The LastPass Office Gets Some Love!

Check out the new signage we have at LastPass Headquarters:

What do you think? We think it's pretty awesome!

- The LastPass Team

Introducing LastPass Wallet: Backup Your Billfold, with Attachments, for Free

We're excited to announce the arrival of LastPass Wallet! The latest addition to our mobile suite, Wallet stores the data you carry in your physical wallet on your iOS device, so you can securely backup your most valuable personal information to LastPass. The app features beautiful notes for adding cards and IDs, with robust attachment and sync capabilities - for free! 

Get Started with Notes 

Wallet is built around LastPass' secure notes feature, with templates for credit cards, passports, driver's licenses, memberships, bank accounts, and more. Any card, piece of paper, or form of data that someone would keep on their person can be stored in Wallet. New users create an account via the app for free, then get started by adding notes:

Current LastPass users can simply login with their usual account information, and any existing secure notes will automatically sync to Wallet where they can be viewed, edited, and synced back to other locations:

Attach Anything

Audio clips, photos, and text can be saved as an attachment to any note. Use the app to record an important voice clip:

or securely store pictures from your device's photo gallery. 

Secure Your Data and Sync Everywhere

Wallet offers security settings to restrict access to stored data. "Logout on close" ensures that the active session is killed when the app is closed, while a pin code prompt can be used to re-authenticate when multitasking between Wallet and other apps.

Data added to LastPass Wallet is securely synced to all browsers, computers, and mobile devices where a user logs in to their LastPass account. Although they'll also be synced to LastPass, attachments are not yet accessible via the browser addons or other mobile apps. 

Availability 

The free LastPass Wallet app is available on the App Store on iPhone, iPod Touch, and iPad at www.itunes.com/appstore. For more details on using the app, please see our help article. 

And more!

For those new to LastPass, Wallet is an easy introduction to secure data and password management on a mobile device. Wallet makes sure that if you lose your physical wallet, you have a "digitized" version that makes it less of a hassle to start over. Wallet also provides a transition to the LastPass browser-based experience, where new users can then get started with saving and filling logins.

Let us know what you think in the comments below.

Best,
The LastPass Team

An Open Letter to Carson Daly, and All Celebrities Struggling with Passwords

Together on the hacked list? Just say no.

Dear Carson Daly,

Your passwords are at risk. Sounds alarmist, we know, but please hear us out! Wouldn't you like to eliminate that risk and make them easier to deal with by using LastPass?

We listened to the tech chat you had with Jefferson Graham over at USAToday. And we wanted to let you know that we whole-heartedly agree with you - passwords are a pain! There are so many services and apps we need to access now on a daily basis that keeping track of all those logins, and remembering all those passwords, quickly becomes a headache-inducing time-suck.

But please, don't store your passwords and most valuable personal information in plain text as notes on your BlackBerry! And have you checked to make sure you're using strong passwords for each service, without using a single password more than once? Bad things happen to those who don't take care of their passwords, and we really, really don't want those bad things to happen to you.

And, more than anything, how gratifying would it be to declare your triumph over those aggravating passwords and get on with your life? Because you have way, way more interesting things to do with your time and energy.

So can we offer a few pointers? We know there's nothing quite as sexy as passwords, but these tips could, at worst, save you hours of repetitive tasks every month, and at best, head off attempts to guess or social engineer your passwords and use any emails, photos, or videos from your personal life as fodder for the latest celebrity gossip. I mean, it's a win-win, right?

So when you have a chance, and we hope it's soon, please make time for our little checklist:

• Get set up with LastPass, so you can store your logins in one secure vault, generate unique passwords for each site and service, and have your data securely synced wherever you need it, including your BlackBerry.
  
• Enable a pin code for your smartphone, so if you walk away from it no one can take a glance at your data. Avoid using pins that are birthdays, anniversaries, and other important life-related dates that someone could find on Wikipedia, IMDB, or your fan sites.
• Sign up for a service that offers GPS tracking and remote wiping, to lock down your data if you lose your phone.
• Stick with 3G or 4G service and avoid public WiFi, so you can avoid spyware and transmitting your data in an easily-intercepted form.

