LastPass to cure password hell?

I haven't been able to try it yet.

Computer life can be difficult and frustrating for me. The problem is that I am working on:
1 Semi-functional PC
1 Semi-functional Laptop computer
1 Loaner from the computer store
1 Perfect Modern Laptop computer with one tiny problem that the manufacturer is making me wait for up to 8 weeks to repair.

I forgot my password for my list of passwords, but I seem to remember it was a pretty clever one. But even if I had it, the file would have to reside on the computer that I was on at the time.

So imagine...As I am loading Firefox onto the Loaner Laptop (which is my first experience with Vista) I see this password add-on called Lastpass that claims that it will work for all of your computers. It seems fairly secure. (It sounds like it is better than my present system of constantly loosing passwords).

I wanted to test it on my old reliable XP-home PC however...It has always seemed to have a problem downloading add-ons. Lately it simply refused to upgrade either Firefox2 to Firefox3, or update my add-ons. This is a separate issue, I know, and it was just mentioned to try to invoke some sympathy. I,m just wondering if LastPass is really a good option like it sure sounds like it could be. Is there something simpler and freer that works better? I am so sick of doing the Password Shuffle everyday!

 

I've been using KeePass on a USB and has worked very well!

 

A Free Password Manager that's Just as Good as Roboform (Lastpass).

Best Free Web Form Filler/Password Manager

 

I would suggest you create a file with all your passwords listed in it and encrypt it using a tough to crack but easy to remember password (obvious idea and you even tried to do it but missed the easy to remember part).

(((or use the following to create your master password for your form filler rather than for your list of passwords)))

Great and easy to remember passwords can easily be created using a technique I came up with a while back. Take a word and translate it to another language. Now put the two words together and thats your password. For example (and no offence intended) the word for **** in French is merd, so the password would be shitmerd. You will never forget this password and given its 8 letters long and is made up of words from 2 languages I doubt it would be easily cracked. If you want to make it even tougher stick in a number or symbol. For example ****=merd or even 2shit=merd2 (by which I mean "to **** equal merd squared" ----- which would be a heck of a password in its own right ---- but a rather long one --- but probably unforgettable).

I hope this helps going forward.

PS: actually **** in French is spelled merde but it is commonly misspelled as I spelled it above by Anglophiles (I can tell you this is the truth because I just misspelled it myself and only noticed the error when I reread this post). I left the incorrect spelling because this spelling is easy to remember but if you decide to use this as a password feel free to spell it whichever way you choose (obviously). Of course the same idea will work with any word from any 2 languages (again obviously).

 

Keepass works perfect for me!
I use it with Dropbox and sync across a few computers.

 

I'm using Lastpass and I'm content with it's functionality.
Before that I was using password scrambler, but sometimes that one gave me trouble.

The advantage of Lastpass is that you can go anywhere and get your passwords. Even without installing the add-on.
They also have a bookmarklet, which is based on javascript.

If you install it on all of your computers, you would find all updated passwords on all your systems, with out worrying about synchronizing.

 

BGoodman4:
You said:
I would suggest you create a file with all your passwords listed in it and encrypt it using a tough to crack but easy to remember password (obvious idea and you even tried to do it but missed the easy to remember part).

(((or use the following to create your master password for your form filler rather than for your list of passwords)))

Reply:
Well the system I had, like your first suggestion worked well for years, however things changed - I had to switch back and forth from four different computers and that left too many opportunities for copies not being up to date. Also, circumstances have encouraged me to change passwords to many sites recently. Your second suggestion is good, only it is sites themselves that make it hard by require things like upper and Lower case, and numbers, and special characters. Personally, I am opposed to sites dictating rules, but that's just me..

I really appreciate the suggestions.

BTW - I just got my laptop back and am running LastPass on it now. It is too soon for me to comment on yet though...

Now to read the other responses!

-HandsOff

 

It sounds encouraging! Since I just had to change a password using my laptop, I will soon find out how well this feature works when I switch to my under-desk computer!

 

L815 & Fontaine:

I assume that somehow I am supposed to keep track of a USB memory stick, not to mention not destroying it? I do appreciate the suggestion, but anything that requires I remember anything just will not work for me!!!


-HandsOff

 

Keepass does not require USB stick (although it can be run as a portable app from a USB stick)

 

Okay, I stand corrected!

Now that I have used it for a couple of days I think I am already hooked on LastPass! I can say without reservation that this would have saved me a lot of trouble in the past. I haven't used keepass, so I can't compare, but I would recommend Lastpass to anyone who is tired of chasing passwords all day long!

-HandsOff

 

In case you have a few software registration codes. product keys or anything like that: you are able to store them as security notes of Lastpass, and these keys will be available for you even after a reinstallation or replacement of your system. Even from the www.lastpass.com website.

 

Yes, Wilbertnl, I was wondering about that. I wasn't sure because when it fills in passwords you don't actually see them, but it had occurred to me that there might be the possibility of calling a note a password, then storing it for later retrieval.

