Monthly Archives: July 2013

Why did I switch from RoboForm to LastPass?

Some of you asked me why I switched from RoboForm to LastPass, over a year ago. It is due to its (LastPass’) support of duel authentication via Google Authenticator. In English, this means I use the Google Authenticator app, on my phone, to generate a key that I have to enter, along with my password, to access my secure online password vault. This means that my account cannot be hacked unless someone knows or can hack my password AND they have access to my phone, all simultaneously.
It was simple to switch from RoboForm, as I was able to export my existing passwords and safe notes. They have import options for several other password vaults too.

For more information on Google Authenticator app, see http://goo.gl/sbBxn . It also supports Google logins (of course) as well as Dropbox logins.

Update 2017-01-28
More friends have asked me for details over the years, so here goes:

Authentication Objects can be shared across aaccounts

One can share any login object with any other LastPass user. In a work context, one could allow one’s staff log into a domain account but not allow them to see the password. Then, when the employee quits/gets terminated, one could revoke the shared object, and they would be locked out.

Password Generation
I generate ALL passwords for sites, via LastPass, setting the generation attributes (number of characters, which characters/symbols can be used, whether it should be pronounceable, whether to avoid ambiguous characters, etc.). It is sometimes necessary to change these attributes based on a given site’s rules. For example, I might need to dumb down the generated password from 16 characters, to 12, if the site only supports 12. Other sites do not support special characters ($, or ^, etc.), so I have to turn them off for such sites. For the most part I just leave everything dialed up, to the most complex, because I do not know, or care to know, passwords for my sites. I just need to know my LastPass password, and my PC (or domain, if at work) password, and I’m good. Hell, I don’t even know my Google password. No need.

Advertisements