Before writing this article, I have tried to take a simple survey among some of my Facebook friends. I asked them which password manager services they prefer and have been already using, Roboform or Lastpass. Each one has his/her preference, habit and favor but almost of my friends said that they were totally satisfied with what LastPass offers. The reason is very easy to understand: both offer free service package but obviously LastPass is a better choice.
Although each service has its own strength and weakness, LastPass is becoming a good replacement of Roboform, one of the best service so far in managing password, especially for those who are not affordable to purchase Roboform subscription (for Roboform Everywhere) or license (desktop version). After one week getting the hook with Roboform, I tried to switch to Lastpass. The former is still a very wonderful solution for managing password and the price is also reasonable but I still impressed with Lastpass very much and I think this service is better than I have ever expect.
After few days using Lastpass, I have found out some tips and I think they are quite necessary, useful for you guys to protect your credential and turn the experience with Lastpass to be more convenient!
1. Always use virtual keyboard to login
Of course, this is the most important step during the configuration process. Master password will be used to protect and open all other accounts, so you have to keep it secret. Some geeks define that a good password includes at least 20 characters with the some following kinds: upper and lower case, number, underline. You can even take advantage of some special characters to make your master password more reliable!
In fact, master password is the key of your house, so you have to protect it on the go. Avoid typing it by physical keyboard is always a useful and necessary advice. Instead of that, you should use Lastpass virtual keyboard or the same tool that is always available on Windows. Whenever you try to log into Lastpass dashboard with your own master password, hit the Screen keyboard button. You will be redirected to the new login page with the availability of a virtual keyboard. Otherwise, you can easily turn on Windows ‘s virtual keyboard by typing OSK in the Start –> Search box the command to call it. Though it won’t be able to prevent you 100 % from hacking or key-logger, this simple tip obviously helps you reduce rick while managing your credential information.
2. Turn off remember password feature on your browsers.
While this nice function is great in some way, it may somehow break your heart in case you share your laptop or computer with others. From my point of view, it is easy to login any account if someone leaves their devices without cleaning history, cookies or password… on the browsers like Firefox or Chrome. These popular online tools today also allow you to auto login website or service if you have already configured that.
How about your imagination in case your laptop will be stolen by some bad guys? All of your secret information will be easily unauthorized accessed and completely out of your control, even the thief do not know how many characters each password contains.
More devastating than you may expect in case you has configured on Firefox or Chrome by which allow the browsers to remember your Lastpass master password. All of of encrypted passwords stored on Lastpass maybe revealed under plain text without any possible protection solution.
Extra tip: To protect your passwords which has been filled and stored in Lastpass, you should carefully configure the security option within the dashboard. One of my advice is that only allowing to view your plain text passwords in case the viewers are able to provide the master password.
3. Take advantage of one time password
This is a fantastic feature I have ever known in such service. While at first, you might feel this function is waste of time, it is really a strong security layer. Imagine you are trying to login your Lastpass in a strange computer, which will you use to login: one time password (OTP) or the actual master password? The answer is easy to choose.
If you are not sure the connection is trusted or untrusted one, OTP will be definitely a secure choice for you. Taking note that Lastpass only allows to use OTP via this link.
In there, you can see the list containing all one time passwords. You can add new one, clean all of them or print for later usage. Remember that OTP is not eligible to view your plain text password or secure note when the system re-prompt.
4. Take advantage of secure note tool
This is another nice tool from Lastpass. Like Roboform, you can store some important information on your Lastpass dashboard, even password.
Extra tip: In my option, you can combine Roboform and Lastpass to enhance security. Roboform free account allows you to store 10 login accounts. That is quite enough in a daily basis for an average Internet user. Here is my idea to take advantage this tool to enhance the security: You should always login Lastpass with your OTP. After you have logged in the control panel, click on the Roboform account and from here you login other account with the support from Roboform.
Another idea: You only login Roboform, then access secure note and copy the OTP password to login Lastpass. I am surely it will be more convenient and secure as well.
5. Use Yubikey authentication as a second secure layer
Yubikey is a tiny device that can be used as a hardware security solution. Currently only Lastpass Premium account supports this secure method. Yubikey costs you only $25 but it provides another strong secure layer. Lastpass is reliable and it will be more reliable after combining with this tiny key-size device.
Whenever you configure Yubikey with Lastpass, each time you login in the password manager service with your master password, you will still be asked to use your token (generating by Yubikey) to access the dashboard. So without this device, even some guys have already known your master password will not able to break your information.
You might also like: