Jan 11, 2011

A User's Guide to Setting Up LastPass on Your USB Thumb Drive


Many of our users have asked how they should access LastPass when away from their home computer, and how to stay safe on the road when using riskier public terminals at libraries or Internet cafes. Here are some tips, tricks, and general overviews on how to get LastPass set up on your USB drive so you can take your favorite password manager everywhere.

Install a Portable Browser

LastPass Portable is an ideal way to access your LastPass account while on the go. After installing a portable browser, which is essentially a fully-featured browser formatted for a thumb drive, you can install the LastPass plugin to give you the same password management experience you're accustomed to on your desktop or laptop.

With Portable Firefox and Chrome versions for Windows, Mac, and Linux, LastPass Portable gives you the ability to browse with LastPass on nearly every operating system. Firefox Portable and Chrome Portable for Windows and Linux can be downloaded from PortableApps.com, while other sites offer downloads for Mac. Once the portable browser has been installed on your computer, you can launch it and navigate to the LastPass download page, where you can locate the corresponding LastPass Portable app.

You can then install the LastPass addon as you would in any of your desktop browsers. Once installed, you can drag and drop the portable browser file onto your USB thumb drive and launch it from there when on a new computer.

Another plus side of using the portable browser is that you won't be leaving behind any record of accessing your LastPass account - no browsing history, cookies, or other locally-stored files to be concerned about.

Now you can literally browse on the go with LastPass!

Hook into the Desktop Browser

If you commonly use Windows with LastPass, another option you may consider is IE Anywhere, which allows you to hook into Internet Explorer from the USB thumb drive. It's essentially a standalone plugin that, when launched with IE, displays a little icon in the browser window and allows you the same functionality as the desktop plugin.


For users who aren't able to download plugins to their computer - common in the workplace - IE Anywhere lets you access and use your LastPass account, with the added benefit of leaving no files behind. IE Anywhere also gives you the ability to run LastPass on unsupported browsers like IE Tab in Firefox, Sliepnir, and Maxthon.

After downloading IE Anywhere, the file can be dragged and dropped to the USB thumb drive. When you plug your thumb drive into your computer's USB port and double-click to launch the file, the LastPass icon will appear in your system taskbar.

Clicking on the icon allows you to login, and from there you can launch IE to access all regular features of the LastPass addon.

When you're done browsing, simply click the taskbar icon, select "Logoff", and eject your USB drive. No data left on the computer, no files created, nothing in the registry, and no plugin left behind!

Carry a Backup of Your Vault

If you simply want a backup of your LastPass data or basic access to your usernames and passwords, LastPass Pocket is a stand-alone application providing storage capability and offline access of your LastPass vault. Pocket is intended to be used when you don't have an Internet connection, which is why we recommend LastPass Portable and IE Anywhere for a richer browser experience.

Pocket can be installed from the download page for Windows, Mac, or Linux and then dragged and dropped onto your USB drive. You can double-click the file to launch it from the USB drive, prompting you to login to your account. After logging in, Pocket decrypts your data and displays all of your sites and Secure Notes in a searchable interface.

Pocket comes with limitations, though. Although you can copy/paste all login elements of your saved sites or Secure Notes, you can't edit or delete any data that has been synced to Pocket, which makes it less functional for maintaining your vault.

Double Up on Security

If you want to up the security of your LastPass account, consider using a second-factor authentication like Sesame, which can be run from your USB drive. Sesame protects your account by requiring the generation of One Time Passwords (OTPs) before you can complete login to your vault. The basic idea is that, even if someone were to grab your master password via keylogging or some other malware, they still won't have access to your LastPass data because they won't have the Sesame OTPs.

Sesame for Windows, Mac, and Linux can all be run from the same USB stick, so you'll never be locked out of an operating system where you need to access your data on the go. Sesame can be downloaded from the main download page, then dragged and dropped onto your thumb drive. You need to activate Sesame the first time it's launched. Once enabled, Sesame will create secure OTPs that are subsequently required to login to your account. You have the choice to copy the OTP to the clipboard or launch your browser of choice and pass the value automatically.

If you prefer to use Grid, another option is to save the CSV file of your Grid set on your USB thumb drive so you can easily login to your account while on public computers.

Get Up and Go!

With so many options for taking LastPass on the go (we didn't even cover the mobile apps), you can rest assured that you'll have secure access to your data from nearly anywhere. Head on over to the download page today to get started with any or all of the above features, and begin prepping your USB thumb drive for your next trip!

