Keep your passwords private with LastPass

An online airing of tens of thousands of stolen Webmail passwords suggests that it’s time to find extra protection.

This fall, more than 20,000 stolen usernames and passwords for such Webmail providers as AOL, Gmail, Hotmail, and Yahoo appeared on Pastebin.com, a programmer's Website.

The Webmaster, Paul Dixon, wrote that "for reasons unknown," some "miscreants" posted the data on his site. Dixon removed the stolen info, which Microsoft and some security researchers theorize was gathered through phishing attacks.

A researcher at ScanSafe argues that the data may have come from password-stealing malware, not phishing. Either way, crooks clearly aren't after only bank accounts and other financial log-ins. They also want access to your Webmail. But why? A friend of mine was recently hit by a scam, and her experience helps answer that question. After her Hotmail account was hacked, every message she sent included an unwelcome advertisement.

Crooks have also begun using stolen Webmail and Facebook accounts to send pleas supposedly from a victim to friends or contacts. Some bogus messages claim the sender is stranded overseas and needs an urgent wire transfer of funds.

Don't Pass the Password

To guard against password thieves, I use LastPass. The tool offers a free password-managing add-on for Firefox on Windows, Linux, or Mac OS X; Internet Explorer on Windows; and Safari on Mac OS X. An add-on for Google Chrome is under development.

LastPass fills in your username and password for verified sites that match a real URL; phishing scams that use similar but fake Web addresses won't deceive it. And because you don't type your password, keylogger malware can't capture your keystrokes and nab your password.

Other apps, like Password Hash, offer similarly worth­while protection, but LastPass stores all of your data on its servers (using 256-bit AES encryption) as well as on your PC. Since the company never has the software decryption key or your password, nobody at LastPass can get to your info.

Because your data is stored centrally, you can use the add-on with any browser, log in with your LastPass master account info, and access all of your passwords. Even without the add-on, you can log in to LastPass's site to get to your information. That means you should create a fairly complex master password for the LastPass site, but it also means you have a de facto backup if your PC goes kaput.

Instant Entry

The handy add-on can automatically log you in to sites and can fill in forms, but for better security you should change some of its default settings. For instance, it normally keeps you logged in to your LastPass account for two weeks, even if you close and re-open the browser; to prevent someone from sitting at your desk and accessing your accounts, click Preferences and check Automatically logoff after idle. I set mine to log off my LastPass account after an hour.

It's also smart to require a password reprompt for sensitive accounts; the app will ask for your master password before filling in the username and password, even if you're already logged in. You can enable this when the add-on automatically asks if you want to save a newly entered password. LastPass offers applications for the iPhone, BlackBerry and other mobile devices, too, but those will cost you $12 per year.

Tags passwordssecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Erik Larkin

PC World (US online)

1 Comment

Anonymous

1

Dresses for the best prices, guaranteed! Dresses shipping and product reviews on all Casual Dresses,
Evening Formal Dresses, Two-piece Dresses products.
<a href="http://www.eidress.com">Custom Dresses</a>bdbvdfbfdbdb

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?