By Kevin Purdy, Lifehacker – September 23, 2010 at 07:00AM
LastPass is easy, secure, and works across systems and browsers—it’s our favorite password solution. Here’s how to take LastPass further: force saving on uncooperative sites, manage notifications, “rate” your passwords, use two-factor authentication, and more.
If LastPass is intriguing, but you’ve not quite made the jump, consider our previous feature on why it works so darned well. Founding editor Gina Trapani also considers LastPass as the sweet spot between convenient and security, as detailed in this embedded entry from her Work Smart video series:
Once you’ve picked up the basics of importing and storing passwords, Secure Notes, and setting up your browsers with LastPass instead of insecure password storage, you can get more out of LastPass by exploring its features around the edges. Here’s a few of our favorites:
Manage Your Notifications
After installing LastPass and setting it up with a few passwords, you might notice that it’s a bit, well, overzealous in its reminders, notices, and questions. Asking to save new passwords or change them? Sure, that makes sense. Reminding you every time LastPass fills in a form, or offering to generate a new password on every site? Not so helpful.
To get less browser chatter, click the LastPass icon on your browser taskbar, or get to its settings from your add-on/extension menu. In the preferences list, choose Notifications, and uncheck those things having to do with “Form Fill” and “Generate Secure Passwords.” You can also get rid of the browser-spanning “Bar” notifications if you’d like, because your LastPass icon will still spin and change colors when it wants your attention—to save or change passwords, bad LastPass logins, and the like.
Take the LastPass Security Challenge to Fix Your Weak Passwords
Just because your passwords are locked away in LastPass doesn’t mean they’re actually good passwords. If you give LastPass permission to run through your passwords, the app can show you which are decent, which are pretty much asking to be hacked, and provide direct links to where you can fix them.
Sign into LastPass through your browser add-on, or on the site itself, then head to the Security Challenge site. You can also access this site through your extension’s Tools menu. Hit the “Start the Challenge” button, and LastPass will analyze all the passwords you’ve tucked away, then provide both aggregate data on your entries (average length and strength, numbers of duplicates, etc.) and show you each password for each site, and how it rates.
Force LastPass to Remember Stubborn Sites
For various reasons—weird design and intentional lock-downs among them—LastPass can’t or won’t take note of the username/password combo on some sites and offer to save it. This also applies to sites that have sub-sections you can log into.
If you’ve got a site that won’t take input, go ahead and type in your user/password combo, but don’t hit the login button. Instead, click your LastPass browser icon, then choose “Save All Entered Data.” You’ll get a kind of behind-the-scenes look at how LastPass views the page. Scroll down, and you’ll see the text you entered next to the named field. Hit “Save” in the lower-right corner, and the next time you head to the site, LastPass should be able to save you the trouble of logging in. Be sure to check as well in the Advanced section of your browser add-on preferences—you’ll see an option there that lets you ignore or respect sites that use the basic autocomplete=off code on their sites to discourage tools like LastPass.
Create Your Own Keyboard Shortcuts
Like all the apps that you plan to use every day, you should get familiar with LastPass’ keyboard shortcut powers. In this case, though, you’ll mostly create your own scheme that’s familiar to your fingers.
The default keyboard shortcut that everybody should know is the login changer. If you’ve got multiple accounts at, say, Twitter.com, LastPass can remember them all. To change between them at the login screen, hold Alt (or Command on Macs) and press Page Up or Page Down on your keyboard. The other shortcuts for saving, generating, and entering passwords are up to you to fill in, depending on what you feel works. I find that holding Alt as a general LastPass modifier tends to work best and interfere with the fewest shortcuts.
Require Two-Factor USB Authentication
If you’ve got some really sensitive stuff stashed in LastPass, or you’re heading somewhere without real guarantees of security (like, say, internet cafes in Thailand), you can upgrade to a LastPass Premium account (about $1 per month) and start using LastPass Sesame. It’s a thumb drive application that runs on Windows, Mac, and Linux, and it changes your LastPass account so that it requires generating a one-time password from the USB drive before unlocking any passwords. In other words, even if someone gets your root LastPass password, it won’t do them any good without access to the thumb drive you’re likely carrying with you.
Install the Binary Version for Extra Cross-Browser Features
You’ll notice, peeking around LastPass’ settings, that there are certain features that are only available if you “Install the binary version.” These are usually system-wide features that browser extensions wouldn’t grant access to, but they’re pretty convenient, especially if you use more than one browser regularly. With the binary version, you can set LastPass to automatically log itself out if your browser has been idle for a set number of minutes, and also make one LastPass login count for all your browsers.
What’s your favorite LastPass feature that doesn’t get much attention? What do you wish LastPass offered that might make you switch? Let’s hear your picks in the comments.