Sunday, July 8, 2012

LastPass 2.0 Still King Of Password Managers....

A few months ago, I examined the two heavyweights in the field of password creation and management-- LastPass and Roboform. In the article, Roboform Is No Longer King of Password Managers.... LastPass Is A Tool You Need Today! I found LastPass to offer superior value and flexibility to Siber System's, Roboform. My opinion hasn't changed, but since my post in late April LastPass has introduced a significant upgrade. Version 2 of this product further separates LastPass from the competition and many of the enhancements are worthy of mention.

It should be noted that Roboform has also released a few incremental upgrades since my last review. However, these "dot releases" to their Version 7 platform primarily fix and enhance existing features across various operating systems and browsers. This link provides a complete listing of these incremental fixes to Roboform's platform.

The current version of Roboform (7.7.8) also falls under Siber System's new licensing scheme which was put in place with the introduction of version 7.4. While the company has made efforts to simplify various licensing options which I have found overly complex, and potentially expensive, in my earlier review. The revised pricing and versioning still falls short of the simplified LastPass model. Siber also requires accredited users of Version 6.XX to pay an upgrade fee when moving to 7.XX. While many companies impose upgrade pricing on past subscribers for significant version changes, it is worth noting this stipulation given LastPass's introduction of Version 2 at no charge for their existing customer base.

In a nutshell, LastPass offers two versions-- totally free and a $12/year Premium version which allows password synchronization across mobile devices, no ads, priority support, and more. With these caveats out of the way, here are a few of the LastPass Version 2's new features which warrant your consideration (unless specifically noted, all new features below are available in the FREE version):

LastPass Wallet


  • Documents, including PDFs, can be added to Secure Notes (which are Password Protected files). Secure Notes allow you to securely store information for later retrieval.

    A related, free, iOS, feature, LastPass Wallet, builds on Secure Notes.
    Wallet allows you to keep secure digital copies of various items typically found in your physical wallet- credit cards; government identification, and more. It has been widely reported that Apple intends to offer a similar product, Passbook, as part of its upcoming iOS 6 rollout. I do not review beta products unavailable to the general public and which may undergo revisions before public release. I can recommend current and new LastPass users who also rely on iPhones and/or iPads to review and download this free LastPass extension (unlike LastPass core features, LastPass Wallet is only available on iOS at the time of this writing). (Download the iPhone App here. Download the iPad App here.) When iOS 6 is formally released, I will cover new features, including Passbook.
  • FREE credit monitoring alerts. This feature is limited to United States users (but does not require purchase of the Premium version). Somewhat confusingly, LastPass offers a premium credit monitoring service (which is separate from LastPass Premium) for $9.95/month which offers more robust credit and identity resolution solutions. At a minimum, I hope the company renames this service to better differentiate it from the global $12/year premium upgrade.

    This free feature relies on TransUnion reporting data. You are provided a notification and email if negative inquiry(s) are detected. This isn't a substitute for more robust credit/identity theft services, but may serve as a useful (and free), first line of defense. It should be noted that some current LastPass users have expressed concern about the addition of this new feature from a standpoint of product focus and over release of sensitive data. (LastPass stores and encrypts your login data on  your local computer keeping you in complete control of your data vault; only you are able to unlock the underlying authentication information. The free credit monitoring feature requires you provide additional data "outside" your local computer's hard drive, including Social Security Number, which is an understandable concern particularly among security conscious users. No breaches have been identified and I am currently using this additional free service without incident. Still, you should be made aware of the concern.)

  • A faster, more  uniform, user experience across various desktop and mobile browser plugins. It should be noted, LastPass offers plugins for many mobile platforms beyond Android and iOS including Symbian, Dolphin, Blackberry, WebOS and Windows Phone. LastPass is especially well suited for those of you looking for mobile password security on "secondary" mobile platforms which may have little or no support in alternative products.


For a complete list of LastPass features, both free and premium versions, click here.

