The average user can't remember a large number of complex, strong passwords. While some users can create mnemonics for their passwords, the great majority of us lack that capability (and have little motivation to cultivate it). The solution, for most, has been to store those passwords locally. Nick recently wrote about the uncertainty of saving passwords in browsers. While short on solutions, Nick does bring up a number of points that should concern anyone who relies on this type of password storage.

There are other solutions, but none is quite ideal. One is to create a document containing all passwords, but then that would only be available on a single device. Motivated users could copy it to all devices every time it is updated, but that involves plenty of work. An alternative is to store the document on a cloud server, allowing all devices to access the latest version. But there are security issues with that, too. After all, Dropbox was hacked less than a year ago.

For users serious about security across all services and devices, there is an application that provides a solution. LastPass is a service that stores all of your passwords in a single location. While it can connect to Firefox, Safari, Chrome, Opera, and Internet Explorer, it is not ingrained in the same manner as their native password storage features. It also works on mobile devices, meaning you have access to all of your passwords, no matter what device you're using.

Creating one secure password

The entire idea behind +LastPass centers on the creation of a single, secure password. That one password gives you access to all of your others -- the last password you'll ever need. In this way it is similar to many other password storage systems. But it's cross-platform compatibility, along with direct browser integration, gives it a leg up on the competition.

Of course, using LastPass still means creating and remembering a strong password. Even the mnemonically disinclined can make due for a single password. It's as easy as thinking of a 20-character string, then substituting some letters for symbols and numerals while adding in capitalization. Similarly, users can create something that is easy to remember by keyboard layout.

Any way you choose to do it, LastPass delivers on the promise of giving you just one password to remember. What happens, you might ask, if LastPass itself gets hacked? All of its data is securely encrypted, making it difficult for hackers to crack your password after stealing it. Once LastPass informs users of a breach, they can change their passwords and regain security.

Auto fill, auto login

One big security fear for users involves key logging technology. There are many forms of malware that embed themselves on your computer and record all of your keystrokes. The idea is that hackers can find your passwords and financial information that way. LastPass eliminates that problem by allowing you to autofill many fields, including usernames, passwords, and personal information. This is done either through a button that pops up when these fields appear, or through an automatic option in your LastPass vault.

Another option LastPass provides is to automatically log into certain services. This provides an additional layer of security. Not only are you not logging your keystrokes, but you're not even entering the information into your browser. Really, though, this feature is more about convenience than security.

Problems and issues

While LastPass might seem like a great solution for anyone seeking more secure passwords, there are a few pitfalls that might concern some users. Most of these are workable, and are well worth the trouble for the price of security. But all users should be aware of them before they sign up for LastPass.

1. Multiple storage points. Instead of recording only the most recent iteration of username/password for a site, LastPass stores many iterations. To combat this you'll have to go through your password vault and delete all old entries.


2. Remembering changed passwords. For some sites, LastPass will offer to generate you a password while you're in the change password screen. For others it will not, and you have to do it manually. In both cases the data can be stored in strange ways. You'll have to manually edit many entires to ensure that they contain the proper login site, username, and password.


3. Mobile integration. While LastPass works on Android and iOS, including tablets, its integration is a bit flawed. I use the T-Mobile LG Optimus L9, and find myself constantly using the task switcher between LastPass and my Chrome browser. LastPass can autofill on these mobile platforms, but only in its own browser. This makes it a pain not only for the browser, but especially for apps. There is plenty of copy/pasting and task switching going on. And it's pretty much unavoidable -- you wouldn't want to use the LastPass browser.

As the saying goes, the only secure password is one you can't remember. But if you can't remember it, how can you log in? The answer is to use a third party storage system, accessible anywhere, to store forgettable yet secure passwords. Using LastPass means creating just one secure password that you do have to remember. That sounds a whole lot better than trying to remember or manually organize hundreds of secure passwords.

Author Bio
Joe Pawlikowski writes and edits the mobile technology site MobileMoo, which covers Android, iPhone, BlackBerry, and more.