T103.4 - Google Chrome and Password Manager...
UPDATE -- 12/14/2017
Lastpass was my pw manager of choice. I paid 12-14/year for a preimium service just so I could view pw's in their app the 1 or 2x a year I needed too. I could have in fact just logged into their mobile browser and saved the pennies, but I thought what the heck. Live large. Unfortunately, they were purchase by LogMeIn compnay in the 2016 time frame. That group is known to jack up prices on services while removing services from free or lower subscription levels and they did the same to this in 2017.
- https://www.theverge.com/2017/8/3/16089444/password-manager-lastpass-pricing-doubles
- https://www.engadget.com/2017/08/03/lastpass-premium-costs-twice-as-much/
See the Technology > KB > Password Manager section for more details on this now...
Lastpass
Lastpass is(WAS) my password manager of choice. It was one of the first in the business and it is the most widely known/used with the most attractive pricing for similar services. For updated info on competitive options see More>Research/Reviews>Password Managers.
The name Lastpass comes from the idea that is should be the only/last password you should have to remember, because as long as you can get into your last pass account, you can lookup all your other passwords.
Q: What does Lastpass (or any integrated password manager) do that makes it so much better than just storing my stuff as digital notes elsewhere?
A password manager / password vault is a website or software application that stores passwords and the urls that go with them. In that sense, it is really nothing fancy. They have good security for the website, but most websites have good security these days, so it really isn't all that unusual.
The HUGE benefit of a password manager is related to the browser extensions which autopopulate your user name and password when you go to sites where you have accounts.
The way this happens is quite simple. An extension in installed in your browser. Every time you load a new webpage, that extension checks the page contents to see if there is anything that could be a username and password box (it's not perfect with this), and if there is, it sends a message to your vault asking if you might have data for those boxes. Your vault will send data back for that URL.. and all of that happens behind the scenes in a secure manner.
This dramatically speeds up your login and logout process as compared to manually typing in your username and passwords each time. Likewise, when you change your passwords, it will note a change and ask you if you'd like to save that in your vault. this functionality is not perfect, but it works pretty well. I always suggest manually checking the data it updates and logging out and back into the website to confirm the update was saved.
To keep your life as chaos free as possible:
The name Lastpass comes from the idea that is should be the only/last password you should have to remember, because as long as you can get into your last pass account, you can lookup all your other passwords.
Q: What does Lastpass (or any integrated password manager) do that makes it so much better than just storing my stuff as digital notes elsewhere?
A password manager / password vault is a website or software application that stores passwords and the urls that go with them. In that sense, it is really nothing fancy. They have good security for the website, but most websites have good security these days, so it really isn't all that unusual.
The HUGE benefit of a password manager is related to the browser extensions which autopopulate your user name and password when you go to sites where you have accounts.
The way this happens is quite simple. An extension in installed in your browser. Every time you load a new webpage, that extension checks the page contents to see if there is anything that could be a username and password box (it's not perfect with this), and if there is, it sends a message to your vault asking if you might have data for those boxes. Your vault will send data back for that URL.. and all of that happens behind the scenes in a secure manner.
This dramatically speeds up your login and logout process as compared to manually typing in your username and passwords each time. Likewise, when you change your passwords, it will note a change and ask you if you'd like to save that in your vault. this functionality is not perfect, but it works pretty well. I always suggest manually checking the data it updates and logging out and back into the website to confirm the update was saved.
To keep your life as chaos free as possible:
- Use Lastpass
- Pay for the Premium service so you have access to seeing your passwords on mobile devices
- Do not use organizational folders in Lastpass
- Do not use auto-login feature from Lastpass
- Do not use the launch button in Lastpass
- Turn off/disable all other password storage systems and any auto login options (like in Chrome, as explained above)
- Recognize the "wrench" image in Lastpass as the "view" option (it's not intuitive...)
- It's actually easier to enter new user account info into Lastpass and then use it than it is to go to the website, login, and then follow the prompts asking you if you want to save the password. You will need the url for the login page to set this up, or you just use the domain name (like www.xxx.com) and it will recognize that as part of the url of the login page.
1) Setup a Lastpass Account
Go to Lastpass.com and setup and account.
It will ask you for a hint for your password. Be specific enough that you can figure it. Then either write down that hint or write down your password somewhere where you wont lose it and preferably in someplace digital that you can access. So, for example, you could create a contact in your phone for yourself, and in the comments there put the hint for your password.
When you log in to Lastpass... there are two things to note...
It will ask you for a hint for your password. Be specific enough that you can figure it. Then either write down that hint or write down your password somewhere where you wont lose it and preferably in someplace digital that you can access. So, for example, you could create a contact in your phone for yourself, and in the comments there put the hint for your password.
When you log in to Lastpass... there are two things to note...
- The Add Record option is a + on the bottom right corner of the screen. Totally not intuitive.
- They have secure notes too. That is a good place to store the pw's for office computers
2) Install Lastpass Extension in Chrome
Lastpass for Chrome is a Browser Extension. It can be installed via one of two methods:
- Type "install lastpass" in google and follow a link
- With Chrome open, Hamburger > Settings -- and then on left side change to "Extensions" -- then search for Lastpass and install the extension
Once installed you will see a red icon in your address bar area. That is how you will access Lastpass.
3) Install Mobile App on Mobile Devices
Go to the App store and install the mobile Apps on your phone. I personally have it memorize my lastpass pw. If someone gets my phone, my phone's password is my line of defense.
With Lastpass, you will only be able to see your passwords if you pay for the premium account, which at the time of this publishing was $14/year.
With Lastpass, you will only be able to see your passwords if you pay for the premium account, which at the time of this publishing was $14/year.
4) Support Notes
- Setup Account
- Install App in Chrome (be sure they are logged into chrome so that carries to all devices)
- Install the App on their phone and other mobile devices
- Show them how to enter new websites and secure notes.
- Tell them not to use organizational folders,
- Remind them not to use autologin feature.
- Note their LP hint somewhere so they don't need to email themselves every time they forget that pw.
- Make sure their computer and phone have passwords, and then setup LP to remember password on PC/Mac and phone for simplicity of use
- Show them various websites where Lastpass doesn't work quite as expected (intuit is one..)
- Show them how to save new sites and make changes when detected, but remind them they really should check all those once entered that way. Manual updating and saving is actually far more friendly