LastPass : The last password you'll have to remember

Resolutions Recap: Share Your Feedback!

2012-02-10T13:11:00.024-05:00

Over the course of the last 6 weeks we've shared 10 "New Year's Resolutions with LastPass" posts, detailing how you can improve your security with LastPass this year and get the most out of what our password manager has to offer.

In case you missed them, here's a quick summary of the topics we covered, with a link to each blog post:

We'd like to know:

Did you find our posts helpful?
Did you follow any of the recommendations to improve the security of your account or try new features?
Have they inspired you to recommend LastPass to your friends and family?
Are there other questions or LastPass features you'd like to see covered?

Please share your thoughts and experiences below!

Best,

The LastPass Team

Resolutions with LastPass: #10 Strengthen Your Master Password

2012-02-08T10:32:00.015-05:00

For the last installment in our resolutions series, we wanted to touch upon an important aspect of using LastPass: the strength of your master password. At LastPass, we've always touted we're "the last password you'll ever need". With only one strong password to remember and a host of customizable security options, you can let LastPass take care of the rest. So it goes without saying, then, that your LastPass master password should be strong and unique while still memorable.

Test the strength of your master password today by running the Security Check, located in your LastPass Icon menu, under the "Tools" menu. Once complete, you can scroll down to "How strong is your LastPass master password?" section.

The strength meter uses an algorithm that measures unique characters as well as number of different characters such as letters, numbers, symbols, including uppercase and lowercase. Your master password remains secure since the check is done entirely locally.

Less than satisfied with your score? Consider updating your master password. One of our recommendations for creating a strong, unique master password is to break down a memorable phrase into letters, numbers, and symbols.

For example, let's take: "I got 99 problems but a password ain't one". Thinking of memorable characters to assign to the phrase, we could end up with: "Ig96pZb@pwA1". And voila - a 12-character random password that you'll remember because you can say it to yourself as you type out the character that's associated with each part of the phrase.

If you want to update your master password, you can do so by going to "My LastPass Vault", launching the "Account Settings" link, and entering a new master password in the field. Practice logging in a few times with the new master password to ensure you'll start committing it to memory!

Best,
The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Resolutions with LastPass: #9 Check Out Multifactor Authentication Options

2012-02-06T11:30:00.031-05:00

If you're looking to increase your security with LastPass, we strongly encourage you to take advantage of our multifactor authentication options.

Multifactor authentication simply refers to adding a second piece of information that must be submitted before allowing access to your account. After entering your LastPass email address and master password, you would be prompted to submit the information from another, often physical, device. This means that even if someone compromises your master password, they can't gain access to your account without the second form of authentication.

LastPass offers several options for multifactor authentication. Some are part of the basic free version of LastPass, while others are offered as a Premium feature:

Google Authenticator (Free): Once you've installed the app on a supported smartphone and added your LastPass account to the app, you simply launch the Google Auth app and enter the generated key in the browser dialog when you're logging in to your LastPass account. See our help article for more information about getting started with Google Authenticator.

Grid (Free): Grid works by generating a spreadsheet of random values that resemble a Battleship grid. Once enabled, you'll be prompted to find four values from the spreadsheet and enter them to gain access to your account. See our help article for more information about getting started with Grid.

Sesame (Premium): Once enabled for your account, Sesame generates secure One Time Passwords (OTPs) for you to login to your account. The feature can be run from a USB thumb drive, and you have the choice to copy the OTP to the clipboard or launch the browser and pass the value automatically. See our help article for more information about getting started with Sesame.

YubiKey (Premium): A YubiKey is a key-sized device that you can plug into your computer's USB slot to provide another layer of security when accessing your LastPass Account. YubiKeys are immune from replay-attacks, man-in-the-middle attacks, and a host of other threat vectors. The key can be purchased from Yubico and bundled at a discounted rate with LastPass Premium. See our help article for more information about getting started with the YubiKey.

Fingerprint and Smart Card Readers (Premium): LastPass has support for a small selection of fingerprint readers, including Windows Biometric Framework, and experimental support for smartcard readers.

Three other things to note about multifactor authentication:

You can mark your personal device(s) as "trusted", so you do not have to enter your multifactor authentication data every time you login in that location. When you go to a device that is not saved as trusted you will then be required to submit the second form of authentication.
You can permit mobile access to your data to ensure you can continue using the mobile apps even with multifactor authentication enabled. You can then restrict mobile access to specific devices to prevent unauthorized access on any "untrusted" mobile devices.
Enabling multifactor authentication will bump up your "Security Check" score by 10 points.

We hope you'll try one of our multifactor authentication options for increased security with your LastPass account!

Best,

The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Resolutions with LastPass: #8 Generate OTPs to Use on Untrusted Computers

2012-02-03T09:52:00.025-05:00

Logging in from a hotel computer while on vacation? Checking your email from an Internet cafe? Need to briefly use LastPass on a library or university computer? Then you should generate some One Time Passwords and carry them with you!

If you need to access your LastPass data while away from a trusted device, but are hesitant to do so because of potential keyloggers, LastPass provides One Time Passwords (OTPs) as one option for securely logging in to your account.

One Time Passwords are temporary passwords that grant one-time access to your LastPass vault. Once an OTP is used, it can never be used again. The OTP also prevents your master password from being stolen by keylogging software because you don't need to enter it when logging in with an OTP.

While you still have access to a trusted computer, go to the OTP management page: https://lastpass.com/otp.php to generate and print your OTPs. You must also be logged into the LastPass browser addon to manage your OTPs. From this page, you will see links to Add a New One Time Password, Clear All OTPs, or Print your OTPs:

To add OTPs to your list, click the "Add" link. Once you've generated a few OTPs, you can click the "Print" link to carry your OTPs in your wallet, or a copy of them can be carried with you on a portable USB thumb drive.

When you're ready to login to LastPass from an insecure computer, you can revisit the OTP management page to login with one of the OTPs on your list:

Even if the OTP is captured by malware, the password will not allow access to your account in subsequent attempts because it expires after you login with it once.

If you know you'll need to login to LastPass on an insecure computer, be prepared by generating and printing some OTPs!

Best,
The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Help Us Celebrate "National Change Your Password Day"!

2012-02-01T13:24:00.013-05:00

Yep, you heard us right - National Change Your Password Day, an impromptu initiative by the teams at Gizmodo and Lifehacker. In the last few days they've worked to drum up some anticipation for, let's face it, perhaps the most groan-worthy day of celebration possible.

But that aside, we support their quest to spread better password practices and to push the idea of a password manager as the only efficient way to do the password thing right.

We know it's difficult to inspire change for how we handle passwords. After all, who wants to spend the time and energy worrying about them? There are so many reasons not to try - we're busy, we're lazy, we don't think it will happen to us, and besides, we have our one or two strong passwords that we use everywhere, right?

But there's one good reason to put some thought into passwords today, and that's LastPass. LastPass centralizes your account data, makes it easy to generate strong, unique passwords, helps you easily login to your sites, and ensures you have your data where you need it, when you need it.

So in honor of National Change Your Password Day, could you do two things for us?

Run the Security Check (via the LastPass Icon, under the Tools menu select 'Security Check') and commit to updating just 1 weak password today, and
Tell someone about LastPass, and how it's changed your life.

Help us #bethepasswordchange today for a more secure tomorrow.

Best,

The LastPass Team

Graphic courtesy of Lifehacker.com

LastPass 1.90 Released for All Browsers, Featuring Import & Export of WiFi Passwords

2012-01-30T09:49:00.017-05:00

As many of our users may have already noted, a LastPass addon update for all browsers has been rolled out, with a few big and small changes.

On Windows and Mac OS X, LastPass can now pull WiFi passwords from your computer and save them as a new type of "Secure Note". To do so, locate your "Tools" menu under the LastPass Icon, select "Import" and choose "WiFi passwords":

Selecting the WiFi Passwords import option generates separate secure notes for each WiFi network, and stores the passkey and connection type for each. On Windows, you can then export the WiFi passwords onto other computers! The process does require a WiFi connection to import and export, and for Windows requires a separate executable that's only added when you run the Windows installer. Please see our helpdesk article for more information on using the new feature: http://helpdesk.lastpass.com/getting-started/importing-and-exporting-wi-fi-passwords/.

Also on the list of updates and improvements are:

HSTS support on LastPass.com for all browsers,
A universal installer for OSX,
Support for the autocompletetype attribute,
For Enterprise, sites can be added to, removed from, and shared between Shared Folders much more easily,
And a number of performance and functionality improvements.

More exciting updates on the way!

Best,

The LastPass Team

Resolutions with LastPass: #7 Update Your Account Email Address

2012-01-27T10:44:00.015-05:00

We've said it before, but it's important that your LastPass account email address is up-to-date. You'll need a valid email address to receive security notifications, records of changes to your account, and other important updates from LastPass.

Take a moment to:

Update your LastPass account email address,
Update your LastPass account security email address,
Use the "Test" links to verify you receive notifications, and
Use LastPass to search for accounts still using an old email address.

You can update your LastPass email address at any time by logging into your account, going to your Vault, and selecting the "Account Settings" link at the top right.

In the Settings dialog that opens, you'll see a field with your current account email address. You can update the field with a new email address, and confirm the change.

If you've also enabled a "security email address" for your LastPass account, it too should be up-to-date. Emails regarding multifactor authentication devices and other security steps may be sent to your security email address. The security email address can also be updated at any time in the "Security" tab of the Account Settings dialog.

LastPass can also help you identify sites in your vault that use an outdated email address. Simply search for the email address in the vault, and you can note which accounts still utilize the old email address. Record any updates made to your online accounts when prompted by LastPass to save the changes.

With centralized access to your accounts, LastPass should help make your digital move much easier!

Best,
The LastPass Team

New: LastPass for BlackBerry PlayBook 2.0 is Here!

2012-01-25T12:08:00.014-05:00

With the official release of BlackBerry PlayBook OS 2.0 on the horizon (rumors anticipate a release sometime in February), we've officially launched LastPass in the BlackBerry App World! The app is our Android app repackaged to run on PlayBook OS 2.0 with the Android Player, providing more convenient, on-the-go access to your passwords.

We're also excited to see a positive initial response to the app's release! Isaac Kendall of CrackBerry.com writes that the new app has given him "a user friendly way to take advantage of the awesomeness that is LastPass."

Similar to the LastPass app for BlackBerry smartphones, the Android app for PlayBook includes:

A built-in browser that allows you to launch and autofill your logins
The ability to fill registration and shopping forms in the LastPass browser
Adding and editing sites, secure notes, form fill profiles, and other data stored in your vault
Copy-paste from the LastPass vault to other apps

You can now find the LastPass app in the App World for the BlackBerry PlayBook OS 2.0. Note that it's part of our Premium upgrade ($12 per year for unlimited access to all Premium features), but can be tested with a 14-day free trial.

Best,

The LastPass Team

LastPass for Windows Phone 7 Update: Edit, Add Sites and Secure Notes

2012-01-23T09:09:00.006-05:00

Along with improving the overall performance of the app, our latest update to LastPass for Windows Phone 7 addresses one of our most heard user requests: the ability to update and add sites and secure notes!

After logging in to the LastPass app, you'll see an updated vault view. Although similar to previous versions with your sites listed by Groups, you'll now see an "Edit" link next to each site entry. Tapping "Edit" allows you to view, update, or copy-paste from the site entry:

As before, tapping on a site name launches the site in the LastPass browser.

If you tap the ellipsis (three dots) from the main vault view, you'll also notice an updated menu. "Add Secure Note" and "Add Site" are now listed as options, allowing you to add new data to your account:

The update to the Windows Phone 7 app is just the latest improvement to increase mobile functionality for LastPass users. More updates and improvements on the way!

Best,
The LastPass Team

LastPass Is Hiring!

2012-01-20T14:27:00.002-05:00

Hi all,

We're looking for talented engineers to expand our development team!

At LastPass, we're passionate about technology, about our product and brand, and about how we can help improve people's online lives in a meaningful way. We're a committed, driven team, and we love what we do.

Our ideal candidate:

Has a degree in Computer Science, Computer Engineering, Math, or Electrical Engineering
Is an active and enthusiastic LastPass user (if you're not currently using LastPass, download it and start using it so we can chat with you about the product!)
Has a command of C, C++, Python, Java, JavaScript, PHP, HTML, JQuery, CSS, and SQL
Has experience with several platforms (at minimum Windows and Linux) - LastPass builds for 12 major platforms, covering a number of versions for many of them
Is comfortable with rapid release cycles
Lives in proximity to Vienna, VA (the greater DC metro area) so that you can be in the office at least 3 days a week

LastPass headquarters are based in Vienna, Virginia, centrally located near the nation's capital and easily accessible by public transport. Employees enjoy flexible work hours, flexible holidays, and a great benefits package. A weekly company lunch outing helps keep the social atmosphere relaxed.

Interested? Please contact us!

Best,
The LastPass Team

New Year's Resolutions with LastPass: #6 Revamp Form Fill Profiles with Our 4 Tips

2012-01-18T12:28:00.013-05:00

The LastPass Fill Form feature makes online shopping and account registration less painful by eliminating most of the required typing, getting you through checkout even faster.

If you're already set up with a few Form Fill profiles, here are 4 ways to revamp Form Fill for better use this year:

1. Remove credit card information stored in online accounts. As the recent incident with Zappos shows, it's important for the end user to be as cautious as possible with online shopping. Many sites allow you to store credit cards in your account to facilitate easy checkout. With LastPass Form Fill, though, there's no more need to store them with the site, since it's easy to autofill the next time you check out. If you frequent sites like Amazon, Barnes and Noble, and other retailers, consider updating your site's account settings to not store your credit card information, and rely on Form Fill to insert your data when you need it.

2. Check for expired or outdated Credit Cards. Recently replaced a card? Make sure the new changes are reflected in your profiles.

3. Update profiles with any address changes. If you've moved recently, take a moment to review your profiles to ensure you have the most up-to-date information for your addresses and credit cards.

4. Set a "Default Profile" and use a hotkey to autofill. If you have several profiles but use one more often than the others, consider checking the "default form fill profile" option in the Preferences menu of the LastPass browser icon. You can then set the hotkey for the default profile in the Hotkeys section of the Preferences menu (such as Ctrl + Alt + T). Next time you need to autofill your default form fill profile, you can simply enter your hotkey.

As a quick recap if you're less familiar with the Form Fill feature, you can follow these brief steps to set up a Form Fill Profile and get started with autofilling online shopping and registration forms:

Go to your LastPass Icon, and from the Fill Forms menu select "Add Profile"
Give the new profile a memorable name, especially if you have profiles for more than one person, credit card, or address
Enter your contact information or credit card data to the profile, and save
Start shopping! The next time you're on a checkout or registration page, LastPass will prompt you to autofill with your Form Fill profiles

For more detailed information on how to set up your Form Fill profiles and start shopping more efficiently with LastPass, read our recent in-depth blog post.

Best,
The LastPass Team

Have a LastPass tip of your own? Or a feature or question you'd like us to cover? We'd love to hear your thoughts at press@lastpass.com.

Have a Zappos Account? 4 Steps to Take Now with LastPass

2012-01-16T13:43:00.026-05:00

Online shoe and clothing retailer Zappos recently announced that the personal account information of 24 million users has been compromised. In an email to their userbase, Zappos confirmed they will require a password reset for all account holders to prevent unauthorized access. Even if you've already reset your password for Zappos, it's important to double-check that your new Zappos password is secure, that you weren't using the same or similar password on other sites, and that you don't have other critically weak or duplicate passwords lurking in your vault.

Follow our steps to:

1. Run the LastPass Security Check

Go to the "Tools" menu in your LastPass browser addon, and select the Security Check to review your data. Once complete, you'll receive a score from 0 to 100 and a detailed analysis of your stored passwords. We've mentioned before the importance of auditing your vault data to get an idea of how strong your passwords are, and to identify passwords that are still in use across multiple sites.

For a more in-depth look at the Security Check, read our related blog post.

2. Note Any Sites Using the Same Password as Zappos

Once your Security Check results are in, note if the password for Zappos is shared with any other account logins. If so, make a list of the sites (or print off the LastPass Security Check results) to reference as you make changes.

3. Update Your Zappos Password

Go to the Zappos password change page to login to your Zappos account. You can also launch Zappos by clicking the "visit site" link next to the entry on the Security Check page to login and go to the account settings page.

From there, use LastPass to generate a new password, selecting "show advanced options" in the password generator if you'd like to increase the number or types of characters used. When you submit the changes, confirm the update to the site entry stored in LastPass.

4. Update Sites Sharing the Same Password as Zappos

Follow the same steps to login to any other site sharing the Zappos password and update the account with a new password generated by LastPass. Note that you can access the LastPass password generator under the Tools menu in the LastPass Icon at any time.

For more details on how to update old logins with passwords generated by LastPass, see our previous blog post with step-by-step instructions.

Be Vigilant

We know our users do a great job of following best password practices with LastPass; if you feel you could improve, our resolutions posts will help you get started (more posts on the way!). We want to say thanks to our users who have been enthusiastically recommending LastPass as a password management solution in the wake of the Zappos leak and similar incidents. We hope to continue spreading the word that you don't have to use the same password everywhere, and that with LastPass there's an easier, more secure way to manage your online life.

Best,
The LastPass Team

New Year's Resolutions with LastPass: #5 Generate Your Answers to "Security Questions"

2012-01-13T12:08:00.011-05:00

While the password generator is key for diversifying and strengthening your account passwords, it's also a great tool for providing answers to common "security questions" for your accounts.

Security answers are often included as a second form of login verification or as part of an account recovery process, most frequently with online financial institutions and email accounts. Although many sites have made an effort in recent years to increase the obscurity of the security questions (at least, we hope they're generally better than this), the fact remains that the answers to common security questions are more accessible than ever before. Even if you're not a high-profile target, by generating answers with the LastPass password generator you'll help reduce the risk that someone may use security questions to compromise your accounts.

When registering for new sites that require an answer to a security question, it's simple to quickly generate an "answer" and add it to the new site entry stored in LastPass.

Let's say you're signing up for a new Gmail account. After going through the set-up process, we go into the account settings to create a security question & answer for account recovery purposes.

After selecting a question from the drop-down options, we go to the LastPass Icon, choose the Tools menu, and open the "Generate Secure Password" feature:
When the dialog opens, you can check "Show Advanced Options" to customize your generated password:

Click "generate" to create a new password with your customized options, then "copy" to copy the password to your clipboard. Go back to the security answer field, and paste the generated password. After confirming that your new answer is accepted by the site, you can go to your LastPass Icon, click on the site name listed at the bottom of the menu, and open the "edit" dialog. Paste the generated password in the Notes, also noting which security question you chose.

If you know you're using personal information for security answers, set aside some time to login to those accounts, generate a new "answer" with LastPass, and store the update in your site entry. Accounts for online banking, email, social media, and credit cards are all good places to start.

Generating answers with LastPass doesn't directly affect your Security Check score, but it will improve your overall online security.

Best,
The LastPass Team

New Year's Resolutions with LastPass: #4 Root Out Insecure Account Data, Store Miscellany in Secure Notes

2012-01-11T11:18:00.018-05:00

LastPass allows you to condense all of your login data to one secure yet accessible account. This removes the need for you to rely on documents with lists of passwords, browser password managers, or worst of all, those sticky notes taped to the bottom of your keyboard or posted around your office and home.

Take a few minutes to track down any remaining password files that have not been imported to LastPass. If you still need the login or data, add it to LastPass before deleting or shredding the file.

Places to look for passwords include:

In your browser password manager, typically located under the browser's Tools menu.
In Excel files on your personal and work computers.
Notebooks, planners, and amongst your general paperwork.
Scraps of paper pinned to message boards, or taped to the computer, keyboard, or mouse pad.
Emails sent to you by the sites you use. A number of sites still email plain-text versions of your password and other account information. Once you've confirmed the site is stored in LastPass and the password is a generated one, delete the email.
Notes made to Outlook "Contacts".
In text messages, logs of chat conversations, and other digital correspondence. Consider the Share feature if you need to send login information to family, friends, or coworkers.

Consider adding other scattered personal data to LastPass as a "backup file" to help with future emergency situations. If you're carrying it in your wallet or could potentially need the information while traveling, a LastPass Secure Note makes a good storage option.

Types of data to "backup" to LastPass may include:

Credit cards, including customer service telephone numbers and account information linked to the card. If lost or stolen, you can pull up the secure note, and quickly cancel the card.
Passports, with contact and address information for the nearest US Embassy, and other data needed to replace a lost or stolen passport.
Frequent flier IDs and hotel loyalty cards.
Health insurance IDs and other medical record information to help make filling out forms at the doctor's, dentist's, and other offices a breeze.
Metro passes and associated account information.
Gift cards or coupon codes for online accounts.
Pins, lock numbers, and other access codes, for both digital and real-world locks.

We hope our tips help reduce some of the e-clutter that accumulates from your online accounts, as well as increase your security by reducing the risk that someone happens across login information left lying around. With the go-anywhere accessibility of LastPass, you'll also ensure you have records of your accounts and personal data when you need it most.

Best,

The LastPass Team

New Year's Resolutions with LastPass: #3 Replace Weak and Duplicate Passwords

2012-01-09T12:22:00.019-05:00

With a newly reorganized vault and the results of the Security Check in hand, let's roll up our sleeves and go through the steps to update those weak and duplicate passwords.

We recommend starting with important passwords - online banking, email addresses, online shopping accounts with stored credit card information - that are critically weak (the bar is red in the results) or that share passwords with other logins. Set a goal to work on a handful of accounts at a time, over several days or weeks if needed, until all passwords are at a 'strong' level. This is likely the hardest resolution on our list, but an important step to increasing your online security with LastPass.

To start with the most critical areas first, we want to pay attention to the Security Check results that display the number of duplicate passwords, the number of sites with duplicate passwords, and the number of weak passwords:

The Security Check's detailed results makes it easy to identify these problems and correct them. The sites are ranked from weakest passwords to strongest passwords, with the weakest showing a shorter red bar, and the strongest showing a longer green bar.

As we've shown before, updating a site's password requires logging into the site itself, then using LastPass to go through the password change process. By clicking "visit site" next to the weak password in the Security Check results, LastPass will take us to the login page for that entry:

For example, if a Gmail login is very weak or is currently the same as another password, we'll click "Visit Site" and be directed to the Gmail login page, where LastPass will autofill the data:

We can then navigate to Gmail's "account settings" page, where we can access the page to change our Gmail password:

On the password change page, LastPass will present a notification bar, allowing you to first autofill the existing password, and to then generate a new password. Note that when you click the "Generate" button, you can check the "show advanced options" box to customize the length of your password, and the types of digits, characters, and letters that will be included in the generated password.

When the fields are complete, save the account changes. LastPass will present another notification bar, asking you to confirm the change to an existing account, or to save a new site entry. When clicking "confirm", a dialog will appear allowing you to select the entry to which you want to apply the change.You should then repeat this process with every site that contains a weak or duplicate passwords, working your way through the Security Check results. Note that, after updating the username or password for a site stored with LastPass, you can go to the "edit" dialog and click "History" to see a record of changes made to the entry:

We hope the article provides a helpful push for you to remove duplicate and update weak passwords. You're well on your way to topping the Security Check!