Most celebrities are hacked through email, social media, and other accounts that they use regularly on their smartphone due to poor password security. Scarlett Johansson, Mila Kunis, and Christina Aguilera are just three celebrities of dozens who've landed on the "hacked" list - even if you've been seen with these lovely ladies before, this is a list we don't want to see you on, and we're sure you don't want to be featured there either!

Yours in password domination,
The LastPass Team

PS - If you're a LastPass user reading this letter, please help us spread the word to Carson by tweeting him @carsonjdaly and sharing your #LastPass password story. Thank you!

Windows Phone 7 App Update: More Robust Secure Notes, Improved Work Flow

A new update for the LastPass Windows Phone 7 app is now available for download from the Windows Phone marketplace! In addition to user interface changes and improvements in overall performance, we've added several new features that make entering and accessing your data more convenient, including more robust secure note templates, a tap-and-hold site menu for quicker access to data, and support for full-screen browser mode.

Securely store everything in your physical wallet with secure notes

The added number of secure note templates let you add customized entries for all of your credit cards, memberships, IDs, PINs, and other valuable personal information. Secure notes provide a backup of your data, so if you ever lose your physical wallet, you'll know immediately which cards need to be replaced, and how to go about replacing them. They also help you store all the pieces of data and scraps of paper that you carry with you on a regular basis, so you can travel a little lighter and a little more securely.

Once logged in to the LastPass app, while in the "Sites" view, tap the three dots (ellipsis) menu at the bottom of the screen and select the "add secure note" option. You can then tap the "Note Type" field (Generic is loaded by default) and select the relevant template.

Forget all those random post-its and Excel files, the more robust secure notes help you securely and centrally manage access to your sensitive data.

Easily copy password to clipboard with tap-and-hold content menu

In the same way that you can right-click on the desktop version of Internet Explorer to use the copy and paste to clipboard shortcuts, you can now tap-and-hold on a site entry to easily access the "copy username" and "copy password" functions. 

If you're multitasking back and forth between different apps, it simplifies the process of grabbing the login data you need.

When you're in the "Sites" view or when using the "Search" function to locate a login, you can long-tap (tap and hold) on the site name to bring up the content menu. You'll see options to launch the site, edit the site entry, or copy the username or password to the clipboard, to be pasted elsewhere on the device.

Enjoy a richer browsing experience with full screen mode

For a better view of your sites as you login via the LastPass app's embedded browser, you can now expand the browser view to "full screen" mode.

When you launch a site or swipe to the browser view, you can tap the button with the outward facing arrows to expand and minimize the browser window. The full screen mode lets you view more content within a simplified frame.

And more!

Over the last few updates we've also redesigned the UI of the app using pivot control.You'll notice you can now swipe through the Sites, Search, and Browser views to easily access and sort through your data.

We've also included a handful of minor changes to improve overall functionality of the app, including performance enhancements and crash fixes. If you're curious about trying the app, you can download it and trial it for 2 weeks before upgrading to Premium.

Remember, if you like the changes we've made to the Windows Phone app, leave a review in the marketplace, or let us know what you think in the comments below. More updates to our mobile apps and improvements to LastPass overall are in the works!

Best,
The LastPass Team

Millions of Facebook Users Ignore Privacy Options, Risk Exposing Personal Data

Have you reviewed your Facebook privacy settings lately? Now might be a good time to take another look.

According to a recent survey published by Consumer Reports on May 3, an estimated 13 million Facebook users in the US don't use, or don't even know about, the social network's privacy controls. The US product-testing organization surveyed 2,002 online households across the U.S. (1,340 of which are active on Facebook) for its annual State of the Net report. 

