Resolutions with LastPass: #7 Update Your Account Email Address

We've said it before, but it's important that your LastPass account email address is up-to-date. You'll need a valid email address to receive security notifications, records of changes to your account, and other important updates from LastPass.

Take a moment to:

• Update your LastPass account email address,
• Update your LastPass account security email address,
  
• Use the "Test" links to verify you receive notifications, and
• Use LastPass to search for accounts still using an old email address.

You can update your LastPass email address at any time by logging into your account, going to your Vault, and selecting the "Account Settings" link at the top right.

In the Settings dialog that opens, you'll see a field with your current account email address. You can update the field with a new email address, and confirm the change.

If you've also enabled a "security email address" for your LastPass account, it too should be up-to-date. Emails regarding multifactor authentication devices and other security steps may be sent to your security email address. The security email address can also be updated at any time in the "Security" tab of the Account Settings dialog.

LastPass can also help you identify sites in your vault that use an outdated email address. Simply search for the email address in the vault, and you can note which accounts still utilize the old email address. Record any updates made to your online accounts when prompted by LastPass to save the changes.

With centralized access to your accounts, LastPass should help make your digital move much easier!

Best,
The LastPass Team

New: LastPass for BlackBerry PlayBook 2.0 is Here!

With the official release of BlackBerry PlayBook OS 2.0 on the horizon (rumors anticipate a release sometime in February), we've officially launched LastPass in the BlackBerry App World! The app is our Android app repackaged to run on PlayBook OS 2.0 with the Android Player, providing more convenient, on-the-go access to your passwords.

We're also excited to see a positive initial response to the app's release! Isaac Kendall of CrackBerry.com writes that the new app has given him "a user friendly way to take advantage of the awesomeness that is LastPass."

Similar to the LastPass app for BlackBerry smartphones, the Android app for PlayBook includes:

• A built-in browser that allows you to launch and autofill your logins
• The ability to fill registration and shopping forms in the LastPass browser
  
• Adding and editing sites, secure notes, form fill profiles, and other data stored in your vault
• Copy-paste from the LastPass vault to other apps

You can now find the LastPass app in the App World for the BlackBerry PlayBook OS 2.0. Note that it's part of our Premium upgrade ($12 per year for unlimited access to all Premium features), but can be tested with a 14-day free trial.

Best,

The LastPass Team

LastPass for Windows Phone 7 Update: Edit, Add Sites and Secure Notes

Along with improving the overall performance of the app, our latest update to LastPass for Windows Phone 7 addresses one of our most heard user requests: the ability to update and add sites and secure notes!

After logging in to the LastPass app, you'll see an updated vault view. Although similar to previous versions with your sites listed by Groups, you'll now see an "Edit" link next to each site entry. Tapping "Edit" allows you to view, update, or copy-paste from the site entry:

As before, tapping on a site name launches the site in the LastPass browser.

If you tap the ellipsis (three dots) from the main vault view, you'll also notice an updated menu. "Add Secure Note" and "Add Site" are now listed as options, allowing you to add new data to your account:

The update to the Windows Phone 7 app is just the latest improvement to increase mobile functionality for LastPass users. More updates and improvements on the way!

Best,
The LastPass Team

LastPass Is Hiring!

Hi all,

We're looking for talented engineers to expand our development team!

At LastPass, we're passionate about technology, about our product and brand, and about how we can help improve people's online lives in a meaningful way. We're a committed, driven team, and we love what we do.

Our ideal candidate:

• Has a degree in Computer Science, Computer Engineering, Math, or Electrical Engineering
• Is an active and enthusiastic LastPass user (if you're not currently using LastPass, download it and start using it so we can chat with you about the product!)
• Has a command of C, C++, Python, Java, JavaScript, PHP, HTML, JQuery, CSS, and SQL
• Has experience with several platforms (at minimum Windows and Linux) - LastPass builds for 12 major platforms, covering a number of versions for many of them
• Is comfortable with rapid release cycles
• Lives in proximity to Vienna, VA (the greater DC metro area) so that you can be in the office at least 3 days a week

LastPass headquarters are based in Vienna, Virginia, centrally located near the nation's capital and easily accessible by public transport. Employees enjoy flexible work hours, flexible holidays, and a great benefits package. A weekly company lunch outing helps keep the social atmosphere relaxed.

Interested? Please contact us!

Best,
The LastPass Team

New Year's Resolutions with LastPass: #6 Revamp Form Fill Profiles with Our 4 Tips

The LastPass Fill Form feature makes online shopping and account registration less painful by eliminating most of the required typing, getting you through checkout even faster.