Best,
The LastPass Team

New Year's Resolutions with LastPass: #2 Organize Your Vault

2012-01-06T10:10:00.014-05:00

Now that you ran the LastPass Security Check and received your score, it's time to start getting things more organized so we can help you improve your numbers and start taking advantage of more LastPass features.

When you reviewed the Security Check results, you may have noted that you have a few weak passwords, old login information, and maybe even duplicate site entries as a result of importing old data. Our tips today will help you de-clutter your logins so we can move to the next step of updating your old passwords and improving your Security Check score.

Some of you ambitious LastPass-ers may have already moved on to that step, but for those taking this slowly we're helping you break this down into manageable steps!

1. De-Clutter Your Vault with Groups

If you go to your LastPass Icon and open My LastPass Vault, you will see your data displayed in alphabetical order by site name:

By default your sites are organized into three Groups: Recently Used, Secure Notes (this will not be visible if you have not added a Secure Note) and a blank or 'None' group for sites that have not been assigned to a Group.

Take 10 minutes to Group, or re-Group your logins. Grouping your sites will help break your logins down into manageable segments, helping you quickly access the data you need.

Click the "Create Group" link to create new Groups in the vault:

You may find it easy to create Groups by category, such as Email, Social Networks, Shopping, Banking, and more. Others may prefer to group by the area of their life: School, Home, Work, and others. Find a system that works for you, create as many Group folders you think you may need, and start re-arranging. If you want to re-name an existing Group, you can right-click on the Group name and choose "Rename Group".

Sub-Groups can also be created if you want to further break down a category.

With your Groups created, you can start dragging and dropping sites into the Groups. You can also right-click on a site name and choose "Move to Group" or "Move to Sub-Group".

If you have a large number of sites, you may find it easier to move multiple logins at once by using ctrl + left click or shift + left-click, then right-click over the entries and select an action:

Now, when you are prompted to add new a site to LastPass, you can simply click the "Group" drop-down you can select the appropriate location or create a new Group to keep things organized.

2. Delete Old Logins

You may have noticed you still have old logins with invalid passwords lingering in your vault. You can delete the login from you vault by selecting "delete" for the entry.

Sites can also be deleted by right-clicking over the site name in the vault and selecting "delete". Large numbers of sites can be deleted by ctrl + left-clicking or shift + left-clicking to select multiple sites, then right-clicking over the entries and choosing an action.

If you accidentally delete a site and need to retrieve it, simply go to your More menu in upper-right corner of the vault, and select "Show Deleted Sites".

From this page you can check one or more logins and click "Undelete" from the right-hand menu. Deleted entries are cleared after 30 days.

3. Remove Duplicate Entries

Those who imported data from previous password managers or from a browser may notice duplicate entries stored in the vault. To quickly de-clutter these duplicates, click the "Account Settings" link in the vault:

and choose the option to "Remove duplicate sites from your account":

You're Making Progress!

With a newly re-organized vault and your sites neatly grouped, we hope you'll find it easier to manage and access your data. De-cluttering will help us move forward with steps to up your security check score and generally get more out of LastPass. More tips are on the way!

Best,
The LastPass Team

New Year's Resolutions with LastPass: #1 Run the LastPass Security Check

2012-01-04T10:16:00.011-05:00

In the spirit of setting new goals and making positive changes as we start the new year, we're putting together a mini-series of posts on "New Year's Resolutions with LastPass". Our little tips and reminders will contain simple steps that help increase your online security in 2012, and ensure you get the most benefit out of the features LastPass has to offer to improve your digital life.

First up, let's take stock of the data stored in your LastPass account with the LastPass Security Check! Located in your LastPass Icon under the Tools menu, the LastPass Security Check analyzes the passwords stored in your LastPass account.

When you open and run the Security Check, you are given a score from 0 to 100 and ranked amongst LastPass users who have taken the test before, based on such factors as the strength and uniqueness of your passwords, the number of passwords stored in LastPass, and the use of multifactor authentication with your account.

You might be surprised by the results - most people underestimate the number of logins they have stored, and the number of old passwords still lurking there.

If you've run the Security Check before, you will see a graph charting the history of your performance over time - hopefully showing improvements as you've continued to use LastPass!

Take a minute today to run the Security Check and review your numbers. We won't get into the work right now of raising your score, but let's use it as an opportunity to see how your passwords are doing, and see where there are some areas for improvement. Do you have a lot of old logins with old, simple passwords? Are you still using the same passwords across multiple sites?

If you answered "yes", or just generally see room for improvement, our upcoming posts will help you up your score and get back on track!

Best,
The LastPass Team

Your LastPass account is safe on Carrier IQ enabled mobile devices

2011-12-01T11:10:00.019-05:00

When we read what Trevor Eckard found regarding logging being done by an application installed by default on a number of HTC and Samsung based Android phones, we were concerned about just how far this Carrier IQ keyboard logging went.

We had to know if any of our users were at risk, so we could alert them to any danger. We replicated Trevor's findings, which he explained in his post on AndroidSecurityTest.com (the site seems to be intermittently down): http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

He also posted a YouTube video, now making it's way through the media, showing his tests:

We saw the same log entries Trevor saw when dialing phone numbers, and receiving SMS, so that is confirmed.

We did not see any log entires when using the general keyboard though, including when typing into our LastPass for Android app and our LastPass for Dolphin HD app. The LastPass pin code entry does not utilize the phone keyboard so that is safe as well.

This is very good news as your LastPass account - and most importantly, your master password - is safe on your Android phone even if Carrier IQ installed.

Please note that utilizing a multi-factor authentication device like Google Authenticator with your LastPass account would protect you even if an application was logging keyboard events, so it's highly recommended.

We'll continue to monitor the situation and assess potential risks to LastPass users.

The LastPass Team

Three Great New Features Added to Windows Phone 7 App

2011-11-28T12:59:00.008-05:00

Our recent Windows Phone 7 update includes three new features to help round out your LastPass mobile experience. We've added support for pin-code prompt on reactivation, grouping of sites in the vault, and fast-app switching. Here are the specifics:

Pin Code Prompt

You can enable the pin code prompt in your app settings so that when multitasking back to the LastPass app, you're prompted to enter your 4-digit code. This provides an extra layer of security that's more manageable on your Windows Phone 7, since you won't have to re-enter your master password each time you reopen the app.

To enable the pin code prompt, login to the LastPass app to view your LastPass vault. Tap the ellipses (three dots) at the bottom of the screen to expand the menu options. Tap the "set pin code" option, and enter a 4-digit pin code. The next time you multitask away from and back to the LastPass app, you'll enter this pin code to regain access.

Grouping of Sites in the Vault

Previously, the Windows Phone 7 app displayed all of your stored data as a list in alphabetical order. With the latest update, your sites will now be organized by groups, the same way they are organized in the vault via your desktop browser addon.

Grouping allows you to better organize your data and more quickly sort through your sites for the logins you need.

Fast App Switching

Support for Fast App Switching allows you to easily switch between LastPass and other apps, helping to improve your workflow. To use Fast App Switching, hold down the back button and you will see all apps that are currently running. You can tap another app's icon to quickly switch to that app.

Plus more!

We made several improvements and bug fixes. For example, if you've enabled Google Authentication and are using it to login to the LastPass mobile app, we've improved support for switching apps when entering the Google Auth login code. We're working hard to bring more updates and improvements to our mobile apps and browser addons - stay tuned!

The LastPass Team

Gearing Up for Seasonal Online Shopping: A User's Guide to LastPass Form Fill

2011-11-22T14:39:00.016-05:00

If you're looking to do some serious online shopping this holiday season (Cyber Monday, anyone?), LastPass helps reduce the frenzy, so you can easily pay for the items in your cart and move on to other things on your TO-DO list. Our "Form Fill" feature simplifies the shopping process by filling registration, shipping, and billing forms with one click!

In this post we'll take you through setting up profiles for maximum efficiency, including how to use the mix & match option for simplified autofilling.

Set Up a Fill Form Profile

Let's get started by setting up a form fill profile, such as a profile for your shipping address. Click on your LastPass Icon, select "Fill Forms" from the menu, and choose "Add Profile".

A dialog will open, where we can enter our name, address, birth date, and other information we might be required to enter in a shipping form when checking out online. Name the profile something memorable so you know when to use it, like "Bob Home Shipping".

Create a profile for each combination of name and shipping or billing address, labeling them as you go. You may want a "Work Shipping", "Home Shipping", and more, depending on your needs. If some of the information overlaps, you can copy a Form Fill profile by selecting your LastPass Icon, then "Fill Forms", selecting a specific profile, and choosing "Copy". A new profile dialog will be opened with information from the profile already filled in - this reduces the amount of duplicate information you'll need to enter when creating your profiles.

Add a Credit Card Profile

You'll notice there's a credit card tab in the profile dialog as well, but unless you always use the same profile with the same credit card, consider adding a separate profile for each of your credit or debit cards that you use when online shopping.

Click on your LastPass Icon, select "Fill Forms", and choose "Add Credit Card".

Here you can enter your name, credit card number, start and expiration dates, and other data you may be required to enter when filling out a checkout form. You may have a profiles for a "Debit Card" or "Corporate Credit Card" - whatever will cover the range of your online shopping needs.

Fill a Form!

Ok so now that you're all set up, it's time to get down to business. Let's head to Amazon.com to purchase the items in our cart. When we get to the shipping page and click on one of the fields, LastPass gives me a notification for Form Fill. We can click "Fill Form" and choose the profile we want to use for our shipping address - then LastPass autofills the data!

With that data entered, I can proceed to the billing information, where I use my credit card profile to autofill the form:

Done! Now we're ready for to complete the transaction.

Note that if LastPass does not prompt you with your form fill profiles, you can click your LastPass Icon, choose "Fill Forms", and select a profile to autofill your data.

Mix & Match

If you're on a registration or checkout form where the shipping and billing information are shown all at once (as opposed to separate pages like Amazon), our Mix & Match option allows you to quickly pair up two profiles and autofill your data.

Click your LastPass Icon, choose "Fill Forms", and select "Choose Profile and Credit Card". In the dialog, you can choose a profile from the left-hand side, and a credit card from the right-hand side.

LastPass will then autopopulate the corresponding fields with the data stored in each profile.

More Tips for Online Shopping with LastPass

Here are a few other helpful tips from our team:

If you create new accounts as you shop, use LastPass to generate strong, unique passwords
Consider enabling a multifactor authentication (such as the newly-supported Google Authenticator) for increased security
Use the "Share" feature in LastPass instead of emailing, IM-ing, or texting passwords to friends & family who need access to shared accounts
Beware of phishing attempts. Use LastPass to launch your sites rather than clicking on links in untrusted emails to reduce the risk of compromised logins

Happy shopping, everyone!

And Happy Thanksgiving,

The LastPass Team

Introducing Support for Google Authenticator

2011-11-04T16:40:00.003-04:00

We're happy to announce the inclusion of Google Authenticator as a new multifactor authentication option for LastPass. With the latest LastPass plugin and a supported mobile device, you can now use your phone in conjunction with your master password to generate a secure key that is needed to login to your account. Authenticator token support has been a hotly anticipated addition to LastPass, and we're happy to make good on that obligation to our users.

We strongly believe in multifactor as being an excellent way to protect your sensitive data, and so we are opening this feature up to all LastPass users, including free accounts. For further information on setting up your account with Google Authenticator, or running it on unsupported devices, please see our helpdesk article.

Moving to a New Email Address? Update LastPass, too!

2011-10-12T10:41:00.007-04:00

There's no doubt moving is an intensive process. One time-consuming but important task is to send off your new address to all of your contacts and make a list of all the bills and services you'll need to update. Moving in the digital world is no different! If you're transferring over to a new email address, don't forget to update your LastPass account if the previous email address will no longer be valid or accessible.

A valid email address for your LastPass account is very important. Security notifications, records of changes to your sites, and updates from LastPasss will be sent to the email address associated with your account.

