at 02:39 PM.
Sorry my post came off the wrong way. I just started using last pass a week ago. I am interested in two-factor, but wary of the hassles. I'm trying to elicit feedback about how much of a hassle it is as a phone app and whether people felt it was worth it.
FWIW I just turned on Grid in LastPass. It only took a few minutes to get up and running, and increased the amount of time to log into LastPass by about thirty seconds. Edit: I meant the initial login -- the amount of time to use LastPass to log into a web site is unaffected.
Correct me if I'm wrong, but I'm pretty sure the smartphone versions of LastPass don't have two-factor or multifactor options yet. On the phone, LastPass merely functions as a secure repository for your passwords and a secure web browser. Only takes a second to key in a password from memory, and you get immediate access to your passwords. I use it all the time and I feel it's totally worth it.
Last edited by barstein; 08-31-2012 at 02:46 PM.
Posting Permissions