Review: LastPass
Score:
90%
Windows Phone is a social beast, which means lots of logging into websites and apps. Password security has been in the news a lot this year as various websites have had their password databases published by hackers. Now, more than ever, is the time to take your password management seriously. Some say that convenience is the enemy of security. As such, using the same password everywhere puts you at great risk, but it is easier than remembering a different password for every website. LastPass is the most secure solution for managing your passwords and filling in forms, and it's ubiquitous across all platforms.
Version Reviewed: 1.87
LastPass is an established, and state of the art, password management system. It works by storing your passwords online in an encrypted database (per account). Only you have the password to decrypt them, so if you ever lose your master password, your other passwords are lost for good. Best of all, though, is that it's free to use on the on the web with browser plugins. To use LastPass on a smartphone requires a premium account, which costs a modest sum of 12.00 USD per year (approximately 7.75 GBP). Once you've paid that, the mobile apps are free, and there's a 14 day trial for premium usage too.
.jpg "LastPass")
.jpg "LastPass")
Getting Started with LastPass
When you load up LastPass for the first time, you'll have to provide your username and password, which enables the application to download your encrypted database and decode it on your phone. You also have options for the application to remember your username and to remember your password. This presents an immediate dilemma which goes back to the general issue of password security. Obviously it would be easiest to start the application without being challenged for any authentication, but then anyone else with access to your phone could do the same. There is a compromise option if you don't want to have to enter your username and/or password every time the application is restarted, though. Instead of constantly re-entering your password, you can set a four digit PIN. Obviously, this isn't as secure as a strong random password, but if you're going to be dipping in and out of the application a lot, it's better than nothing.
The application has a three step pivot between a list of all your passwords, a search box, and an internal browser. Let's take a look…
I'll assume at this point that you've already installed LastPass on your desktop and it has imported all of your passwords from your desktop browsers – see my How-To guide. If you've done that, the first pivot will list everything stored on your LastPass account, and it will be divided up into groups if you've created any. Tapping on the site name will launch the internal web browser, but tapping the edit link will take you to a dialog for that profile. The edit screen isn't just for editing, though. There are menu options to copy your username or password to the clipboard. This presents a degree of flexibility that I'll come back to later.
.jpg "LastPass")
.jpg "LastPass")
Listing and searching for passwords
On the desktop, LastPass can automatically log you in to websites and fill forms for you. Since that isn't possible with Internet Explorer on Windows Phone 7, the developers have found an ingenious workaround. Instead, they have embedded an instance of Internet Explorer within the application itself. This has allowed them to add their own toolbar that enables you to automatically fill in your usernames and passwords. The Forms icon will also fill in other forms, like your postal address and credit card details. The other benefit of handling web pages within the application is that – by not viewing these sites in the native Windows Phone browser – there's no confidential data to be stored; e.g. cookies and browsing history.
.jpg "LastPass")
.jpg "LastPass")
Secure browsing in LastPass
The only niggle I had with using the browser is that using the back button takes you out of the application, thus requiring you to re-authenticate to get back in. This is because the browser is embedded into the application and the back button is working on an application level, and not controlling the browser session.
The application's menu also lets you add new site profiles and refresh your password database from the web. The only feature I couldn't find was a password generator, whether you're editing a site or wanting to change a password while browsing. However, as long as you have a password generator app on your phone, you could always paste it in when editing a profile.
.jpg "LastPass")
.jpg "LastPass")
Secure browsing in LastPass
Talking of pasting, that brings me back to another way in which you can use this application. If, for whatever reason, you don't want to use LastPass' internal web browser, you can use the 'edit site' dialog to copy your passwords into Internet Explorer. I.e. Load a site in IE, use Fast Task Switching to get into LastPass and put your password onto the clipboard, then switch back to IE and paste it in. This is less secure as cookies are being stored in your native browser and the password is in your clipboard, but it's good to have the flexibility.
LastPass properly supports Fast Task Switching too. It can detect that you are switching back to the application, then challenge you for a password or PIN, before putting you back to exactly where you were when you left it (e.g. a secure browsing session).
I think LastPass is an essential tool for everybody, not just geeks. Not only does it make it easy to store (and retrieve) a different password for every website you use, but it makes it easy to change passwords too. The Windows Phone 7 implementation is excellent.
Highly Recommended.
Reviewed by David Gilson at