If you've also enabled a "security email address" for your LastPass account, double-check that it's up-to-date. Emails to enable or disable multifactor authentication devices and other security steps may be sent to your security email address.

You can update your LastPass email address at any time by clicking on your LastPass Icon, selecting 'My LastPass Vault', and clicking on the 'Account Settings' link at the top right of your vault. You'll see a field containing your current email address, which you can replace and then confirm by submitting your LastPass master password. To update your security email address, go through the same steps, but click on the 'Security' tab, where you'll see your current security email address. Again, replace the field with an updated email, then confirm by entering your LastPass master password.

LastPass also makes it easy to identify other sites that you'll need to update. By searching for your old email address in your LastPass vault, you'll see which entries have it registered as a username or account email address. As you go to each sites and update your email address, confirm the changes to the entries saved in LastPass when prompted by the LastPass notification bar.

Enjoy your new digital home!

The LastPass Team

Free 6 Months Premium for All University Students!

2011-09-20T14:55:00.011-04:00

With back-to-school season in full swing, we're giving away 6 months of LastPass Premium to all university students! For a limited time, students with a valid university email address can go to lastpass.com/edu to go through the quick steps to upgrade your LastPass account.

The Premium upgrade will allow students to take full advantage of LastPass' secure cross-browser, cross-platform syncing capabilities to access login data from anywhere, at any time. LastPass makes student life a bit easier by helping you get organized with your digital life and get on with your semester - no more forgotten passwords and no more re-using the same password everywhere. And if your computer happens to crash (fingers crossed it doesn't, especially right before finals, but if it does...) you'll be able to reinstall LastPass with no data lost and one less thing to sweat about.

Best of luck this year, students!

Thanks,
The LastPass Team

New LastPass Enterprise Feature: Link Your Personal Account to Your Company Account

2011-08-25T09:53:00.021-04:00

We've added a new feature to LastPass Enterprise that allows you to link your personal LastPass account to your Enterprise LastPass account, making it even easier for you to maintain a workflow between the two!

Take the following scenario. You've been a LastPass user for a while, and are loving the convenience and security it adds to your digital life on a daily basis. You start thinking about how disorganized your office is when it comes to passwords - always tracking someone down to get that login, trying to find the Post-It that someone tacked to the community board with the pin to that program...And that's when you suggest LastPass Enterprise, the SMB solution to password problems!

But once you convince your company to give LastPass a go, you may run into the issue of keeping your current, personal account separate from your newly-created Enterprise account. However, you also don't like the idea of managing two different LastPass accounts. And that's where Linked Accounts comes in!

Our new option to "Link Personal Account" allows you to integrate your personal account with your Enterprise account, without mixing your personal data with your business data.

Getting set up with Linked Accounts is easy. Just login to lastpass.com with your Enterprise account. Once you're logged in, you can click on the "Link Personal Account" link on the left-hand Actions menu:

When prompted, you can then login with your personal account. And voila! Your personal LastPass account will now appear as a sub-folder in the vault of your Enterprise account, and you will be able to view, edit, and login to your personal sites as usual.

Whatever company policies have been created by your organization for LastPass Enterprise will be applied to that sub-folder when you are logged in via your Enterprise account. However, you can still login separately to your personal account, and those Enterprise policies will not be transferred over, nor will the login activity for the sub-folder or your personal account be reported to the Enterprise Admin. Any updates you make to the sub-folder will automatically be pushed back to your personal account.

More great LastPass Enterprise updates are on the way. Try adding your LastPass account to your Enterprise account today - and if this has held you back from starting a trial for your company, check out LastPass Enterprise to see if it meets your company's needs!

Thanks,
The LastPass Team

LastPass Gets a New Look for Mac Lion & Safari 5.1 Release

2011-07-21T12:08:00.015-04:00

With the official announcement of OSX 10.7 Lion by Apple, we've released a new version of LastPass for Safari 5.1 - with a new look, too!

Apple has made some significant updates to Safari, some of which have affected how LastPass works. The native SIMBL extension is no longer compatible due to the changes to the browser, so we took advantage of some of the new features of their extension interface to make our Javascript extension much better.
For example, we have implemented a popover-style menu that significantly improves the usability and user interface of LastPass compared to previous versions. We have added a search input box on the main menu, which many users requested to improve searchability of logins. The password generator is also accessible from the main menu, giving easier access to new, secure passwords.
Once you've upgraded your system to Mac OSX Lion or your browser to Safari 5.1, you can install the new version of LastPass. First uninstall all traces of LastPass that you may have installed in your new Safari - copy-paste https://lastpass.com/lpsafari.dmg to Safari or another browser on your Mac, press "Enter" to start the download link and choose the "uninstall" package option.

Once complete, copy-paste https://lastpass.com/lastpass.safariextz to Safari and press "Enter" to run the installer. Ensure that extensions are enabled in the Safari Gear menu - Preferences - Extensions tab if the LastPass asterisk button doesn't appear after you complete installation.

Known compatibility issues with Safari 5.1:

Basic authentication logins are no longer supported - we are investigating possible workarounds.
The login state of the browser extension cannot be shared with the LastPass extension on other browsers.
Copy username and copy password do not work.

If you're running a 5.0.x version of Safari, you can continue to use the native SIMBL extension or you can upgrade to the new version but you will still see the previous menu bar rather than the new popover menu; this is only available once you upgrade to 5.1.

We believe our new Safari extension is a big step forward in our browser integration with Safari, and with the LastPass user experience as a whole. Our intent is not only to give LastPass a makeover, but to simplify access to your data and reduce the number of clicks you need to make to get the job done.

We know it's a big change for our users, and we welcome your reactions or suggestions via comments below or in an email to support@lastpass.com.

Thanks,
The LastPass Team

LastPass for iPhone Gets an Update!

2011-06-29T15:26:00.013-04:00

It's arrived - an update to our iPhone app!

We've added a few new features and resolved a number of previous issues, amongst them:

"Force offline login" support added - this new option on the app's login screen can be used to speed up the login process if you're in an area with marginal cell phone coverage
Shared folders support added - our latest addition to LastPass for Enterprise is now available on the iPhone app as well
Secure note templates sometimes only showed the first line of data, which we've resolved
A few issues with password re-prompt required are now resolved
A number of crash fixes for improvement of general functionality

Thank you for your continued feedback on our iPhone app, and LastPass in general - we'll continue to roll out updates!

The LastPass Team

Windows Phone 7 Update

2011-06-09T15:33:00.008-04:00

The latest version of the LastPass app for Windows 7 has now been published!

Amongst the improvements are:

Multiple bug fixes, such as improved support for multitasking
Copy + paste support, now that Microsoft has built this into the platform

As mentioned in our previous post, you can launch the app and login to your LastPass account to view a full list of your stored sites. A small menu appears at the bottom of the screen, allowing you to select "launch mode" symbolized by a lightning bolt, in which tapping a site launches it in the embedded browser, or "details mode" symbolized by lines of text, in which tapping a site allows you to view the data saved in the site entry.

The new copy-paste functionality improves the ability to use LastPass to login to other apps and transfer data to other locations. To use the new feature, simply login to your account to launch your vault. Once in "details mode" in the vault, you can tap on a site entry to bring up the "edit" view of the site. If you tap on the little bar with the ellipsis (three dots) at the bottom of the screen, you can select the "show password" option, which allows you to see the password instead of the encrypted dots. You can then double-tap on the password field, and once the text is highlighted you can select the "copy" image that appears right above.

This automatically copies the password to the clipboard. You can now navigate to another app, for example, by tapping the "Windows" button on your phone to then paste the password information to an app's login.

We'll continue to roll out improvements to the app and incorporate new features, such as grouping of sites.

Update your app today to check out these updates!

LastPass Security Notification

2011-05-04T22:32:00.026-04:00

Update 10, May 16th, 3:20pm EST - Final update to this post, we'll make new posts going forward

Actions we've taken:

Multiple security experts and firms were brought in to help us, we've engaged one firm to do a further source code based review.
We're committed to doing several reviews per year and sharing the results of these reviews.
We've had some useful suggestions from the community -- we appreciate your input: https://lastpass.com/support_security.php
One example: to reduce the chance of phishing Iastpass.com was registered -- that's a capital i instead of an L. We've also purchased 1astpass.com
All non-core services have been completely removed from the LastPass network; LastPass now runs the web application and DNS servers only.
Forums, Helpdesk, etc are run offsite on 3rd party servers.
We're looking into moving our support tickets off our network too.
Amazon was utilized to send out the email notification; we're better able to send large amounts of email quickly in the future, and thank Amazon for working to spin us up quickly.
We've commissioned a write only off-site aggregated log server which can only be accessed via the console. This will allow us a guarantee that any logging is intact.

The good:

We were prepared to both disable accounts and force people through password changes, which was something we had planned for.
The steps we took protected all users, even those who used weak master passwords.
Having a live backup system proved invaluable for people who ran into issues, or forgot their new master password after changing it.

We made a number of tactical errors including:

Out of the gate, we inconvenienced a large number of people who knew their password were strong and therefore never could have been at any risk.
Massively underestimating the amount of media attention we'd receive. This had 2 effects: 1. Greatly increased the number of users attempting to change their passwords -- our plan was for people coming from new computers which is a small percentage of the overall user base per day that we could have handled; 2. Drove a big increase in new users as people interested in LastPass attempted to check us out.
We didn't have any previous IP tracking data on previously used computers for people without login tracking. This caused nearly all these people to face password change immediately.
We moved too slowly to shut down password changing once the system was under stress.
We weren't prepared to send large amounts of email quickly, especially after turning off a server. (Resolved going forward w/ Amazon)
Some of our customers were unfamiliar with logging into LastPass in offline mode, panicing a number of them.
Blogger (who we use for blog.lastpass.com) had some downtime through the event.

Additional changes coming:

Our next release will make it clear how to login offline from the login dialog.
We've purchased a large amount of additional server capacity so we can handle extreme load events better in the future.
We'll be utilizing the 'from a new location' capability in a few new security features.

Update 9, ~11am 05/09 EST:

Many users are changing their password and then determining they can't remember it, a number have also run into issues with password changes and want to go back, you can now do this yourself without contacting us: https://lastpass.com/revert

It allows you to either roll back your last password change or revert your account to the 4th. You must prove access to your email again to use it.

Update 8, ~9am 05/07 EST:

We enabled password change to greater percentages overnight and now to all users. Again please note that there is no need to panic, all accounts were put into a locked down mode of only allowing previous login locations or verify via email, until password change.

We're asking any users that have current issues with a password change to use https://lastpass.com/revert to restore you from backups. Many have been people forgetting what password they changed to so make sure you practice that new password a number of times after you change it.

We appreciate your patience, we'll continue to update with any changes.

Update 7, ~6pm 05/06 EST:

Everyone should be able to login (after verifying your email if you are coming from a new IP). We've begun allowing all premium users and a percentage of users to go through password change.

Please note that there is no risk in waiting if you can deal with verifying by email when you use a computer at a new place (IP).

If you experienced an issue with a password change and want to be restored from backups we can do that too and will provide a URL to do it shortly.

Update 6, ~10:30am 05/06 EST:

If you have been experiencing an error contacting the server, please try logging in both via the plugin and the website - you should now gain online access. If you still see an error, please open a support ticket or email support@lastpass.com, if you haven't already done so.

Currently we're not allowing users to change master passwords until our databases are completely caught up and we have resolved outstanding issues. We will update our users via the blog when it is possible to do so.

Thank you for your continued patience.

Update 5, ~1:30am 05/06 EST:

We've added the option for you to say that you know your master password is strong and to avoid password change, we apologize for not having that available when we announced.

We've identified an issue with roughly .5% of users that impacted their master password change, and will be contacting you tomorrow rolling you back to before the change.