Regardless which password manager you elect to use, the general advise from my past post remains valid. (The excerpt below was part of an earlier post on this subject and can be read in full by following this link.):

Online security experts often offer a number of authentication recommendations. Most of the advice is sage and will go a very long way towards ensuring you aren't a victim of identity theft. Following these steps also minimizes any potential damage (and liability) which may occur should one of your accounts happen to be compromised. Among the most important rules:




  1. Use strong passwords. So called dictionary attacks makes it increasingly trivial to hack into an account secured by a user password, or even minor variant, which can be found in a modern dictionary. So if your idea of a "good password" is using the word, "simple" or "simple123" even a rookie hacker is likely to be reading your email or checking your bank balance in a matter of minutes if they are so inclined.
  2. A close corollary to the first point, use pass phrases if at all possible! It is orders of magnitude more difficult to divine a pass phrase such as "simple solutions to 123 cake recipes" than "simple123."
  3. Far better than a dictionary prone phrase, is a truly strong, twenty (or greater) character password such as, "Uq7ZT2D8YeNIS9lO2tbz." This character string contains UPPER case, lower case and numeric characters. The odds of such a password being discovered using even today's sophisticated hacking tools and powerful hardware are extremely slim.
  4. Again, the value of such a strong password is greatly enhanced if you generate UNIQUE passwords for each of your various online accounts. If someone discovers the password for your old Hotmail account you haven't even reviewed for a month, the damage is very containable IF this same password isn't also the key to unlocking your online bank account or ROTH IRA!
  5. This is almost a given, but using easily discovered personal data in your authentication scheme is an extremely bad idea. In today's electronic universe of social networks and search engines, it doesn't require a rocket scientist in most cases to unearth your mother's maiden name or the fact  your cute lovable pet's, moniker.
  6. Which brings me to one more security point worth mentioning. Even if you follow my advice and practice good password policy, if you answer those security questions with easy (or in fact true) responses, you still leave a rather big security hole in your online fortress. Especially for highly sensitive sites such as your bank and/or investment accounts, consider answering, or resetting, the security questions to information that is not available anywhere. In this case, telling a white lie or two is the better part of valor. There is nothing that requires you to answer these questions with the truth! It is really only necessary that you know the answers! So if one question is, "What street did you grow up on?" Avoid telling the truth. If you lived on "Eastside Avenue," respond instead with, "Westside Street." (Just remember what subterfuge you employed so if the worst happens and you truly do need to reset one of these sensitive accounts, you don't outsmart yourself! See Safe Notes, below.)
The nearby advice is all sound. There are additional nuggets of online protection which are well worth your consideration, but one thing all of these rules have in common is they are virtually impossible to follow if you are relying on traditional ways of generating and recalling your authentication information. Unless you truly have an eidetic memory, you need help! This is where Roboform, LastPass and other utilities fill a very real need.





Sadly, online and offline security issues remain very real. LastPass offers a great frontline defense for free (or a $1/month if you also rely on mobile devices). The question isn't "should you use one of the programs" but which program should I use....? For the moment, Version 2.XX of LastPass seems to offer a better mousetrap than RoboForm version 7.XX. Most importantly, begin using something before the bad guys get the jump on you! Using one of these tools doesn't immunize you from disaster. If you are interested in reading about a recent issue I experienced, you might want to check out, Ironic Identity Theft.... Is There Such A Thing?





Enjoy! If you find this post of interest, please share through Google+, Twitter and Facebook! We welcome your comments (which you can provide via the comment form below).




 
I currently participate in Associate Programs and certain item links included within this post may tie to these affiliate programs. By using these links, you help support Music Row Tech, We appreciate your support.




Companies: Syber, LastPass, Transunion



This commentary is not meant as an endorsement of any company or to provide financial advice.  If the author has any financial interest in any company mentioned at the time of this article’s posting, it will be explicitly noted. I welcome feedback and comments. 











No comments:

Post a Comment

Thank you for sharing your thoughts with other Music Row Tech readers and subscribers.