🔐 How vulnerable are you: secure, ubiquitous, ease of access
"Give Me Convenience or Give Me Death."
- Jello Biaffra, Dead Kennedys
First we looked at the importance of securing access, then a means of securely storing & managing your growing collection of authentication credentials. Managing your own homebrew synchronised credential database may be fine or even desirable for those who like to take the back off things and get at the workings, but that isn't everybody. Let's face it, no matter how beneficial something may be, if it isn't easy or it's overly complicated then chances are you won't use it.
In this installment we'll look at ready made, encrypted, cloud synced, app supported, credential storage that you can use from your computer, smartphone, tablet, anywhere.
Source: Pixabay
LastPass
LastPass operates on essentially the same principle as the KeePass + cloud storage + app solution outlined in the previous article, except that this is a one-stop-stop solution. LastPass uses AES-256 bit encryption, salted hashing, and PBKDF2 with SHA-256 to encrypt your personal credential store, and one master password to unlock it.
LastPass accounts are created with a nominated email address and a (strong) master password, then your unique encryption key is generated locally.
Data stored in your credential store is securely locked, even to LastPass. This is because the data is encrypted and decrypted at the device level, only the encrypted form of your credential store is transmitted to LastPass for sync purposes.
Your master password and encryption keys are never transmitted to LastPass.
"Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass."
It's worth noting that there's no limit on the number of entries in this credential, even for free accounts.
This personal credential store is synchronised between authorised devices and the LastPass cloud service, facilitating secure access to your credentials wherever you install the supporting app or browser extension.
Yes, it's available for Linux too, and supports Google Chrome, Firefox (& other Mozilla derivatives like SeaMonkey) as well as 2FA & backup/offline utilities for Ubuntu/Debian .
"W007!"
That's enough out of you.
The browser extension is available for your preferred browser, supported browsers are Google Chrome, Firefox, Safari, Opera, and IE/Edge.
Apps are available for iDevice, Android, or Windows Phone. Device apps have the advantage of using you fingerprint to unlock your credential store, that's handy considering small onscreen keyboards.
The full list of downloads contains a handy method to send a platform & browser specific mobile device install link directly to your email address:
LastPass Accounts
Accounts available are Free, Premium, Teams, Enterprise. Here's a basic feature comparison:
Personal Accounts
| Free | Premium |
|---|---|
| Access on all devices | All Free features + |
| One-to-one sharing | One-to-many sharing |
| Save & fill passwords | Emergency access |
| Password generator | Advanced multi-factor options |
| Secure notes | Priority tech support |
| Security challenge | LastPass for applications |
| Multi-factor authentication | 1GB of encrypted file storage |
Business Accounts
Teams and Enterprise versions of last pass are available, we won't go into all the details here, basically they are the aggregate of all personal features and additionally support multi-user access with administrative management & reporting, advanced 2FA, along with user directory integration which is handy for those who wish to marry LastPass with Active Directory.
This article limits scope to individuals, so if you're interested in looking into business functions here's the link: https://www.lastpass.com/business
LastPass Free Account Features
Apart from the secure storage and retrieval of credentials synced between devices, users of Free LastPass accounts will find most benefit from the following features:
- Save sites as you login
- Import from other credential stores
- Generate complex passwords for... anything, even wallets
- Autofill credential details at login pages
- Form Fills prefill form and bill information
- Secure notes can be used for storing records
- 2FA/MFA security
As stated, all LastPass accounts including Free support 2-Factor/Multi-Factor Authentication, ensuring about the highest level of personal encryption security you can get outside of maintaining your own RootCA & kerberos-based encryption infrastructure.
"What's 2FA/MFA?"
Glad you asked, stay tuned... and as always, STEEM ON!
The LastPass name, product images, and all product &/or service constituents are property of LastPass.
^vote, resteem, and comment below. Considerable effort has gone into researching, testing, and formatting for this article.
I use LastPass personally - very excellent product, and highly recommended to EVERYONE looking to improve their security (which should be EVERYONE!)
You've received a FULL upvote from #TheUnmentionables - a SteemIt community full of members who like to kick ass, take names, and occassionally do it wearing (or forgetting to wear) our unmentionables...
https://discord.gg/7kYYrw9
#TheUnmentionables
Please upvote this comment to help us pass out higher dollar value upvotes in the future!
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by neuromancer from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.