Our focus right now is on ensuring we can resolve users with issues, we'll continue to provide updates here.

Update 4, ~10pm EST:

Joe's interview with PCWorld covers more details on what happened, what our thought process has been, and what this means for our users: http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html.

We continue to work as quickly as possible to address user support.

Update 3, ~4:30pm EST:

Logging in offline should be working everywhere if you have logged in using that client before, if you're having problems with this please attempt to login via the website: https://lastpass.com/?ac=1 that should now take you through an email process to enable your current IP.

If you're having problems getting your data with pocket, make sure you're selecting to login to the local file, not logging in at LastPass.com.

If you changed your password and are now having problems we'll help with that too, please email us if that's the case and include your LastPass email address.

For those who haven't been prompted, and have continued to use LastPass without issue -- we've judged the risk to be low if you're using the same IP -- we're only raising the issue once that changes.

Finally if you have issues with password changes please email us at support@lastpass.com, we can revert you, or we can pull data from backups, but please try LastPass Icon -> Clear local cache first.

Update 2, 2:15pm EST:

Record traffic, plus a rush of people to make password changes is more than we can currently handle.

We're switching tactics -- if you've made the password change already we'll handle you normally.
If you haven't the vast majority of you will be logged in using 'offline' mode so you can still use LastPass like normal and get back to your day, only syncing of new password should suffer (and you'll see the bar).

As load lowers we'll increase the percentage of people being sent through email validation / password changing.

For people experience problems please email us at support@lastpass.com -- we have seen a few reports of bogus data post change, we think this is due to you downloading a stale copy and if you go to LastPass Icon -> Clear Local Cache and try again it should work.

You can access your data via LastPass in offline mode or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS).

---

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.

If you have a strong, non-dictionary based password or pass phrase, this shouldn't impact you - the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that's immune to brute forcing.

To counter that potential threat, we're going to force everyone to change their master passwords. Additionally, we're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address. The reason is that if an attacker had your master password through a brute force method, LastPass still wouldn't give access to this theoretical attacker because they wouldn't have access to your email account or your IP.

We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later.

We're also taking this as an opportunity to roll out something we've been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We'll be rolling out a second implementation of it with the client too. In more basic terms, this further mitigates the risk if we ever see something suspicious like this in the future. As we continue to grow we'll continue to find ways to reduce how large a target we are.

For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on.

We don't have a lot that indicates an issue occurred but it's prudent to assume where there's smoke there could be fire. We're rebuilding the boxes in question and have shut down and moved services from them in the meantime. The source code running the website and plugins has been verified against our source code repositories, and we have further determined from offline snapshots and cryptographic hashes in the repository that there was no tampering with the repository itself.

Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting user data.

The LastPass Team.

Update 1:

We're overloaded handling support and the sheer load of password changes is slowing us down. We've implemented a way for you to verify your email and then not be immediately forced to change your password for that IP, access from any other IP would bring you back to email verification. You can now wait a few days if you know you'll be on the same IP without loss of security, and due to this overloading we think that's prudent to wait.

We're asking if you're not being asked to change your password then hold off -- we're protecting everyone.

Content Security Policy (CSP) implemented on LastPass.com -- the beginning of the end of bookmarklets?

2011-03-01T13:29:00.008-05:00

If you're using Firefox 4, you now gain the additional protection afforded by CSP (Content Security Policy) on LastPass.com.

This is a big step forward in terms of protection from any Cross Site Scripting attack - and potentially other browser based attacks - ensuring that even if one occurred, each page could control exactly what pages it can talk to so that there is no possibility of data leakage resulting from the attack.

This has been eye-opening as we've implemented it. It has a reporting infrastructure built in so you can see exactly what requests are being blocked. We've already seen over a dozen unique bookmarklets caught in our CSP blocking net.

Does this mean the end of bookmarklets? Any site with sensitive data will ultimately implement CSP, making even our own bookmarlet for logging in obsolete. Now is the time to start requesting browsers support overrides to the CSP to keep your favorite bookmarklets working everywhere.

Today, CSP is only deployed on Firefox 4, but the LastPass extension should support it on a number of other browsers in our next release.

We haven't fully locked down our CSP yet; today we're allowing every page from LastPass.com to talk to LastPass.com, but soon we'll lock this down further so that https://LastPass.com/?securitychallenge=1 can ONLY talk to https://LastPass.com/?securitychallenge=1, which will be another big step forward.

Cross Site Scripting vulnerability reported, fixed

2011-02-27T21:04:00.007-05:00

While no client data was impacted, we were notified at ~3pm Eastern time yesterday of a non-persistent cross site scripting vulnerability on the LastPass.com website. By 5:30pm it was fixed, tested and deployed; closing the hole. It's important to note that this was not a flaw with the extensions, and could only be potentially exploited if you visited a malicious site that was setup to exploit this flaw while you were logged into LastPass.

The cause of this issue was with our testing procedure for this particular case, which has been rectified. Our logs indicate that there's no sign of this being successfully utilized (beyond the person who found it). We've made a number of changes to improve security on the LastPass.com website and help reduce the chance of a recurrence of this kind of issue:

1) Implemented HSTS: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security This will ensure browsers that support it (Chrome and Firefox 4) will be forced to stay on secure SSL web requests for the lastpass.com domain.

2) Increased our input filtering and stateful inspection.

3) We've implemented X-Frame-Options https://developer.mozilla.org/en/the_x-frame-options_response_header which would make an attack like this more difficult to exploit as it makes it impossible for our pages to be embedded in another page via an iframe/frame.

4) We've begun implementing something very similar to Content Security Policy (CSP) https://wiki.mozilla.org/Security/CSP/Specification LastPass is a browser extension so we can implement this today and we can roll it out far more quickly than the browsers themselves will support it.

We believe this issue to be resolved but are continuing to audit and implement ways to further mitigate risk. If you would like to take extra precautions in the interim a good security practice would be to avoid keeping yourself logged into LastPass if you're visiting websites of ill repute.

CSP is a big step forward in risk reduction from this kind of attack. While we're disappointed we missed this case up-front we're pleased that will lead to an even stronger product in the near term.

For those wanting to learn more about non-persistent Cross Site Scripting (XSS) you can read about it here: http://en.wikipedia.org/wiki/Cross-site_scripting

Our thanks to Mike Cardwell for responsibly reporting this issue.

LastPass

PC Mag Says LastPass Is "Still the Best"!

2011-02-08T10:35:00.005-05:00

Neil Rubenking, Lead Analyst for Security at PCMag, recently published an in-depth review of LastPass and selected us as PC Mag's Editors' Choice for password management!

Rubenking evaluated both our free and Premium products, citing our portability and comprehensive security amongst our greatest features.

When comparing free and Premium, Rubenking comments, "You don't have to pay a penny to get extremely comprehensive and flexible password management from LastPass. The free edition does just about everything you could ask. By spending a dollar a month for the Premium edition, you extend the product's security and scope. Specifically, you gain multi-factor authentication, additional platforms, and useful ancillary programs. Choose either one; both merit recognition as PCMag's Editors' Choice."

We're proud of the five stars we received for both versions of LastPass! We hope to continue providing quality products for our one million users and counting.

LastPass One Million User Giveaway: An Apple iPad and Two $100 Amazon Gift Cards

2011-01-31T11:46:00.028-05:00

Want to enter? "LIKE" our Facebook page:

You can also retweet our #LoveLastPass hashtag, or send us a postcard using registered mail.

The giveaway starts now and ends at 5:00pm EST, Monday, February 28th, 2011. For more information, see our Giveaway Terms and Conditions.

To the one million LastPass-ers and counting: We "LIKE" you, too!

The LastPass Team

UPDATE

We've now received the iPad 2 we'll be giving away to the winner of our LastPass 1 million user giveaway, an upgrade from the iPad!

The reason this hasn't be delivered yet is that LastPass users were able to submit an entry to the giveaway by liking us on Facebook, sending us a post card or tweeting some LastPass love. All 3 winners fell under Facebook's random range, but unfortunately, we ran into a bug in Facebook that has prevented us from identifying the giveaway winners chosen at random from the total pool of submissions.

We filed a bug report with Facebook in February and have been attempting to convince them to resolve it for over a month. Sadly, this Facebook bug still hasn't been fixed. Perhaps if more people submit that they can't go past page 100 on fan listing pages at this bug report page:

http://www.facebook.com/help/contact.php?show_form=pages_bug

we might convince Facebook to fix it sooner. We didn't see this before the contest started because we had less than 10,000 fans at that time.

We're very sorry that this delay has occurred, and we have tried our best to avoid disappointing our users. We hope that with your continued support, we can more quickly win over Facebook and send our lucky winners their treats!

The LastPass Team

A User's Guide to Setting Up LastPass on Your USB Thumb Drive

2011-01-11T09:23:00.036-05:00

Many of our users have asked how they should access LastPass when away from their home computer, and how to stay safe on the road when using riskier public terminals at libraries or Internet cafes. Here are some tips, tricks, and general overviews on how to get LastPass set up on your USB drive so you can take your favorite password manager everywhere.

Install a Portable Browser

LastPass Portable is an ideal way to access your LastPass account while on the go. After installing a portable browser, which is essentially a fully-featured browser formatted for a thumb drive, you can install the LastPass plugin to give you the same password management experience you're accustomed to on your desktop or laptop.

With Portable Firefox and Chrome versions for Windows, Mac, and Linux, LastPass Portable gives you the ability to browse with LastPass on nearly every operating system. Firefox Portable and Chrome Portable for Windows and Linux can be downloaded from PortableApps.com, while other sites offer downloads for Mac. Once the portable browser has been installed on your computer, you can launch it and navigate to the LastPass download page, where you can locate the corresponding LastPass Portable app.

You can then install the LastPass addon as you would in any of your desktop browsers. Once installed, you can drag and drop the portable browser file onto your USB thumb drive and launch it from there when on a new computer.

Another plus side of using the portable browser is that you won't be leaving behind any record of accessing your LastPass account - no browsing history, cookies, or other locally-stored files to be concerned about.

Now you can literally browse on the go with LastPass!

Hook into the Desktop Browser

If you commonly use Windows with LastPass, another option you may consider is IE Anywhere, which allows you to hook into Internet Explorer from the USB thumb drive. It's essentially a standalone plugin that, when launched with IE, displays a little icon in the browser window and allows you the same functionality as the desktop plugin.

For users who aren't able to download plugins to their computer - common in the workplace - IE Anywhere lets you access and use your LastPass account, with the added benefit of leaving no files behind. IE Anywhere also gives you the ability to run LastPass on unsupported browsers like IE Tab in Firefox, Sliepnir, and Maxthon.

After downloading IE Anywhere, the file can be dragged and dropped to the USB thumb drive. When you plug your thumb drive into your computer's USB port and double-click to launch the file, the LastPass icon will appear in your system taskbar.

Clicking on the icon allows you to login, and from there you can launch IE to access all regular features of the LastPass addon.

When you're done browsing, simply click the taskbar icon, select "Logoff", and eject your USB drive. No data left on the computer, no files created, nothing in the registry, and no plugin left behind!

Carry a Backup of Your Vault

If you simply want a backup of your LastPass data or basic access to your usernames and passwords, LastPass Pocket is a stand-alone application providing storage capability and offline access of your LastPass vault. Pocket is intended to be used when you don't have an Internet connection, which is why we recommend LastPass Portable and IE Anywhere for a richer browser experience.

Pocket can be installed from the download page for Windows, Mac, or Linux and then dragged and dropped onto your USB drive. You can double-click the file to launch it from the USB drive, prompting you to login to your account. After logging in, Pocket decrypts your data and displays all of your sites and Secure Notes in a searchable interface.

