Update Sep 2023: I wrote this post 13 years ago. LastPass is now terrible, do not use it. They had a catastrophic breach last year where all their user data was stolen and now people are stealing victim's cryptocurrency. I switched to 1Password several years ago. It was better then, still good now. And LastPass is a disaster.

LastPass is good software. It's a password agent, software that remembers your zillions of passwords for different websites and autofills them in your browser. It works with every consumer operating system, it works in every major browser except Opera, and mostly it just works. The free version is pretty limited, you really want the $1/month version.

I've tried a variety of password managers over time and gave up on them all. Either the browser integration was awkward or some fundamental aspect of the design was insecure or unusable. LastPass gets a lot right. Form filling is the best I've seen. Passwords are stored on the lastpass.com server so you can access them from multiple devices but are only decrypted on your client so they remain secure. There's multiple levels of credentials for varying security needs. And there's a plain text export to CSV option for offline backup.

Drawbacks? The UI is pretty clumsy, particular the 100+ configuration options that fortunately you can mostly ignore. The iPhone version is usable but awkward because of Apple's limitations. And while LastPass is as secure a design as I can imagine, I'm still uneasy with all my passwords sitting in one place. But then again I accepted that risk years ago with stored browser passwords; at least LastPass encrypts my data.

I still resent that I need passwords at all, it's time the Web moved to a post-1970s form of authentication. But LastPass solves a lot of problems: it makes it easy to have secure unique passwords for every site and allows two factor authentication for robust security. It's a pretty good solution.

  2010-09-05 20:00 Z