The report projected that, during the past year, Americans "liked", updated their profiles, and posted status updates with a range of personally-identifiable information, including:

• 39.3 million identified a family member in a profile
• 20.4 million included their birth date and year in their profile
• 7.7 million "liked" a Facebook page pertaining to a religious affiliation
• 4.8 million posted where and when they're going on given days, tipping off potential burglars
• 4.7 million "liked" Facebook pages about health conditions that can be used against them by insurers
• 4.6 million discussed their love life on their wall
• 2.6 million discussed their recreational use of alcohol on their wall
• 2.3 million "liked" a page regarding sexual orientation

In the press release, CR highlights tips for users on privacy controls and staying more secure on Facebook:

1. Think before typing. Even if a user deletes his/her account (which takes Facebook about a month), some info can remain in Facebook's computers for up to 90 days.
2. Regularly check Facebook exposure. Each month, users should check out how their page looks to others. Review individual privacy settings if necessary.
3. Protect basic information. Set the audience for profile items, such as town or employer. And users should remember: Sharing info with "friends of friends" could expose them to tens of thousands.
4. Know what can't be protected. Each user's name and profile picture are public. To protect one's identity, they should not use a photo, or use one that doesn't show their face.
5. "UnPublic" the wall. Set the audience for all previous wall posts to just friends.
6. Turn off Tag Suggest. If users would rather not have Facebook automatically recognize their face in photos, they could disable that feature in their privacy settings. The information will be deleted.
7. Block apps and sites that snoop. Unless users intercede, friends can share personal information about them with apps. To block that, they should use controls to limit the info apps can see.
8. Keep wall posts from friends. Users don't have to share every wall post with every friend. They can also keep certain people from viewing specific items in their profile.
9. When all else fails, deactivate. When a user deactivates their account, Facebook retains their profile data but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible forever.

CR also notes that it would like to see Facebook fix a security lapse that permits users to set up weak passwords including some six-letter dictionary word - a risk that they've documented for 2 years now.

We agree Facebook should set higher standards, but it's also important to inform users of how they can reasonably achieve those standards with a tool like LastPass.

If you're using Facebook, run the LastPass Security Challenge today (located under your Tools menu in the LastPass browser icon) to check how strong your password is for Facebook. You can help your friends and family better secure their Facebook accounts by showing them how they can use LastPass to generate secure passwords and keep their data in one convenient, safe location.

Best,
The LastPass Team

Happy 4th Birthday, LastPass!

This month marks the 4-year anniversary of the founding of LastPass! We enjoyed a little treat in the office in celebration of our mile-marker.

We've loved the past four years of building our password manager and helping people better manage their online life. Here's to many more!

Thank you everybody!
The LastPass Team

70% of Us Forgot Passwords in the Last Month. Will You Help Us Stop the Madness?

It pains us at LastPass to see this statistic. Yes, 70% of us forgot a password in the past month, according to a recent survey by Symantec that polled 1,028 adults in the last month. On top of forgetting a password, 40% of those surveyed also admitted that remembering their passwords is one of the most difficult challenges of their daily life - more stressful than balancing their checkbook!

It's true, managing a growing amount of data has become an inconvenient reality of modern life. We live in a world where technology is becoming more and more integrated into all aspects of our everyday lives. Which means we use an ever-increasing number of online accounts, apps, and services, all of which require usernames and details for us to keep track of. We also need our data in more places than ever - on our computers at home and at work, on our smartphones and tablets.

We know that the stress of remembering passwords and other online account details leads us to follow bad password management practices, such as:

• Using the same password(s) everywhere,
• Using variations of the same password(s),
• Using personally identifiable information, such as pet names, birth dates, or nicknames, as passwords,
• Storing account information on notes around the desk or office, or taped under the keyboard, and
• Keeping default logins, such as "admin" and "password", enabled on our systems.

Even with bad password management practices, though, we're still forgetting our logins. We're wasting time resetting our passwords, and we're dealing with the inconvenience of constantly trying to keep track of all of our data.