Pocket comes with limitations, though. Although you can copy/paste all login elements of your saved sites or Secure Notes, you can't edit or delete any data that has been synced to Pocket, which makes it less functional for maintaining your vault.

Double Up on Security

If you want to up the security of your LastPass account, consider using a second-factor authentication like Sesame, which can be run from your USB drive. Sesame protects your account by requiring the generation of One Time Passwords (OTPs) before you can complete login to your vault. The basic idea is that, even if someone were to grab your master password via keylogging or some other malware, they still won't have access to your LastPass data because they won't have the Sesame OTPs.

Sesame for Windows, Mac, and Linux can all be run from the same USB stick, so you'll never be locked out of an operating system where you need to access your data on the go. Sesame can be downloaded from the main download page, then dragged and dropped onto your thumb drive. You need to activate Sesame the first time it's launched. Once enabled, Sesame will create secure OTPs that are subsequently required to login to your account. You have the choice to copy the OTP to the clipboard or launch your browser of choice and pass the value automatically.

If you prefer to use Grid, another option is to save the CSV file of your Grid set on your USB thumb drive so you can easily login to your account while on public computers.

Get Up and Go!

With so many options for taking LastPass on the go (we didn't even cover the mobile apps), you can rest assured that you'll have secure access to your data from nearly anywhere. Head on over to the download page today to get started with any or all of the above features, and begin prepping your USB thumb drive for your next trip!

LastPass for Windows Phone 7 Has Arrived!

2010-12-29T09:21:00.003-05:00

LastPass is now available for download in the Windows Phone 7 marketplace!

Once installed, the app allows you to view your vault and search for your saved sites:

After logging in to your account, a small menu appears at the bottom of the screen, allowing you to select "launch mode", in which tapping a site launches it in the embedded browser, or "details mode", in which tapping a site allows you to view the data saved in the site entry.

There are some known limitations with the app; autofill will only work on sites that use javascript, an issue which we hope Microsoft will address. The app is also currently read-only, which means you can't add or change site data, although we will adjust this for future releases.

Thank you for your patience as we resolved issues and pushed forward through the approval process!

Windows Phone 7 Update

2010-12-14T23:16:00.004-05:00

We have had many users ask us when the Windows Phone 7 app will be available and our response for the last month or two has been 'any day now'.

Unfortunately, it is still not available today. As a team that prides itself on trying to be quick to deliver LastPass on the newest platforms and devices, we feel like we owe an explanation to all users who have been eagerly waiting.

As you might already know, Windows Phone 7 is nothing like the previous Windows Mobile devices. They changed everything, including the distribution model for apps. All installs must go through Microsoft (similar to Apple's control of iPhone apps) and all apps must be first approved. This is where the major holdup has been.

LastPass hasn't received much help during the submission process. Attempts to inquire about more details regarding app rejection were unhelpful. That makes fixing problems difficult when we are unable to reproduce on our test device. We were also told we would have to pay money to talk to an engineer about bugs we believe are their own.

But as long as we think we are making progress, we will continue to submit and push forward. Stay tuned!

LastPass Acquires Xmarks!

2010-12-02T07:49:00.004-05:00

In our efforts to bring you expanded, go-anywhere access to your data, we're excited to announce that LastPass has acquired Xmarks! It's a great opportunity that not only ensures the survival of the Xmarks add-on, but will also enhance our mission to provide the best data-syncing tools out there.

Xmarks, formerly known as Foxmarks, provides the world’s leading browser add-on for cross-browser bookmark sync that has successfully grown to over 4.5 million users syncing more than 1 billion bookmarks across 5 million computers. Xmarks has become an integral part of the browsing experience for millions of users, and you can rest assured that we will continue to expand the service in the coming months.

Xmarks is transitioning to a "freemium" business model, the same model that allowed us to grow into a thriving, profitable business. The browser add-on and the vast majority of what users have enjoyed will remain free. Users can then opt to purchase Xmarks Premium for $12 per year, which includes new enhanced features like Android and iPhone mobile phone apps, priority support, and more. The Xmarks and LastPass Premium offerings are also available bundled together at a reduced subscription rate of $20 per year. For current LastPass Premium users, this means you can upgrade today for only $8 more per year.

We believe the acquisition will prove to be a success because of the common mission shared by LastPass and Xmarks. Xmarks complements LastPass' vision of secure, universal access to the information that gives you entry to your digital life. As the ultimate cross-browser, cross-platform team, Xmarks and LastPass will work together to help more people simplify their digital lives and access their data from anywhere, at any time.

We're excited to welcome Xmarks to the LastPass family, and hope you will support both of these great services through your business and your Premium subscription. For more information, please check out the FAQs.

The LastPass & Xmarks Teams

LastPass for Opera 11 is here!

2010-11-24T11:43:00.006-05:00

Now that extension support has been added with Opera 11, we're excited to announce that we have a plugin for Opera!

Given that Opera 11 is still in Beta there may be a few kinks for them to work out, but the plugin has the same functionality as the other browser add-ons. Now you can easily access all of your favorite sites and other stored data!

You can head on over to the Opera extensions gallery to download: https://addons.labs.opera.com/addons/extensions/details/lastpass/

Tip: Be Prepared for Travel Mishaps with LastPass!

2010-11-19T10:37:00.019-05:00

There are few worse traveling experiences than losing your wallet, with the accompanying process of canceling cards and replacing personal IDs. So before you head out of town this holiday season, make sure that you're prepared for the worst by creating Secure Notes in LastPass.

Add Secure Notes for the credit cards, debit cards, driver's license, and other important documents, such as your medical card, that you'll be taking on your trip. Use the templates to document customer service phone numbers, security codes, account numbers, and other necessary information. If you lose a card, or your whole wallet, you'll not only have a record of the missing item(s), you can efficiently report and replace everything. You can securely log into your LastPass account on the hotel's computer, a friend's laptop, or your cell phone to safely and quickly access the data you need. LastPass will be there to help get you through and let you enjoy the rest of your trip.

Have a LastPass tip of your own? Share your thoughts, or send us your experiences at support@lastpass.com.

Computerworld Reviews LastPass

2010-10-18T10:30:00.000-04:00

Robert L. Mitchell, a National Correspondent for Computerworld recently compared 4 password managers pitting LastPass against RoboForm, 1Password, and Clipperz.

The article provides in-depth commentary on how the latest breed of password managers are providing users access to their data anywhere and at anytime. It highlights availability, security, and usability as being critical factors to consider when deciding on which password manager to use.

From the article:
I consider LastPass to be the overall winner. Security products should be easy to set up and use, and as unobtrusive as possible, or people just won't use them. LastPass does well on all counts while working on Windows, Mac, Linux and most smartphone platforms.

It was the only product to automatically populate and submit my credentials to a Web site as soon as I surfed to a Web site -- no button-clicking required. It has a few nice features, such as an analysis of your existing passwords for weaknesses and an option to automatically delete passwords stored insecurely by your browsers. It can store a local copy of your data on all mobile and personal computing platforms, and it offers the added protection of two-factor authentication.

You can read the complete article here: 4 password managers offer security anytime, anywhere

As a follow-up to the article, Robert L. Mitchel wrote a detailed blog post recommending the use of LastPass' two-factor authentication products.

From the post:
Of the four password management programs I reviewed this week, LastPass was the only one to support two-factor authentication...

Two-factor authentication can provide an extra layer of security for laptops that travel with you on the road or if you plan to access your password database from unsecured machines, which could contain malware...

You can read the complete post here: Protect your passwords with two-factor authentication

LastPass How-To: Replacing a Site's Old Password with a LastPass Auto-generated One

2010-10-06T09:36:00.019-04:00

So you've run the LastPass Security Challenge and now you know which of your passwords are "weak". You also know that replacing your old passwords with ones that you've auto-generated with LastPass will help you better protect your accounts.

Wondering what the next steps are?

LastPass tries to make it as painless as possible to replace old passwords. We’ll use a demo Gmail account to show you how to update the password for a site that you've already stored in your LastPass Vault with a new, randomly generated password.

Open the Site's Personal Settings

To begin, login to the target site and access the account settings or preferences page where you can change your password. In the case of a Gmail account, we have to go to the 'Personal Settings' section:

When you launch the ‘change password’ page, you will usually be asked to enter your old password and then a new password twice.

Fill Your Current Password

When you focus on the ‘Old password’ field by clicking on it, LastPass will prompt you with a notification bar. Select 'Fill Current' to fill in the current password you have stored for the site:

Generate a New Password

After clicking ‘Fill Current’ and autofilling your old password, you can then click ‘Generate’ from the same notification bar to create a random, unique password.

LastPass will pop a dialog box, where you can even click "Show Advanced Options" to specify the number and types of characters the new password should include:

Click ‘Accept’ to store the newly generated password in your LastPass Vault.

Autofill the New Password Fields

By clicking "Accept", LastPass also autofills the ‘New password’ and ‘Confirm new password’ fields with your newly generated password:

Save Your Password Update

Now click ‘Save’ on the website to submit the changes to your account. After clicking ‘Save’, LastPass will prompt you to either ‘Confirm’ that change or ‘Save New Site’:

By clicking on ‘Confirm’, you will tell LastPass to swap the new, generated password for the old one stored for the site. ‘Save New Site’ creates an entirely new entry for the site with your previous username and the new, generated password, while leaving the old site entry, with your username and previous password, intact.

If you choose not to 'Confirm' or 'Save New Site', the generated password will have its own entry in your Vault and you can manually replace the old password in your site entry.

The next time you login to your site, LastPass will autofill with the new, generated password. Now you really have no excuses to up the strength of your stored sites!

Have more how-to article requests? Send us a note at support@lastpass.com with your idea, and we may just cover it!

We've Released Version 1.70 - Check Out What's New!

2010-09-29T12:28:00.036-04:00

We've just released a new version (1.70.0), and we're excited to announce the addition of several new features:

Secure Note Templates

LastPass Secure Notes has been radically improved to help you store and easily organize all of your confidential information. Templates for Bank Accounts, Credit Cards, Passports, Software Licenses, and many more have been added. Check out our latest screencast to see it in action:

Form Fill Support for More Languages (Beta)

We've added the ability to use our Form Fill feature with Spanish, Japanese, French, German, Italian and Portuguese. It's still in beta which means we're continuing to make it more robust, but we hope it will enhance the browsing experience for our users.

Camino Browser Support on Mac (Beta)

Although still in beta, Mac enthusiasts who use the Camino Browser can now have access to their vault! You can install it via the Safari link on our download page.

Extension for Dolphin Browser HD on Android

This one's a bit of old news already, but Premium LastPass-ers can now use the extension on the Dolphin Browser on their Droid!

Internet Explorer 9 Support

If you have already upgraded to the latest version of IE, or are planning to upgrade soon, LastPass now fully supports Microsoft's latest browser version.

Firefox 4 Support on All Platforms

If you're a technophile and love running the latest and greatest beta builds, you'll be happy to hear that LastPass now fully supports Firefox 4.

Track Sharee Changes (Beta)

Using LastPass to share sites and secure notes with friends, family, and coworkers just got easier. If you're a Premium user, you can now use our new beta Share feature to track, view, and accept changes made by sharees.

YubiKey Dvorak Keyboard Support

Use your YubiKey with LastPass Premium without having to switch back and forth between QWERTY and Dvorak keyboard layouts.

Generate Secure Password on iPad

In our efforts to continue improving our tabbed browser on the iPad, we've added the Generate Secure Password feature! The latest update is still pending approval by Apple, but we're hoping it will appear in the iTunes store within the next week or so.

Other Fixes, Improvements, and Features

We add dozens of fixes, improvements, and minor features on a daily basis. If you've emailed us in the recent past about an issue, be sure to upgrade as it's very likely we've fixed it! You can also view further changes in our release notes.

