Content Last updated: 11-May-2020
Note added: 02-Mar-2021. LastPass free now only works on one type of device, so if you want to use LastPass on a tablet and a phone and a laptop you’ll need to use their paid-for version.

Applies to: Everyone. Windows 10, 8.1, 8. Apple Mac. Tablets and Smartphones (Apple or Android).
Find out how Password managers work through the medium of cartoons here

lastpass_300_square

The Last Password you will ever need?

What is LastPass and why would I want it?

Is this the Last Password you will ever need?

LastPass is what’s called a “Password Manager”.  It’s like a sort of “safe” that you keep a list of passwords in. It remembers all your passwords (or all the ones you want it to) and then when you need a password, you click or tap on the Password Manager app and it puts it in for you. You still need to put in one password (the one for the Password Manager) but one is much easier to remember than lots… and that one can be long and complicated since it’s the only one you have to remember.

In this post, we’ll delve into how to actually set up and use LastPass. This is an advanced article and we do go into a little detail. If you want to ask any questions or would like us to clarify anything, just drop a comment in the box at the end of this post, or ask us a question in The Clubroom.

Read on and you too can have 100-character-long secure passwords you don’t have to remember, but not this one*:

4b8sHEnqAWqxUPJ2P4rCvreC$2X!hu3BOgbZ%&prUqj%[email protected]&^bP!91VOuwI%RELOC5

How do I get LastPass and set it up?

It’s easiest to set up an account on a PC or laptop if you’ve got access to one.

  1. Head over to the LastPass website to get started…
  2. Click ‘Create Account Now’ or ‘Get LastPass free’ to get started.
  3. This will load a browser plugin (click accept on the popup alert), once this is installed LastPass will ask you to sign up. In some browsers, you need to click the new icon in the browser window which looks like this lastpassicon1
  4. You will then get a popup which looks similar to this, just click “Create an account now” down at the bottom, in other browsers it will ask you to create an account automatically.
    lastpass_new_1
  5. It asks for your email address and a password, this is your Master Password, it is very important that you know what this is and will remember it. Make it strong, and you can make a note of it in a safe location (pen and paper), but probably best not to label it as “This is my LastPass master password”…
    lastpass_new_2
  6. Click Create Account.
  7. Check your email account, as they send you a confirmation email just to check it is you signing up.
  8. Then you are good to go…

Adding Website Accounts to LastPass

  1. Go to a website where you normally log in (for example Amazon)
  2. If you are already logged in, log out.
  3. Log into the website as normal…
  4. LastPass will then ask if you want to save the password to LastPass (across the top of the web page)
    lastpass-save-site
  5. Click “Save Site”
  6. That’s saved it to your LastPass “Vault”.
  7. Open the Vault from the new icon in your browser (next to the address bar), in Chrome it looks like this lastpassicon1.  The Vault will look something similar to this, with all your saved websites.

    lastpass_vault_example

    (Usernames have been blurred out)

  8. In your LastPass Vault, you will see Amazon listed (along with any others you’ve added). From here you can see the password in plain text if you need to copy it out for any reason, and you also get the option to remove the entry or change the details.
  9. Repeat these steps for each account you want to save in LastPass
  10. One more step to make your (Amazon or any other) account more secure… see (Changing and generating strong passwords below)

Using the saved Passwords

  1. Go to a website you have a saved password, for example, Amazon
  2. Click Login as usual
  3. Click the small LastPass icon in the e-mail box, it looks like this in Chrome
    lastpass_use_password_1
  4. Select the account you want to use (You might have multiple accounts for 1 service)

    lastpass_use_password_2

    Usernames have been blurred out

  5. It auto fills in the boxes

    Usernames have been blurred out

    Usernames have been blurred out

  6. Press Sign In as normal
  7. One more step to make your (Amazon or any other) account more secure… see (Changing and generating strong passwords below)

Changing and generating strong passwords (recommended)

  1. You can then change your various account passwords to a secure 100 character long password generated by LastPass.
    For example, I log into Amazon with my current password* which is ‘MyCatBob123’ and click on Account settings > Change password. LastPass (generally) detects what are you doing and offers to generate a password for you, but if not you can click the generate icon:
    lastpass-new-password-1
    lastpass-new-password-2
  2. I have changed the settings to generate a password of 100 character length. It would take 1 computer about 353,108,814,528,039,200 QUINQUAGINTILLION years to crack [1]. For reference 123456 takes less than 1 second, 123456123456 takes about 25 seconds, or 25 computers would take 1 second.
  3. Click Use Password, then click the save button on the website you are on, and your password will be updated on the site (Amazon) and in LastPass.
  4. Repeat the Password change steps for each website.
  5. You can run the LastPass Security Challenge to see how secure your passwords are!

