LastPass.com – The Last Password You Have To Remember
This is a repeated website of the week but I think with the latest on the Heartbleed vunerability the recent action from the people at lastpass.com definitely warrants a mention for this week’s website of the week.
Lastpass.com is a password vault that allows you to keep your passwords safe and locked away with a single password but that is only part of the magic. Lastpass.com also has some really nice browser plugins for your Windows computer or Mac that will generate secure passwords for websites you use, store them encrypted and online and when you revisit sites you have previously logged into will automatically log you into the website. All done securely and easily.
The security model used by lastpass is known as TNO which stands for Trust No One. This security model is one of the most secure encryption methods where only the end user holds the decryption key and the encryption/decryption is performed on the end user’s computer. Lastpass is unable to look at the encrypted information you keep on it servers even if compelled by law enforcement. It is not technically possible to do so.
Here is the latest for the free browser plugin that really takes the cake.
You may of heard of the Heartbleed issue over the last week or so and you might be a little confused on how to combat this issue. The trick is that timing password changes is critical. If left too late, you may leave yourself open. Too early and your password change does nothing to fix the issue. The trick is to change your password as soon as the security modules in the affected website are patched and new security certificates are issued. The problem is that this is not happening at the same time for all websites.
Only some of the websites are affected and each team managing the websites are moving at their own pace on closing the holes. Keeping track of who is patched is a bit of a headache but if you are using lastpass.com you can find out which sites are ready for your new password.
On the lastpass plugin, click tools, security check and then start the security challenge to run an audit on your online security including heartbleed affected services.
Or, you can simply go directly to the challenge by following the link to https://lastpass.com/?securitychallenge (you will need to be logged into your lastpass account).
This was above and beyond the usual service that Lastpass has provided in its free and paid (US$12/yr) services. This has been acknowledged widely in the online security and technology sectors and has gained Lastpass a great deal of respect in the online community.
The only thing missing on the Lastpass team is the capes. These guys are flat out heroes.