LastPass Adds Support for Dolphin HD on Android

2010-09-24T14:56:00.014-04:00

LastPass has just added support for the Dolphin HD mobile browser, available on Android 2.0+. The Dolphin browser is currently the most popular browser on the Android market, and now you can enjoy browsing with multitouch zoom, tabs, and now, your LastPass vault, wherever you go.

To start using LastPass with the Dolphin HD browser, first install the browser from the Android market. After you have the browser installed and running, you can search for the LastPass extension from the Android market, select LastPass for Dolphin, and download and install automatically. Once you've installed LastPass, click on the LP icon and you will be prompted to sign in with your username and Master Password. Once you're logged in, you can fill forms and enjoy the convenience of having your passwords securely autofilled as you browse on the move.

LastPass for Dolphin HD is available today for all Premium customers. If you'd like to know more about LastPass Premium, we have a comprehensive features list on our website.

Another Glowing Review for LastPass

2010-08-23T15:55:00.005-04:00

LastPass was recently the topic of discussion on WHTC's Computer Talk, as part of an episode focusing on passwords and computer security. For anyone who listened to Steve Gibson's overview of LastPass, the content and message of this show will be familiar; the hosts generally agree that LastPass is the best valued password manager currently on the market. Where this clip differs is that the CEO of LastPass, Joe Siegrist, is interviewed live and answers several common questions regarding our software and philosophy. Definitely worth a listen!

LastPass Interview

LastPass Gets the Green Light from Security Now!'s Steve Gibson

2010-07-21T12:38:00.003-04:00

From the beginning we’ve touted LastPass as ‘secure password and data management.’ We’ve insisted that only you have access to your LastPass data, since only you hold the key that can decrypt your data. We’ve upheld that we employ localized, government-level encryption (256-bit AES implemented in C++ and JavaScript) with one-way salted hashes to give you complete security as you sync your passwords through the cloud.

But – what does that mean?

Well, it means that we developed the LastPass password manager so that the following three points hold true:

1. All encryption and decryption happens on your computer.

When you create your LastPass account, an encryption key is created on your computer (your Master Password, or MP, and email go through a complex, irreversible process known as hashing to form your encryption key). Any sensitive data you then save to your account is ‘locked up’ by the encryption key while still on your computer, then sent in encrypted form to LastPass’ server.

2. The sensitive data that is harbored on our servers is always encrypted before it’s sent to us, so all we receive is gibberish.

Since the encryption key is locally created each time you submit your MP and email, all that we store and have access to on our servers is your encrypted data. Without your unique encryption key, your sensitive data is meaningless gibberish. Even if someone were to mandate that we provide a copy of our database, the data would still be unreadable without your encryption key.

3. We never receive the key to decrypt that data.

The unique encryption key formed from the hashing of your email and MP is never sent to our servers. We never, for any reason, would ask you for your MP, so the key remains safely with you.

Not satisfied?

Well, don’t just take our word for it: industry expert Steve Gibson recently reviewed us on his Security Now! podcast. After an hour-long, in-depth analysis of what LastPass is, how it works, and what it can do, Steve applauded our security measures and gave us his seal of approval.

"This thing is secure every way you can imagine. And it's simple," Steve says at one point. "I've completely switched my entire solution for managing passwords, after spending days researching it and testing it and playing with it, over to LastPass."

He goes on to declare that we've "really nailed it. I mean, I don't see a single problem with this."

Thanks Steve! We've tried to cover every security angle we can think of - and we continue to add improvements based on user feedback.

There's also a follow-up episode where a few questions from listeners regarding LastPass are addressed in detail.

We’ve embedded the video below so you can listen to the discussion of LastPass, starting around the 50th minute.

LastPass IE Anywhere Is Here!

2010-06-26T22:45:00.009-04:00

We've just released our latest LastPass Premium offering: IE Anywhere!

The IE Anywhere application lets you automatically login to saved sites and fill forms anywhere, at anytime, without having to install a browser plugin. It's free for all LastPass Premium users and is available for immediate download from the LastPass website!

Once copied to a USB drive, IE Anywhere allows you to use LastPass on the go or with your favourite Internet Explorer-based browser . It provides all of the dependable features of LastPass you rely on but without requiring that you install any software onto your computer.

After downloading IE Anywhere to a USB drive, you'll be able to:

	Use LastPass with Internet Explorer on any computer without installing any software whatsoever.
	Access your LastPass account even on computers you are not allowed to install sofware on (e.g. while at work or at Internet cafes).
	Use LastPass with IE Tab in Firefox, Sleipnir, Maxthon, and other browsers based on IE.

	Access and manage your sensitive LastPass account data without leaving a trail behind - no files are created and nothing is stored in the Windows registry.

More information about LastPass IE Anywhere is available at the LastPass IE Anywhere Manual.

If you're already a Premium user, you can download the app directly from the LastPass IE Anywhere Download

Native Extension for Safari 5 Released

2010-06-23T14:48:00.014-04:00

Some early coverage already leaked to Lifehacker and Download Squad, but now we can officially announce it - we've added a native extension for Safari 5 on Windows and Mac!

Once installed, LastPass appears as a small, grayed-out icon in your toolbar:

Clicking on the icon allows you to login as normal, and from there you can access all regular features of the plugin. Any time you need to access a LastPass feature, simply click on the icon and navigate through the dropdown toolbar:

In order to install LastPass for Safari 5 on Mac or Windows you'll have to enable extensions. If you haven't done so already, follow these steps:

From the Gear Icon on your Safari menu bar, select Preferences:

Click the Advanced tab and check 'Show Develop menu in menu bar':

Close Preferences. Now that the Develop menu is shown in your menu bar, click on it and select 'Enable Extensions':

If you re-open Preferences, the Extension tab is now visible, and you can now manage your Safari extensions!

New Release for LastPass Tabbed Browser for iPad

2010-06-22T14:45:00.005-04:00

Version 1.68.6 of our tabbed browser for Apple's iPad was released to the iTunes Store yesterday!

New features include:

Better progress notifications -- now has a bar indicating approximate page loading state
Autologout of LastPass on close
Prevent caching
User Agent override support -- you can get the desktop or the mobile version of sites.
Optional Image Blocking for faster loading
[Toggle] showing/hiding passwords when editing from vault to make it easier to copy

Resolved issues include:

Fixed potential crash in Save All
Potential multiple tabs opening for a single link
Performance improvements
Thank you for all of the feedback, we continue to make improvements and add features that will increase functionality.

We know many of you would love to use Safari - we would if we could, but it's still not possible right now. We do provide Bookmarklets for Safari which is the maximum functionality currently possible in the native browser. Thanks for your support in working around these limitations!

LastPass for Safari 5 on Mac OS X

2010-06-09T12:17:00.004-04:00

LastPass 1.68.4 has been released for Safari 5 on Mac OS X. If you haven’t upgraded to Safari 5 yet, you should be prompted to do so. If you’re already on Safari 5, you will need to redownload in Safari and run the installer package.

We're currently hard at work on a native extension using Safari 5's new extension support through the Safari Developer Program.

Using Safari 5 on Windows? For the moment, installing bookmarklets is the best option until we have cross-platform support.

Stay tuned – we’ll update the blog with more information when we get closer to a release of the new plugin!

You Asked For It: iPad Sneak Peeks!

2010-05-12T15:52:00.004-04:00

Here's a few screenshots from our upcoming iPad application:

You'll notice at first glance that it looks like a browser - and that's because it is! LastPass for iPad is a fully featured, tabbed browser supporting all the rendering modes and plugins that mobile Safari does, with the addition of full LastPass integration. Accessing your secure notes, automatically filling forms, adding new sites, and most major features of the desktop version are supported, with more features on the way after our first release. We've also listened to your concerns and revamped the UI for this version. LastPass iPad will hopefully be submitted and approved for the App store in the next couple weeks.

Stumped on a Mother’s Day Gift? Give the Free Gift of an Easier Online Experience!

2010-05-06T15:42:00.013-04:00

If your Mom is still using yellow Post-its to keep track of her login information, or even worse, using the same password for everything, show her that there’s an easier way. Helping your Mom to get started with LastPass will be the gift that keeps giving: simplify her life and save her time every day while making her more secure online and off.

Your Mom may think that she doesn’t have that many accounts, but trust us, she does. You can help her setup and store her email, bank, car insurance, home insurance, mortgage, Netflix, credit card, AAA, Amazon, airline memberships, PayPal, Ebay…the list gets longer every year. Not to mention you can help her securely save notes on pins, account numbers, and access codes for everything from bike locks to a Barnes&Noble membership.

How can LastPass help to make Mom’s online experience easier and safer?

Never lose another password. By saving all of her login information to her LastPass Vault, she will only have one Master Password to remember.
Stop typing in passwords. Edit her LastPass settings so that she is logged in automatically whenever she visits a saved URL.
Streamline online shopping. Does Mom shop online frequently? LastPass allows her to autofill registration, billing and shipping forms with one click.
Keep sensitive data secure. She would be the only one with access to her LastPass password, and only she can unlock her data.
Separate work and home. Create an Identity for work and home and then assign sites, form fill profiles, and secure notes to one or the other.

Does your Mom prefer to browse and shop on her phone?

By upgrading to LastPass Premium for $1 a month, Mom can access her LastPass vault from her cell phone. So no matter where she is, she can view, add, edit, and delete her sites using all of the same great features.

Show Mom you love her by making her life a little easier and keeping her safe online.

Create a new LastPass account for your Mom, learn about the benefits of upgrading her to LastPass Premium, and then purchase her a premium account today!

[Photo credit: ErinM]

New Release Available!

2010-04-29T09:50:00.002-04:00

Earlier this week, the LastPass team released version 1.68.0 that introduced a number of new features, performance improvements, and numerous bug fixes. Here are a few of the highlights:

-A local vault page for Chrome/Safari. This provides much faster access than the online vault since your data is already local and decrypted. This can be accessed by using the 'My LastPass Vault' menu item.

-URL Rules for limiting logins to specific subdomains, paths. This has been requested by many people, and we listened. Your rules can be configured here.

-In addition to the local vault, Chrome and Safari received many features that brings their functionality more closely inline with Firefox and IE (such as notification bars for form fill/generate password, replace site functionality, etc).

-We also tried to make it easier for our volunteer translators to access the tool and begin to help. As we said many times, we greatly appreciate their help.

A complete list of new features can be found here.

RSA, Google IO, and other updates

2010-02-26T17:14:00.003-05:00

We'll be roaming the expo at the RSA conference http://www.rsaconference.com/2010/usa/ Scott will be there for the week, and Joe will be there Tuesday and Wednesday (March 2nd and 3rd). If you're out there and would like to meet, please send us an email: sales@lastpass.com

We'll be demoing at Google's IO event, May 19th-20th in the developer sandbox: http://code.google.com/events/io/2010/sandbox.html If you're planning on attending stop by and introduce yourself.

Our enterprise effort is developing nicely, one of the most exciting features is creating a 'Role' that contains all the sites you want a particular user, or set of users to have, and the capability to share those sites with your users in a completely seamless, yet secure manner. Here's an initial video of the capability:

If add and delete sites in the roles those changes are reflected automatically, we're still finalizing synchronization of changes back to the admin, but it's coming soon. If you want to see if LastPass can solve your enterprise password challenges please contact us: https://lastpass.com/enterprise_contactus.php

Are you at risk from the Twitter phishing scam?

2010-02-02T10:12:00.000-05:00

TechCrunch reported today that Twitter has locked many users out of their accounts this morning requiring them to reset their password due to concerns of a possible phishing attack: VIEW TECHCRUNCH ARTICLE

The real panic for users isn't so much that their Twitter accounts might have been compromised, but rather that they might have used the identical password with other websites.

If you used LastPass to automatically login to Twitter you are immune from the above mentioned phishing attack since LastPass will only auto-fill and auto-login to sites with a matching domain name. LastPass knows never to send your confidential information to any rogue site that is trying to impersonate twitter.com.

