One of the most popular online tools to grow in recent years has been LastPass, a password management tool that hopes to get rid of clutter and minimize difficulty remembering your various passwords by using a master password and randomly generating the rest. In a world where everyone has dozens of online accounts worth protecting, such applications are welcome, but at what cost to security does the convenience come?
Here are some things you should know about LastPass:
You need only to think about the concept of LastPass to be concerned for your security. It is a cloud-based freemium service that allows user to collect all of their passwords into one location, and it promotes that it guards this information very well. Yet if this one location is compromised, the user’s online life is all but ruined, and they will have to spend at minimum a few days cleaning up the mess, that is if they are lucky enough not to be the victim of identity theft. Out of all the different types of eggs to put into one basket, passwords don’t come to mind first.
It also does not help that everything is stored in the cloud, which has a poor reputation for security by any standards. Every other month, you hear about a massive breach of data that nearly destroys a company that is the source and puts all of their clients and customers on edge for at least half a year. No matter the level of security LastPass has, it cannot entirely eradicate human error, nor can it foresee every tool and method a hacker might use in the future.
Previous Problems and Successes
While LastPass has been generally reliable to its customers, there have been a few major incidents that are worth mentioning:
- In the middle of June 2015, LastPass reported that there was a breach in their security that resulted in the loss of customer usernames and password reminders in addition to other data. While their main vaults weren’t compromised, it shows that the company is not invulnerable.
- In May of 2011, there were signs of a security breach in which an unknown amount of data could have been taken. LastPass was responsible in responding, and rebuilt much of the compromised hardware from the beginning. To this date we still do not know much more about the incident, but it was bad enough that LastPass asked its users to change their master passwords.
Fortunately for users, there have been few other reports of a breach that isn’t attributed to user error. Considering the value of the target and the frequency of cyberattacks, that should be considered a success.
Using a Virtual Private Network
One thing that would make LastPass a much more viable security option would be to install a Virtual Private Network (VPN) on your device. What a VPN does is create a connection between your device and an offsite server which is well protected. This connection is encrypted using the highest reasonable security standards, which means that no one will be able to look in on your passwords or any other data. They will only be able to tell that you are using a VPN and nothing more. The offsite server will additionally mask your IP address, allowing you to appear as if you are accessing the internet from a different country or location.
LastPass does help you when you are using a public network, especially if you are using a virtual keyboard, but the added protection of a VPN will allow to not only be safe in your password usage but all of your data usage. This includes your user names, your communications, your emails, and your browsing history. Do not let LastPass lure you into a false sense of security where these items are concerned, and be sure to cover all of your bases instead by looking at some VPN reviews and deciding what works best for you.
What if Someone Gets Ahold of Your Device?
Even if you had complete and assured protection and had an absolute guarantee that nothing would happen to your passwords in the cloud, there is still an issue that you might want to think about. What is someone were to get ahold of your phone or laptop without you knowing? It would be extremely difficult for you to know in time so that you could contact their customer support or take any action before the hacker got in (a 4-digit PIN won’t keep someone out for long) and then used the autofill and app to get into all of your accounts and wreak havoc.
Choosing a strong master password is great for these circumstances, but if that is cracked, you have a major issue on your hands, and hackers are developing tools to get through master passwords constantly. It is just another way of putting all of your eggs in one basket, albeit a safer one than most. You can add additional layers of security and verification, but those can always be broken as well.
LastPass is certainly a fine solution to your password management needs, if they were compromised they wouldn’t be in business. Yet is the service really necessary? Do you really want that information in digital form just for the sake of convenience? Wouldn’t a good safe and a notebook provide better protection and peace of mind? Only you can answer these questions and make the right decision.
About the Author: Cassie Phillip is a technology blogger who writes about internet security and data privacy. She enjoys share tips and tricks with her readers to protect them against cyberattacks.