Using LastPass on a phone or tablet

Once you’ve got a LastPass account set up, you can install the LastPass App on your tablet / smartphone.

You can download it for free from your app store.  Then you just need to sign in with the same email address and master password.

What if you use a shared computer / public computer?

Shared Computer at home

You can have LastPass installed in the browser, but require a login each time the browser is opened. This means when you let someone else use your computer, just close all the browser windows, then when they use the web browser they can’t see or use any of your passwords.

This is an optional setting you need to enable, just leave a comment below if you want to know how and we can talk you through it.

Public computer, in a library for example

Using a public computer is always risky, we would recommend you use a private browsing window (incognito mode in Chrome), from here you can log into LastPass from LastPass.com and see all your passwords.

Don’t forget to log out of LastPass (and any other websites you log into) when you are finished and close all the browser windows.

I would only use a public shared computer as a last resort as you just can’t be sure what is on there.

LastPass allows you to setup two-factor login which means even if someone got your LastPass password they would also need your mobile phone to log in to your account. This is an optional setting you need to enable, just leave a comment below if you want to know how and we can talk you through it.

Advanced Options

  1. Share passwords with friends, for example, I have a shared password for a website which does not allow multiple logins to 1 account but both me and my friend need access to it so I just shared it with them. Now when it changes we both get the new password
  2. Secure Notes, store anything securely, not just passwords. Probably not needed for your shopping list… WiFi details on the other hand…
  3. Payment Card details can be saved as well as default billing / shipping addresses
  4. Depending on exactly how you install LastPass you might be given an option to import your passwords from Chrome, this could be a good idea to get you up and running, but remember that the first time you log into the website LastPass will ask you to save the password so if you don’t get the option it is not a big hassle to slowly build up your password list.

What are the risks?

Well, and this happened to a *cough* friend of mine… he set up an account with 1Password – a different Password Manager – just to try it out, and now “he” can’t get into the account!

The password I setup is not the one I made a note of. And that’s it! Anything saved in the account is lost forever. Which is why these services are so secure, you can’t just reset your password.

Resetting your password – I just said you can’t, but what I mean is, you can’t easily. With LastPass, you can only reset your password on a computer you have previously used with LastPass.

There are also risks of storing all your passwords in one place, but in my opinion having weak, or even re-used passwords across lots of services (Amazon, Google etc…) is a much bigger risk. And I’m not the only one.

What’s Next for me?

  • I am slowly changing all my passwords to be 100 characters long and stored in LastPass.
  • Once this is done I will turn off Saved Passwords in the browser so I don’t have duplicates. This is different for each browser, you can read how to delete passwords here – make sure they are saved to LastPass first.
  • When I create a new account somewhere I can use LastPass, I will use their auto password generate feature (100 characters long password).
  • Enabling Two-Factor Logins where I can, and I’m not talking about sun-cream…
  • Keep an eye out for next months 100 character long Inner Circle password… Unless Laura puts a stop to that idea… 🙂

Why is the password for the Inner Circle a simple word like ‘train’ or ‘fruit’?

Good question, the password ‘fruit’ would take a computer about 1 second to crack, so what’s going on Mike!?

The reason we don’t have and don’t need a complicated 100 character password, is that the password to read the content and leave messages on the Inner Circle is shared among all members. It is sent out via email which is in plain text, and the data it protects is not classed as sensitive. For example, you don’t see other members e-mail addresses. But if you want 100 characters long password, just let me know 🙂

Now the login to the admin side of things, this is a different story and my password is indeed long, complicated and not memorable.

Are there alternatives to LastPass?

The other big password managers out there are called 1Password and Dashlane they work in a similar way, but are different… Go to their websites to find out more, and if you would like us to explain how they work simply drop a comment on The Clubroom and we will do our best.

Now you need never forget a password again, just don’t do what my ‘friend’ did and forget his Master Password… As ever if you have any questions, concerns or comments don’t hesitate to leave them in The Clubroom or in the comments below.
Mike
[Password of ‘Mike’ would be cracked by a computer in under 1 second]
*As you may have guessed, my password examples here are, and never have been, my actual passwords.
[1] https://HowSecureIsMyPassword.net/ (DO NOT type your actual password into this website)