LastPass Review: 7 Password Problems LastPass Solves

How many passwords do you have? 20? 80? 200? 300? If you have a unique password for each account, as you should, that number climbs quickly. How can a person possibly create and manage that many passwords? Even if you find a way to handle passwords at home or work, what do you do when you’re away from those places?

Fortunately, there are password managers that answer these questions. I’ve been using the LastPass password manager for years, and I highly recommend it. Let me give you a few tips for creating and managing strong passwords with LastPass.

Password Threats

Passwords are still extremely common, despite some progress towards replacing passwords with biometrics and other authentication methods. LastPass found that the average employee using its password manager is managing 191 passwords! That means you’re frequently asked to create and remember passwords. This results in a number of practices that reduce security.

1. Short Passwords

When people think they need to remember all their passwords, they create short passwords that are easier to remember. The shorter a password, the easier and faster it is to crack using password-cracking software. That’s because the fewer the characters in the password, the fewer combinations the software needs to try.

2. Simple Passwords

Another thing people do when they think they need to remember all their passwords is to use passwords that are made up of common words you’d find in a dictionary (such as monkey), or memorable letter or number sequences (such as 123456 or qwerty). Such simple passwords are easy to crack using password-cracking software, which looks for common words and sequences.

3. Duplicate Passwords

Another thing people do when they think they need to remember all their passwords is to reuse the same password(s) across multiple accounts. According to Marc Goodman in Future Crimes, 75% of people use the same password for multiple websites, and 30% use the same login info for all their online activities.

Think of the physical keys you use. What if you used the same key for your house, car, safe, workplace, etc.? If you lost that key, and someone found it, they would immediately be able to access not just one property but several, or all. The same principle applies to passwords, which are digital keys. If you use the same password for multiple accounts, and someone gets that password, then they immediately have the ability to access many of your accounts.

4. Insecurely Storing Passwords

When people decide that they shouldn’t use the same password for everything, they realize they’re going to need to record their multiple passwords. I’ve seen people use Post-It notes on their monitors, a text file on their computer, a Google Doc, a draft email, and other methods that aren’t secure. These containers have few barriers to prevent people from finding the passwords they contain.

5. Not Changing Passwords After Breaches

No matter how careful you are about your personal cybersecurity, it’s inevitable that organizations will suffer data breaches, and your passwords will be leaked. We hope that every organization is encrypting and otherwise protecting passwords, but sadly, that’s not true. And even when passwords are encrypted, there’s always the chance that they can be decrypted.

If you don’t change your password for an account after a breach affects that account, it’s only a matter of time before someone uses your password to access your account. This is especially dangerous if you use that same password for multiple accounts because hackers will try using that password all over the Internet.

6. Insecurely Sharing Passwords

Although it’s always best to have your own credentials for an account, sometimes that’s not an option, and you need to share an account. For example, most of the websites for my utility companies don’t let me create multiple users, so I need to share those accounts with my wife. If you send passwords through email or another insecure messaging system, you run the risk of those passwords falling into the wrong hands.

7. Entering Passwords into Phishing Sites

A phishing site is a website that’s designed to look like a legitimate site so that you feel comfortable logging into it. For example, you receive an email or text with a link to your bank’s website. You click the link, recognize the bank’s website, and log in. However, you didn’t realize that it was a phishing email or text, and a phishing website. Now you’ve given up your username and password.

LastPass Review: How to Increase Your Security

Fortunately, there’s one tool that can greatly alleviate all these problems! It’s called a password manager. There are many options. I’ve been using LastPass for years, and I highly recommend it.

Lastpass uses military-grade encryption (256-bit AES) and has a zero-knowledge policy which means they’ll never have access or view your passwords. It also has two-factor authentication options (2FA) for improved security as well as biometric logins.

Other password manager options:

• KeePass
• 1Password
• Dashlane
• Bitwarden
• Password Safe

I’ll show you how to LastPass helps you create strong passwords and manage them.

