Later On

A blog written for those whose interests more or less match mine.

LastPass learning

leave a comment »

I’m working my way (slowly) through my collection of passwords, having had a password hacked. Quite a few are secure—all the financial ones—but I was careless with others (like Twitter, which tweeted in my name a “work from home” scam), so though it is painful—I registered way too many places—I have little choice but to work through the list. A few things I’ve learned:

a. Don’t check the “Auto Login” option in LastPass for any of your sites—it truly just gets in the way. Autofill is fine: LP filles in the name/email and the password, but then it stops for you to click the login. For one thing, quite a few sites on logout take you to the login screen, and if LP is set to autologin, you back in again. Don’t use that option.

b. Avoid getting duplicates in your LP list: when you change a password, for example, you are offered “Save site” as an option. Click that and you get a dialogue box with one option (bottom left) being to “Replace site”. You must click the button AND ALSO click the drop-down list (which shows blank) to select the site you’re replacing. Otherwise you end up with duplicates, a great flaming pain since you don’t know which is the “right” one.

c. At least once a week review your LP vault to check it over and make sure duplicates have not crept in, etc.

d. Many sites—more than you think—have obscure or missing directions on changing a password. VERY few allow you to close the account altogether: once you register, you always have an account there, with its password. Thus the importance of unique passwords.

e. Some sites are well set up for a password change and LP can cooperate well with those. You put the cursor in the “current password” box and LP presents at the top some buttons: click “Fill current” and it’s filled, click “Generate” and a new password is generated and presented for your inspection, click “Accept” in that drop-down box and, after a pause, the generated password is put into both “new password” fields (i.e., the first to collect the new password, the second to confirm it by a match). Click the “continue” button (or whatever it’s named) on the site, and after a pause LP offers at the top of the screen the option “Confirm”. Click that and the change is made to the original LP record. There are not enough sites like this, but they are fairly frequent.

This is slow and tedious work, but it must be done. A fair number of sites have vanished, so those I simply delete from the LP list. I’m finding a few errors in the logon name (usually my email address), but easily revised. I do recommend using LP’s notes field to comment on changes, etc., so in the future you know what’s what.

Be careful out there. And again: use shouldichangemypassword.com to see if you, too, should be doing this.

Written by Leisureguy

27 July 2012 at 9:16 am

Posted in Daily life, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.