15 comments:

  1. thanks LastPass :)

    ReplyDelete
  2. Thanks a lot for this post, people need guidance for better security.

    My personal choice : I've installed Google Chrome on my work's computer, set to start in Incognito Mode (it's a shared computer). The only bookmark on it is a "Login!" Bookmarklet, and I'm using a Yubikey to log into my LastPass account.

    ReplyDelete
  3. Still need better multi factor authentication its like stepping back in time using a usb stick to generate a key. Give me a phone app that provides the key so I can type it in

    ReplyDelete
  4. Keeping your Grid on your USB key doesn't sound like a good idea at all. What happens when that public computer you just stuck your USB key in grabs all of the files off of it? Keylogger + auto-downloader would be a bad combination.

    Wouldn't Sesame fall under the same vulnerability? Let's say an attacker has access to your computer (which is easy with the numerous vulnerabilities out there). You log into LastPass with your master password and it gets grabbed by the keylogger. Then you open Sesame and it produces the OTP and authenticates you. The attacker, having all data from any USB key automatically uploaded somewhere, now has access to your Sesame application as well. To me this is a legitimate, although very unlikely, concern?

    The goal is to keep our passwords as safe as possible. This is our lives we're placing in your hands so I, for one, expect 100% security. Some people keep their bank information, their main email accounts (for which they have registered on a lot of other sites for quick password retrieval), and other essential passwords stored in their vault. Having this compromised somehow would be devastating.

    I second using an app on your phone as another option for the 2nd factor. I really like the grid as it seems far superior to the Sesame application. I wish the Yubikeys would come down in price a bit. I don't feel comfortable just buying one since you have to disable the grid to enable the yubikey (so I've read) so spending $50 dollars on this seems a bit unreasonable.

    ReplyDelete
    Replies
    1. > The goal is to keep our passwords as safe as possible. This is our lives we're placing in your hands so I, for one, expect 100% security.

      As safe as possible is what we all want, but security professionals will be the first to tell you that 100% security is not possible in this life. I keep a lot of sensitive data and will demand 99.99% (maybe a few more 9s--how do you measure that, anyway?), but anyone who promises 100% is not being honest.

      Delete
  5. Can some help me understand the important differences between what is described in this article, and the alternative of just using the browser on the public computer to log in to your lastpass account? Is the 2nd option completely unsafe, or just 'less safe'?

    ReplyDelete
  6. @ide9898 One password == completely unsafe. By just using a password and not a second factor of authentication (Yubikey, Sesame, Grid) then all it takes is someone getting that one password and they'll have access to your entire vault. I would never trust a public computer to be safe from malware, viruses, corrupt employees, etc. It would probably be a good idea to change your master password after logging into a public computer even if you are using multifactor authentication.

    There is really no reason to not use two-factor authentication with as easy as it is to set up. Go into preferences, click use Grid, click print Grid, save and you're done. Then just keep a copy of it in your wallet and a copy of it by your computer at home (unless you have roommates).

    ReplyDelete
  7. I have syncing set up on my USB version of Chrome Portable. Is it a problem if I use the LastPass extension that comes over from my desktop Chrome with the syncing as opposed to the LastPass portable version?

    David

    ReplyDelete
  8. I have just installed the plugin, based on a suggestion by Amber Gott from the uninstall team.

    I shall post my experiences here, soon.

    ReplyDelete
  9. Guys,

    I am looking for a Liux version of the Chrome portable browser. It is not at the link provided on this blog entry.

    Does anyone know if it is even available? Thanks!

    ReplyDelete
  10. This comment has been removed by a blog administrator.

    ReplyDelete
  11. I have been using LastPass with Chrome very happily on my PC. Now however I would like to get LastPass/Portable Chrome on a USB for travelling etc. So I downloaded Portable Chrome from PortableApps and then downloaded Lastpass again as per the instructions on the LastPass site. However while Portable Chrome works fine off the USB, LastPass is not available in it (only on my usual Chrome on the PC). So how can I get LastPass specifically installed in my USB version of Chrome?

    Thanks Rob

    ps i can be emailed at ticklingchimpazees at gee mail

    ReplyDelete
  12. Please ignore the previous comment - I have worked it out. The problem was the part when I went to the LastPass download page
    https://lastpass.com/download.php
    I was misled by the LastPass Universal Installer here and assumed that must be it - instead you need to click on Full List of Downloads for your Platform and find the one specifically for Portable Chrome - perhaps the instruction above could be updated to note this,

    Rob

    Rob

    ReplyDelete