If you're already set up with a few Form Fill profiles, here are 4 ways to revamp Form Fill for better use this year:

1. Remove credit card information stored in online accounts. As the recent incident with Zappos shows, it's important for the end user to be as cautious as possible with online shopping. Many sites allow you to store credit cards in your account to facilitate easy checkout. With LastPass Form Fill, though, there's no more need to store them with the site, since it's easy to autofill the next time you check out. If you frequent sites like Amazon, Barnes and Noble, and other retailers, consider updating your site's account settings to not store your credit card information, and rely on Form Fill to insert your data when you need it.

2. Check for expired or outdated Credit Cards. Recently replaced a card? Make sure the new changes are reflected in your profiles.

3. Update profiles with any address changes. If you've moved recently, take a moment to review your profiles to ensure you have the most up-to-date information for your addresses and credit cards.

4. Set a "Default Profile" and use a hotkey to autofill. If you have several profiles but use one more often than the others, consider checking the "default form fill profile" option in the Preferences menu of the LastPass browser icon. You can then set the hotkey for the default profile in the Hotkeys section of the Preferences menu (such as Ctrl + Alt + T). Next time you need to autofill your default form fill profile, you can simply enter your hotkey.

As a quick recap if you're less familiar with the Form Fill feature, you can follow these brief steps to set up a Form Fill Profile and get started with autofilling online shopping and registration forms:

• Go to your LastPass Icon, and from the Fill Forms menu select "Add Profile"
• Give the new profile a memorable name, especially if you have profiles for more than one person, credit card, or address
  
• Enter your contact information or credit card data to the profile, and save
• Start shopping! The next time you're on a checkout or registration page, LastPass will prompt you to autofill with your Form Fill profiles
  

For more detailed information on how to set up your Form Fill profiles and start shopping more efficiently with LastPass, read our recent in-depth blog post.

Best,
The LastPass Team




Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Have a Zappos Account? 4 Steps to Take Now with LastPass

Online shoe and clothing retailer Zappos recently announced that the personal account information of 24 million users has been compromised. In an email to their userbase, Zappos confirmed they will require a password reset for all account holders to prevent unauthorized access. Even if you've already reset your password for Zappos, it's important to double-check that your new Zappos password is secure, that you weren't using the same or similar password on other sites, and that you don't have other critically weak or duplicate passwords lurking in your vault.

Follow our steps to:

1. Run the LastPass Security Check

Go to the "Tools" menu in your LastPass browser addon, and select the Security Check to review your data. Once complete, you'll receive a score from 0 to 100 and a detailed analysis of your stored passwords. We've mentioned before the importance of auditing your vault data to get an idea of how strong your passwords are, and to identify passwords that are still in use across multiple sites.

For a more in-depth look at the Security Check, read our related blog post.

2. Note Any Sites Using the Same Password as Zappos

Once your Security Check results are in, note if the password for Zappos is shared with any other account logins. If so, make a list of the sites (or print off the LastPass Security Check results) to reference as you make changes.

3. Update Your Zappos Password

Go to the Zappos password change page to login to your Zappos account. You can also launch Zappos by clicking the "visit site" link next to the entry on the Security Check page to login and go to the account settings page.

From there, use LastPass to generate a new password, selecting "show advanced options" in the password generator if you'd like to increase the number or types of characters used. When you submit the changes, confirm the update to the site entry stored in LastPass.

4. Update Sites Sharing the Same Password as Zappos

Follow the same steps to login to any other site sharing the Zappos password and update the account with a new password generated by LastPass. Note that you can access the LastPass password generator under the Tools menu in the LastPass Icon at any time.

For more details on how to update old logins with passwords generated by LastPass, see our previous blog post with step-by-step instructions.

Be Vigilant

We know our users do a great job of following best password practices with LastPass; if you feel you could improve, our resolutions posts will help you get started (more posts on the way!). We want to say thanks to our users who have been enthusiastically recommending LastPass as a password management solution in the wake of the Zappos leak and similar incidents. We hope to continue spreading the word that you don't have to use the same password everywhere, and that with LastPass there's an easier, more secure way to manage your online life.

Best,
The LastPass Team

New Year's Resolutions with LastPass: #5 Generate Your Answers to "Security Questions"

While the password generator is key for diversifying and strengthening your account passwords, it's also a great tool for providing answers to common "security questions" for your accounts.

