Scott Whitton HomePage

Password Management Overview: LastPass

By Scott W. Whitton

November 4, 2016

The news of another hack of information, breach of data, or financial loss due to the activities of cyber criminals is something has become commonplace in our digital age. Because of the number and scope of these incidents, It is almost certain that everyone's online identity has been or will be stolen at some point. Most people will not find out that their personal information has been compromised until the unauthorized charges begin to appear on their credit cards, or are turned down to a line of credit. By then it too late, the damage has been done. Victims of Identity theft are then tasked with cleaning up the mess left behind by cyber-criminals.

One of the biggest problems, that has allowed for rampant occurrence Identity theft, is due to weak credentials when it comes to securing and protecting our online information. To illustrate the point you only need to look at any number of recent reports, such as Verizon’s Data Breach Report(DBR). Verizon’s DBR, which aggregates data from nearly 70 contributors from around the world, and examines over 100,000 cyber security incidents, including 2,260 confirmed databases from around the world, is considered one of the most comprehensive annual reports that provides tremendous insight to cyber security threats. According to the 2016 DBR, nearly 63% of confirmed data breaches involved weak, default or stolen passwords.

The importance of adopting a strategy for strong credentials cannot be stressed enough. Keeping your information with good credentials is not nearly as difficult as some might think. It involves a few simple principles when it comes to creating secure passwords, and updating them on a regular basis. The task adopting good habits is made all that much easier through the use of a good password manager service. While there are great number of excellent password management services and applications, my prefered service is LastPass (www.lastpass.com).

LastPass is free for personal use and can be installed as both a plug-in in your preferred browser and as a standalone application for mobile devices. LastPass is great because it simplifies the process of securing credentials. The service stores all of your passwords from various websites and applications in a secure, encrypted digital vault. You only have to manage one master password to log into your account and allow the application to autofill your username and passwords.

In addition to standard management functionality, LastPass has a number of additional features that can be used to create strong credentials that unique to every site, update them on a regular basis. A security checkup is also available to ensure that the passwords are not reused, compromised or out of date.

For instance, the password generator can take the pain out having to come up with secure passwords. Simply indicate the length of the password and the character types you want to use and LastPass does the rest. The password is stored in the secure vault and automatically filled in whenever you visit that particular site. For an example, Gmail accounts allow the use of passwords that can be 100-character in length and that can include a mix of uppercase and lowercase letters, numbers and symbols. Utilizing the maximum length and complexity yields a password so complex that it would take the Tianhe-2 Supercomputer, the world's fastest supercomputer, more than 10,000 centuries to crack using brute force, according to Kaspersky Lab (https://password.kaspersky.com/).

However, even the strongest password known to all mankind is useless if somehow became compromised. This may occur no matter how strong of a password you are able to generate if a talented cyber criminal is able to decode the algorithm used to encode your user account and password. Such as what happened with the 2012 LinkedIn hack that compromised 6.5 million user accounts and in the September of 2016 hack of Yahoo accounts where over 500 million accounts were exposed. Because your credentials may have already been hacked, and you just may not know it, is the reason why it is important to change your passwords often, and to not reuse passwords.

The Security Challenge is a feature of LastPass that will analyze the security strength by identifying passwords that are known to have been compromised, prompt you to change weak passwords, advise you to change any passwords you have reused, and prompting you to change old passwords. For some service, such as Facebook and google, LastPass can even change your passwords for you automatically.

For the competitive individual, the Security Challenge assigns you a percentage based on how secure your account is, and what bracket you are in compared to other LastPass users. You can even challenge members of your social network to take the challenge. I found myself itching to get the highest possible score by addressing all of the vulnerabilities highlighted in the Security challenge results page. LastPass is one of many tools available for free. Some other services that are also available are:

It is my hope that you, the reader, will have greater awareness of some of the challenges you might be up against when it comes to your account security and that there are ample resources to safeguard your data.

Scott Whitton is a member of Fall 2016 Information Technology Senior Seminar course and is planning on pursuing a career in the Information Technology Field.