So it's clear things need to change. It's clear that we need strong passwords, and we need unique passwords for each of our accounts. But we need a way to keep track of those passwords, without taxing our brains or adding more stress to our lives. And we need that data to be accessible wherever we are - at home, at work, on our mobile devices. We need a solution that makes all of the above possible.

And that solution is: LastPass. And of course, LastPass users are already aware of how LastPass simplifies your digital life and helps you follow best password management practices while still making it easier to manage all of your data. But there's a whole population of Internet users out there who are still doing things the hard way, who deserve to know that there's an easier, more secure way!

We challenge you, LastPass users, to help us stop the password madness. The next time someone tells you they forgot a password, ask them if they'd consider a password manager like LastPass. Explain how password managers work, and how LastPass simplifies your digital life and improves your online security.

While we're reflecting on spreading the word about LastPass:

• What motivated you to start using a password manager, and how did you make your selection?
• Do you have a story about using LastPass that would be motivating to others? If so, send it along to press[at]lastpass[dot]com.

Help us #bethepasswordchange today for a more secure tomorrow.

Best,
The LastPass Team

New LastPass Headquarters!

It's still a little bare, but we're settling in to our new space near Tyson's Corner, Virginia:

Check out those windows! Looks like we're on the deck of Starship Enterprise, no?

Our view today included watching the Discovery on its flight to Dulles. How cool is that?!

Best,
The LastPass Team

LastPass for Android Update, Featuring New Security Options

The latest in our string of mobile updates, our release for Android features a handful of useful new settings! Included in the update is an option to logoff your account when the LastPass app has been running in the background after a time limit of your choice, as well as the ability to check your login status when launching the app.

Both features will help you better secure your LastPass account, providing you the ability to control how long your session stays active and ensure your data is secure if your phone is ever lost or stolen. We've also added an oft-requested feature: generating pronounceable passwords!

Logoff when LastPass is in the background for X minutes

You now have the ability to kill your LastPass session when the app has been running in the background for a time period of your choice. Essentially the mobile version of "logoff after idle", you can set a time limit in your Preferences menu of the LastPass app.

With the time limit enabled, your LastPass session will be terminated when you multitask away from the LastPass app and it remains in the background for that period of time. When you tap back to the LastPass app, you'll be required to login again.

Check login status when launching the app

Within your LastPass account, we offer the ability for you to view and remotely kill active LastPass sessions. Accessible via your LastPass Icon by going to your Tools menu, the "Other Sessions" page allows you to see any browsers or devices where you're still logged in to your LastPass account. You are then able to select some or all of your active session and "kill" them, forcing your session to expire. This feature ensures that if you leave LastPass logged in somewhere by accident, you can later force that session to end.

On the Android, enabling "Check Login on Activate" in your Preferences menu ensures that, when the LastPass app is launched, a check is performed to see if the session was cancelled remotely using the "kill active sessions" feature. If we identify that the request has been made, LastPass will logoff and require the email address and master password to be entered again.

Generate pronounceable passwords

Included within the advanced settings of our password generator, you can now generate pronounceable passwords.

Pronounceable passwords are randomly generated but easier for typing on a mobile keyboard or sharing.

And more!

As expected there are also a host of improvements in the overall functionality and performance of the app. Also included in our release notes are:

• Browser fixes for sites that use local storage like twitter.com, gmail.com, and others
• The ability to enforce mobile Enterprise policies, such as: requiring pin code prompt, disallowing master password saving on the mobile app, implementing logoff when the app is in the background for X minutes, and enabling event logging
• Faster shared folder decryption
• A number of general bug fixes and improvements

As a reminder, the Android app is part of our Premium offering, but can be trialed for 14 days before upgrading for $12 per year.

We've got some exciting updates on the horizon, so keep an eye out for more posts.

The LastPass Team

FYI: SSL certificate update shortly

We have a planned SSL certificate replacement shortly.

While we don't anticipate any problems with the switch, if you experience anything we'll be monitoring the comments on this post.

For the curious the new certificate is from Thawte and is an EV (extended validation) cert.

UPDATE:  This is now live, so if you notice problems please let us know.