Security answers are often included as a second form of login verification or as part of an account recovery process, most frequently with online financial institutions and email accounts. Although many sites have made an effort in recent years to increase the obscurity of the security questions (at least, we hope they're generally better than this), the fact remains that the answers to common security questions are more accessible than ever before. Even if you're not a high-profile target, by generating answers with the LastPass password generator you'll help reduce the risk that someone may use security questions to compromise your accounts.

When registering for new sites that require an answer to a security question, it's simple to quickly generate an "answer" and add it to the new site entry stored in LastPass.

Let's say you're signing up for a new Gmail account. After going through the set-up process, we go into the account settings to create a security question & answer for account recovery purposes.


After selecting a question from the drop-down options, we go to the LastPass Icon, choose the Tools menu, and open the "Generate Secure Password" feature:
When the dialog opens, you can check "Show Advanced Options" to customize your generated password:

Click "generate" to create a new password with your customized options, then "copy" to copy the password to your clipboard. Go back to the security answer field, and paste the generated password. After confirming that your new answer is accepted by the site, you can go to your LastPass Icon, click on the site name listed at the bottom of the menu, and open the "edit" dialog. Paste the generated password in the Notes, also noting which security question you chose.

If you know you're using personal information for security answers, set aside some time to login to those accounts, generate a new "answer" with LastPass, and store the update in your site entry. Accounts for online banking, email, social media, and credit cards are all good places to start.

Generating answers with LastPass doesn't directly affect your Security Check score, but it will improve your overall online security.

Best,
The LastPass Team

New Year's Resolutions with LastPass: #4 Root Out Insecure Account Data, Store Miscellany in Secure Notes

LastPass allows you to condense all of your login data to one secure yet accessible account. This removes the need for you to rely on documents with lists of passwords, browser password managers, or worst of all, those sticky notes taped to the bottom of your keyboard or posted around your office and home.

Take a few minutes to track down any remaining password files that have not been imported to LastPass. If you still need the login or data, add it to LastPass before deleting or shredding the file.

Places to look for passwords include:

• In your browser password manager, typically located under the browser's Tools menu.
  
• In Excel files on your personal and work computers.
• Notebooks, planners, and amongst your general paperwork.
  
• Scraps of paper pinned to message boards, or taped to the computer, keyboard, or mouse pad.
  
• Emails sent to you by the sites you use. A number of sites still email plain-text versions of your password and other account information. Once you've confirmed the site is stored in LastPass and the password is a generated one, delete the email.
• Notes made to Outlook "Contacts".
  
• In text messages, logs of chat conversations, and other digital correspondence. Consider the Share feature if you need to send login information to family, friends, or coworkers.
  

Consider adding other scattered personal data to LastPass as a "backup file" to help with future emergency situations. If you're carrying it in your wallet or could potentially need the information while traveling, a LastPass Secure Note makes a good storage option.

Types of data to "backup" to LastPass may include:

• Credit cards, including customer service telephone numbers and account information linked to the card. If lost or stolen, you can pull up the secure note, and quickly cancel the card.
• Passports, with contact and address information for the nearest US Embassy, and other data needed to replace a lost or stolen passport.
  
• Frequent flier IDs and hotel loyalty cards.
  
• Health insurance IDs and other medical record information to help make filling out forms at the doctor's, dentist's, and other offices a breeze.
  
• Metro passes and associated account information.
  
• Gift cards or coupon codes for online accounts.
• Pins, lock numbers, and other access codes, for both digital and real-world locks.
  

We hope our tips help reduce some of the e-clutter that accumulates from your online accounts, as well as increase your security by reducing the risk that someone happens across login information left lying around. With the go-anywhere accessibility of LastPass, you'll also ensure you have records of your accounts and personal data when you need it most.

Best,

The LastPass Team

New Year's Resolutions with LastPass: #3 Replace Weak and Duplicate Passwords

With a newly reorganized vault and the results of the Security Check in hand, let's roll up our sleeves and go through the steps to update those weak and duplicate passwords.

We recommend starting with important passwords - online banking, email addresses, online shopping accounts with stored credit card information - that are critically weak (the bar is red in the results) or that share passwords with other logins. Set a goal to work on a handful of accounts at a time, over several days or weeks if needed, until all passwords are at a 'strong' level. This is likely the hardest resolution on our list, but an important step to increasing your online security with LastPass.

To start with the most critical areas first, we want to pay attention to the Security Check results that display the number of duplicate passwords, the number of sites with duplicate passwords, and the number of weak passwords:

The Security Check's detailed results makes it easy to identify these problems and correct them. The sites are ranked from weakest passwords to strongest passwords, with the weakest showing a shorter red bar, and the strongest showing a longer green bar.

