Keep your passwords private with LastPass

An online airing of tens of thousands of stolen Webmail passwords suggests that it’s time to find extra protection.

This fall, more than 20,000 stolen usernames and passwords for such Webmail providers as AOL, Gmail, Hotmail, and Yahoo appeared on Pastebin.com, a programmer's Website.

The Webmaster, Paul Dixon, wrote that "for reasons unknown," some "miscreants" posted the data on his site. Dixon removed the stolen info, which Microsoft and some security researchers theorize was gathered through phishing attacks.

A researcher at ScanSafe argues that the data may have come from password-stealing malware, not phishing. Either way, crooks clearly aren't after only bank accounts and other financial log-ins. They also want access to your Webmail. But why? A friend of mine was recently hit by a scam, and her experience helps answer that question. After her Hotmail account was hacked, every message she sent included an unwelcome advertisement.

Crooks have also begun using stolen Webmail and Facebook accounts to send pleas supposedly from a victim to friends or contacts. Some bogus messages claim the sender is stranded overseas and needs an urgent wire transfer of funds.

Don't Pass the Password

To guard against password thieves, I use LastPass. The tool offers a free password-managing add-on for Firefox on Windows, Linux, or Mac OS X; Internet Explorer on Windows; and Safari on Mac OS X. An add-on for Google Chrome is under development.

LastPass fills in your username and password for verified sites that match a real URL; phishing scams that use similar but fake Web addresses won't deceive it. And because you don't type your password, keylogger malware can't capture your keystrokes and nab your password.

Other apps, like Password Hash, offer similarly worth­while protection, but LastPass stores all of your data on its servers (using 256-bit AES encryption) as well as on your PC. Since the company never has the software decryption key or your password, nobody at LastPass can get to your info.

Because your data is stored centrally, you can use the add-on with any browser, log in with your LastPass master account info, and access all of your passwords. Even without the add-on, you can log in to LastPass's site to get to your information. That means you should create a fairly complex master password for the LastPass site, but it also means you have a de facto backup if your PC goes kaput.

Instant Entry

The handy add-on can automatically log you in to sites and can fill in forms, but for better security you should change some of its default settings. For instance, it normally keeps you logged in to your LastPass account for two weeks, even if you close and re-open the browser; to prevent someone from sitting at your desk and accessing your accounts, click Preferences and check Automatically logoff after idle. I set mine to log off my LastPass account after an hour.

It's also smart to require a password reprompt for sensitive accounts; the app will ask for your master password before filling in the username and password, even if you're already logged in. You can enable this when the add-on automatically asks if you want to save a newly entered password. LastPass offers applications for the iPhone, BlackBerry and other mobile devices, too, but those will cost you $12 per year.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securitypasswords

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Erik Larkin

PC World (US online)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?