Or maybe it is an actual feature that is supported. LOL - either way!

I get this third party archival logic from my experience storing photos and digital art on flickr. It is a hobby that is important to me, and I like knowing that all of that work is backed up and archived by Flickr (which is owned by Yahoo!, BTW).

It is a whole new feeing of security when you know that something exists separately from you and your own circumstances.

I believe I have over 400 macro photographs of insects that are archived on Bugguide.net. Something like 1,500 pictures on Flickr.com. And now my passwords will survive whatever ill I do to my computers! This really does help!

-HandsOff

 

Handsoff, I think that unreadable passwords are the feature of password fields in html pages.
If you want to see your password, you can go to the Laspass vault, or under the Lastpass icon for the current website where you select edit and then show password:

For the same reason I like to use an IMAP mail server, where all my email always will be available, also after replacing my system or re-installing everything.
The email is available no matter which system I use.

 

Wilbertnl,

LOL, I understood the part that you posted a screenshot of, the part I wanted to see was your password in readable form! But, joking aside I am humbled by your knowledge of the procedure to reveal passwords using the edit > show procedure. On the other hand, you can not simply copy the field, and print it out in a text editor. (I don't know if that is what you were getting at, however, it is the sort of thing that I try, right off the bat!) if you do you get the likes of:

(pinting out as formatted text): ●●●●●●

(printing out as unformatted text):


I think I understand your last comment, about email. I use gmail as my main mail, and am glad that I do. I can't afford to loose, or not have access to important messages.

Thanks, for the info, Wil! You were way ahead of me on this!


-HandsOff

 

It's: HandsOff...

Yes I can, just paste the result of this image in your text editor:



Anyway, when you login to your account at www.lastpass.com, you will find under actions the feature to export your passwords in readable form. The data is decrypted on your own system, nowhere else.

 

Heh, heh...

Still waiting to see your password!


-HandsOff

 

I tried LastPass but it showed some strange errors when I want to edit something.

LastPass dosen't have its own user interface? It needs IE to function?

 

It's web-based. Just login at the site.

 

When I switched to Linux I had a big sorrow. One of the things I really, really didnt want to be without was Roboform. As you might know Roboform consequently refuses to make a Linux version. Roboform was I guess the most important software I had and, as I said, I couldnt imagine be without it since it made online life so simple when it came to complex passwords ( I have about 100 sites with unique secure 20+ digit passwords)

But then I stumbled on Lastpass and it is even better than roboform imho. It does everything that I used RF for.

I only use the firefox extension(it has a IE plugin for those who use IE or you can use the web based interfase). It works vey well. I have uninstalled roboform in windows and use lastpass there too the few times I use windows.
It is so nice that it is web based, It makes easy to use all my passwords on any computer or OS.

I was first worried about the security, but after reading their support forum where people questioned and tried to break the security (the developers encourage criticism about Lastpass security) I felt secure enough.

It is free but I chose to pay the 12 dollars to support the company. Definitely one of the most useful programs/extensions ever imo!
And did I mention that it is FREE?

 

Hi-

I missed your response, but I am pretty happy with LastPass. I also used Roboform at one time, but that was in my Internet Explorer days.

I have yet to pony up any cash, but I do give Lastpass my unsolicited endorsement. And I don't give very many software products very good reviews. On the other hand, no one really cares what I think anyways. I can't understand it! I guess people sometimes just have to learn things the hard way.


-HandsOff!

 

Sorry but Last Pass would never be for me. I know I'm getting cantankerous in my old age but I don't trust anything that uses the web in any way whatsoever to guard my passwords.

**EDIT**
Found this link listed over @ dslreports this morning. Much better at describing my feelings!
http://www.guardian.co.uk/technology/2009/jun/04/bruce-schneier-cloud-computing

 

My feeling is this: If someone is good enough to defeat LastPass, they are already easily able to compromise my system.

It's just my own personal opinion, but I don't think a well thought out security program will be the flaw that brings it all down. Rather, I think it is the never ending stream of very poorly thought out applications that will all have to use, along with the needless risks that companies and organizations take with their clients.

Every day you see it with scores of programs connecting to the internet, that have no legitimate need to. Or, say, having to run a service which cannot be disabled because it has a crucial function bundled with a security risk.

This program is really good because it reduces stress! You don't know how often I have forgotten passwords! Kudos to you if you don't need this sort of assistance!


-HandsOff

 

And it's still okay that we prefer Lastpass, right?

By the way, you can exclude any sensitive passwords (like banks) from Lastpass.
I assume that you also exclude any sensitive logins from any other password manager that you might use (local or on the internet)?

I have been a long time fan of Password Scrambler, which does NOT store anything anywhere. You might feel more comfortable with such solution.

 

One question that I cannot find an answer to in FAQ's - When I am setting this up and visiting sites that I already have remembered passwords for do I have to delete the existing password/s or does that happen automatically.
I have looked at this app before and it looks to be just what I want but wondered about the existing passwords.