As we've shown before, updating a site's password requires logging into the site itself, then using LastPass to go through the password change process. By clicking "visit site" next to the weak password in the Security Check results, LastPass will take us to the login page for that entry:

For example, if a Gmail login is very weak or is currently the same as another password, we'll click "Visit Site" and be directed to the Gmail login page, where LastPass will autofill the data:

We can then navigate to Gmail's "account settings" page, where we can access the page to change our Gmail password:


On the password change page, LastPass will present a notification bar, allowing you to first autofill the existing password, and to then generate a new password. Note that when you click the "Generate" button, you can check the "show advanced options" box to customize the length of your password, and the types of digits, characters, and letters that will be included in the generated password.

When the fields are complete, save the account changes. LastPass will present another notification bar, asking you to confirm the change to an existing account, or to save a new site entry. When clicking "confirm", a dialog will appear allowing you to select the entry to which you want to apply the change.You should then repeat this process with every site that contains a weak or duplicate passwords, working your way through the Security Check results. Note that, after updating the username or password for a site stored with LastPass, you can go to the "edit" dialog and click "History" to see a record of changes made to the entry:

We hope the article provides a helpful push for you to remove duplicate and update weak passwords. You're well on your way to topping the Security Check!

Best,
The LastPass Team

New Year's Resolutions with LastPass: #2 Organize Your Vault

Now that you ran the LastPass Security Check and received your score, it's time to start getting things more organized so we can help you improve your numbers and start taking advantage of more LastPass features.

When you reviewed the Security Check results, you may have noted that you have a few weak passwords, old login information, and maybe even duplicate site entries as a result of importing old data. Our tips today will help you de-clutter your logins so we can move to the next step of updating your old passwords and improving your Security Check score.

Some of you ambitious LastPass-ers may have already moved on to that step, but for those taking this slowly we're helping you break this down into manageable steps!

1. De-Clutter Your Vault with Groups

If you go to your LastPass Icon and open My LastPass Vault, you will see your data displayed in alphabetical order by site name:

By default your sites are organized into three Groups: Recently Used, Secure Notes (this will not be visible if you have not added a Secure Note) and a blank or 'None' group for sites that have not been assigned to a Group.

Take 10 minutes to Group, or re-Group your logins. Grouping your sites will help break your logins down into manageable segments, helping you quickly access the data you need.

Click the "Create Group" link to create new Groups in the vault:

You may find it easy to create Groups by category, such as Email, Social Networks, Shopping, Banking, and more. Others may prefer to group by the area of their life: School, Home, Work, and others. Find a system that works for you, create as many Group folders you think you may need, and start re-arranging. If you want to re-name an existing Group, you can right-click on the Group name and choose "Rename Group".

Sub-Groups can also be created if you want to further break down a category.

With your Groups created, you can start dragging and dropping sites into the Groups. You can also right-click on a site name and choose "Move to Group" or "Move to Sub-Group".

If you have a large number of sites, you may find it easier to move multiple logins at once by using ctrl + left click or shift + left-click, then right-click over the entries and select an action:

Now, when you are prompted to add new a site to LastPass, you can simply click the "Group" drop-down you can select the appropriate location or create a new Group to keep things organized.

2. Delete Old Logins

You may have noticed you still have old logins with invalid passwords lingering in your vault. You can delete the login from you vault by selecting "delete" for the entry.

Sites can also be deleted by right-clicking over the site name in the vault and selecting "delete". Large numbers of sites can be deleted by ctrl + left-clicking or shift + left-clicking to select multiple sites, then right-clicking over the entries and choosing an action.

If you accidentally delete a site and need to retrieve it, simply go to your More menu in upper-right corner of the vault, and select "Show Deleted Sites".

From this page you can check one or more logins and click "Undelete" from the right-hand menu. Deleted entries are cleared after 30 days.

3. Remove Duplicate Entries

Those who imported data from previous password managers or from a browser may notice duplicate entries stored in the vault. To quickly de-clutter these duplicates, click the "Account Settings" link in the vault:

and choose the option to "Remove duplicate sites from your account":

You're Making Progress!

With a newly re-organized vault and your sites neatly grouped, we hope you'll find it easier to manage and access your data. De-cluttering will help us move forward with steps to up your security check score and generally get more out of LastPass. More tips are on the way!

Best,
The LastPass Team