Here’s a brief overview of how LastPass works:

• LastPass nor anyone else who were to gain access to your vault would be able to get your passwords out of it.

There’s a lot more to know about LastPass, which you can learn from their website. I’m going to focus on how LastPass solves the seven specific problems I discussed above.

1. Longer Passwords

You can use LastPass password generator to create new passwords. One of the settings is Password Length. Because each additional character makes it exponentially stronger, the longer the password, the better. However, most websites and apps have limits on how many characters you can use in a password. I recommend using at least 15 characters. I use 20 to avoid weak password issues. If an account says you’ve used too many characters, you can reduce the number until you reach the maximum allowed.

LastPass’ Security Challenge analyzes your passwords and tells you which ones are weak. It can even automatically change some of them for you.

2. More Complex Passwords

LastPass’ password generator has Advanced Options that allow you to select the classes of characters used in your passwords. Those are uppercase letters, lowercase letters, numbers, and symbols (sometimes called special characters). I recommend checking the box for all 4 classes. If an account says you’ve used a disallowed character, just replace that character with one that is allowed.

Again, LastPass‘ Security Challenge analyzes your passwords and tells you which ones are weak. It can automatically change weak passwords for you to make sure your online accounts are secured.

3. Unique Passwords

This is where LastPass really shines. Because LastPass makes it so easy to create and store passwords, there’s no reason not to create a unique password for every account.

LastPass’ Security Challenge analyzes your passwords and tells you which ones are duplicates.

4. Securely Storing Passwords

As I mentioned earlier, LastPass stores your passwords securely.

We’ve implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.

Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass.

LastPass

To open your vault, you must enter your master password. You also have the option to add two-factor authentication and make things much secure, so if you have that set up, you may have to get past that as well.

You can manually log out of the LastPass browser extension or app any time you want. You can set your browser extension or app to automatically log you out of LastPass when you close all your browsers, and/or when you’ve been idle for a certain number of minutes.

You can set individual passwords (and notes) to prompt for your master password again, even if you’re already logged in. I recommend doing this for sensitive accounts (financial, medical, etc.).

LastPass will require you to authenticate yourself with another factor.

5. Breach Alerts

LastPass automatically informs you when your email address has been exposed in a data breach, and which breach it was. That way, you know which password you should change.

6. Securely Sharing Passwords

LastPass users. You can even share the password without allowing the recipient to see the password. That way, they can use the password to log in, but they’re not able to learn what the password is. You can even unshare passwords when the time comes.

7. Doesn’t Autofill Phishing Websites

LastPass won’t show any matching passwords. When this happens, stop and carefully study the site to see if this is a phishing attempt.

Note: Technically, LastPass looks at the domain, not the website. I used the word website for simplicity.

This is when the dark web monitoring feature of LastPass Premium comes in handy and ensures your login credentials are well-protected.

LastPass Premium vs Free Version

LastPass Free will be limited to one decide type only.

LastPass Premium
Unlimited password storage	Unlimited password storage
Good for 1 device type	Good for unlimited device types
Save and autofill passwords, multi-factor authentication	Save and autofill passwords, multi-factor authentication
No backup solution	Comes with 1GB file storage
No security dashboard	With security dashboard and password scores
No dark web monitoring	Comes with dark web monitoring to be alerted if your information is compromised
No emergency access	Provides emergency access to your most important information

What You Should Do

1. Research about password managers. I recommend LastPass, and it will probably work well for you, but it wouldn’t hurt for you to research the alternatives.
2. Sign up for a password manager, which could be free or paid. LastPass Premium is great for those who want to get the most out of their password manager.
3. Install the password manager on any device where you’ll need it. Most password managers will work on PCs, Macs, and mobile devices.
4. Configure the password manager’s settings for the maximum level of security and privacy to keep your login credentials safe and secure. We recommend using the two-factor authentication feature.
5. Move all your passwords into your password manager, then destroy any insecure copies of those passwords.