Phishing attacks on popular email and social networking sites seems to be dramatically increasing with no end in site. LastPass users should go one step further in protecting themselves against the next large scale phishing attack: take the LastPass Security Challenge to see what other sites might be at risk from duplicate passwords and then use LastPass to generate secure random passwords to protect your online identity.

The LastPass Security Challenge and 1.64.4 released

2010-01-06T16:47:00.004-05:00

Make one of your New Years resolutions greater security; take the LastPass security challenge:

https://lastpass.com/?securitychallenge=1

As you may already know there has been another high profile release of millions of plain text passwords, in this case RockYou had 32 million users passwords in plain text, downloaded with a simple SQL Injection attack.

It's clear millions of plain text passwords are going to keep being taken. If RockYou hadn't been publicly exposed they may not have even known! SQL Injection attacks often don't leave a lot of traces of what occurred.

With every password you use an employee at the site or hacker could obtain it if the site doesn't use a non-reversible hash to store your password. If they don't properly salt the hash you could still be quite vulnerable despite the site operators believing they implemented things the right way (see: http://en.wikipedia.org/wiki/Rainbow_table ). If you use the same passwords on multiple domains you're opening yourself up to your password being taken at one site and used at another.

The security challenge will download and decrypt your data (locally as always), then compare it to a number of known poor passwords, and show you which domains you use the same password on. It'll help you protect yourself from these attacks in the future. LastPass will give you a score so you know how well you're doing and keeps track of your score history so you can track your improvement.

We'd recommend using Firefox or IE to update your sites, as the 'Fill Current Password' + 'Generate' notification bar hasn't been added to Chrome or Safari yet.

1.64.4 adds the security challenge to the menus (under Tools), and includes some long requested features: IE can run in 'tool button' mode, IE and Firefox share login state, better updating process in IE better menus in Chrome and more.

If your IE asks you to download more than once, please reinstall via: https://lastpass.com/lastpass.exe

New LastPass website and LastPass version 1.62.0 released

2009-12-02T14:56:00.003-05:00

As you've hopefully noticed LastPass has revamped its website, but this wasn't just a cosmetic improvement, we've revamped our help section, our FAQs and downloads page to make them more intuitive and easier to find information. It also gives us a chance to feature the awards and great comments we keep receiving.

LastPass version 1.62.0 has also been released, we've focused on improving Chrome and Safari support mostly, and making using a multi-factor device easier by allowing you to remember the computer you're on to avoid being prompted for it going forward. This makes it easier to do things like require multi-factor on your laptop, but make things quicker and easier on your desktop. Remember computer support works with LastPass Sesame, Yubikey and our newest feature: LastPass Grid.

LastPass Grid is a free multi-factor authentication solution available to any user -- no hardware required, no premium LastPass membership required. LastPass Grid video

Using LastPass Grid is easy, print it off, fold it in half and put it in your wallet. Used with the remember this computer feature you might only need to enter Grid coordinates a few times, but you can rest easy knowing that even if someone determined your LastPass master password, they'd still also need to have your Grid to get in. This is a big road block for anyone attempting to access your account, and really enhances the security of LastPass.

You may want to login to your mobile devices before enabling Grid (or any multi factor) so you can take advantage of restricting mobile access too.

LastPass encourages everyone to take advantage of multi-factor authentication. With our new remembered computer support and now with LastPass Grid we're removing a lot of hassles out of using multi-factor.

LastPass Featured by PC World

2009-11-24T05:10:00.000-05:00

Technology and Security Journalist Erik Larkin recently featured LastPass in his article for PC World.

He highlighted the recent large-scale password stealing headlines pointing out that average users are highly vulnerable and effused that everyone should take steps to protect themselves.

From the article:

LastPass fills in your username and password for verified sites that match a real URL; phishing scams that use similar but fake Web addresses won't deceive it. And because you don't type your password, keylogger malware can't capture your keystrokes and nab your password.

The full article can be found here:
Keep Your Passwords Private--and Handy--With LastPass

LastPass for iPhone 1.60 on the app store

2009-11-12T10:27:00.002-05:00

LastPass 1.60 is on the iPhone app store It is for premium LastPass customers only.

It's much better looking now if we do say so ourselves including FavIcons for all your sites.

It makes it easier to copy & paste data out of form fill profiles and provides options such as the much asked for capability to disable the app icon badge which indicates you're logged in. There's a number of stability fixes too.

We're still looking to expand its capability and have a few new features in the works (easier transitioning from iPhone Safari -> LastPass and some additional security options). We're looking at bookmarks, but if there's other features you're interested in please let us know!

LastPass 1.60.0 released, x64 for IE

2009-10-29T23:59:00.004-04:00

This is the first build that includes includes support for the x64 version of Internet Explorer. If you're using a 64-bit windows it's available on https://lastpass.com/download.php and will allow both the 32 bit (default IE) and 64-bit IE to work.

We've started work on Fennec, Mozilla's new mobile browser -- looks like it could become a powerful addon since it has full support for addons built-in.

The Google Chrome addon is improving and is now up near the URL bar at the top right in a style that's closer to the default compact toolbar on Firefox. We're testing some new UI concepts here like displaying a colored icon that spins to indicate a possible action, we'd like to hear if you like it better (or not). The extension bar is disappearing from Chrome so it was a good time to try this. Also it looks like Linux Chrome is being worked on so hopefully OS X chrome won't be too far behind.

Safari and Chrome support for Sesame and Yubikey have been added. We're also planning a free multi-factor solution (paper based) as we want everyone to be able to use multi-factor authentication even if you can't spare $1/month.

We've added a number of new password managers that LastPass can import from include Clipperz, PINs and SplashID (on top of the dozen we already support, including Google Chrome import from the installer which was just added). As always if you can get a non-binary export for your legacy password manager, send us the format and we'll build an importer.

Release notes: https://lastpass.com/upgrade.php

The PC World 100: Best Products of 2009

2009-10-27T16:21:00.002-04:00

We are proud to announce that LastPass was selected as #46 in PC World's list of best products of 2009 yesterday.

LastPass is in good company - the iPhone 3GS, Windows 7, facebook, intel's new processor, and twitter just to name a few.

We definitely appreciate the acknowledgement of our hard work and will continue to push and innovate and look forward to being on 2010's list.

The full article can be found here.

LastPass.com Featured on FOX News

2009-10-07T19:24:00.005-04:00

Lance Ulanoff, Editor in Chief and Senior Vice President of Content for the PCMag Digital Network, recommended LastPass.com earlier today when appearing on "The FOX Report With Shepard Smith".

When speaking about the importance of creating strong passwords, Ulanoff stressed:

If you don't create strong passwords, you are a sitting duck.

and went on to say:

[LastPass] is so so easy. I use it all the time because I can't remember any of my passwords.

To view the complete video interview, click HERE.

Disturbing Password News

2009-10-07T10:27:00.003-04:00

Over the last week there have been many reports of how tens of thousands of email addresses from MSN, Yahoo, AOL, Google, Comcast and Earthlink have been compromised in what is believed to be a large scale phishing operation.

Today, an analysis of the leaked passwords was released and published by Wired:

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

This is extremely disturbing, but what is equally disturbing are results about password-reuse recently published by Tim Nash, an Information Architect:

A scary 92% of people use the same password across all websites including their email accounts.

What most people don't realize is that if you lose control over your email account, then you've effectively lost control over ALL of your accounts. Once your email account has been compromised, a hacker can easily use the 'password reset' feature for all of your other accounts
to gain exclusive access to them. If you use the same password across multiple sites, then all of them are only as secure as the least secure site: an attacker simply has to break the weakest link in the chain.

Here are some tips to help protect yourself in the future:

Use a password manager like LastPass to generate complex-secure-random-unique passwords for all of your accounts
Never click on links within emails to open websites - always manually type the URL in the browser search bar or find it using a Search Engine
Avoid using untrusted computers or networks to access your critical accounts
Change the password to your critical accounts routinely

If you use LastPass as your password manager, consider increasing security
by using LastPass One Time Passwords. LastPass Premium members can also use a YubiKey, and/or LastPass Sesame to gain the benefits of multifactor authentication.

LastPass for Google Chrome Alpha

2009-10-02T17:26:00.002-04:00

LastPass for Google Chrome Alpha has begun, we've had a good review despite it's very early status: http://www.downloadsquad.com/2009/09/30/lastpass-extension-for-google-chrome-now-available-and-it-rocks/

3 steps to install:

Chrome's extension support is only available in their dev builds, so you must first install the dev channel of Chrome.

Then, to install LastPass, point Chrome to: https://lastpass.com/lpchrome.crx

Finally, it is recommended that you disable the built-in password manager by clicking on the Options (under the customize and control 'wrench' button). Then choose the 'Personal Stuff' tab and select 'Never save passwords' and 'Never save text from forms'.

Chrome's extension support is progressing at varying speeds for different platforms, so it is possible that Mac and Linux users might have reduced functionality compared with Windows users.

We've also added support to our Windows installer to import your Google Chrome passwords into LastPass, if you have passwords stored there you'll want to use it to get them imported: https://lastpass.com/lastpass.exe (import only, you must install with the instructions above).

If have problems installing ensure your Chrome version is greater than or equal to 4.0.220.1

New and improved mobile applications

2009-09-23T12:08:00.003-04:00

We've been hard at work bringing our mobile applications up to speed, and we're excited to announce a plethora of new features released this week.

Our BlackBerry, Windows Mobile, Google Android, and Symbian S60 mobile applications now have full support for viewing your form fill profiles. Now you can rest assured that your credit card, bank account, and any other important information you have stored in your form fill profiles are always at your fingertips. These same mobile applications now also have support for switching identities, so you can define which sites, secure notes, and form fill profiles you want to see at any given time.

Our Windows Mobile and Android mobile applications now have full form filling support built into our integrated web browser, as well as support for generating passwords. They will also now respect your equivalent domains and never URLs. All these features will soon be coming to BlackBerries capable of running the upcoming BlackBerry OS 5.0 (expected before the end of 2009).

We realize that LastPass for iPhone, by far our most popular mobile application, isn't mentioned in this posting. Please understand that while all the above features have been completed for LastPass for iPhone, we've thus far found it very difficult to get updates approved by Apple and pushed out to the iPhone App Store (just as it was very difficult to get our application in the store in the first place). Rest assured that we're committed to keeping LastPass for iPhone up to speed with the rest of our mobile apps, but that Apple ultimately has the control.

Safari extension updated, full 64-bit Snow Leopard support

2009-09-16T16:55:00.002-04:00

The LastPass Safari extension has been updated with full 64-bit (and 32-bit) Snow Leopard support. It also fixes a number of issues and improves the installer process to restart Safari for you.

To download go to: https://lastpass.com/lpsafari.pkg

In other news, we've been waiting nearly 8 weeks for Apple to get on with the business of approving our iPhone update with a minor amount of back and forth in that time. We feel terrible that a semi-broken version of LastPass for iPhone is out there and that we have no way to getting it fixed for our customers. Our apologies, our hands are really tied because Apple also limits us to 100 beta testers for the entire year.

Google Chrome extension is really starting to take shape, our first alpha release is measured in single digit days at this point...

LastPass for Safari OS X 10.5+ beta released

2009-09-02T20:40:00.006-04:00

LastPass for Safari is now available, it has the ability to import your saved passwords from Safari built in and importing 1Password entries is easy too (LastPass Icon -> Tools -> Import) . The combination of a compiled LastPass addon plus Safari's speed means that Safari 4 + LastPass is also the fastest combination on OS X!

To get it simply fire up Safari and go to https://lastpass.com/ and hit 'Get LastPass'; if you're new to LastPass you'll also need to create an account. You'll then need to fully restart your browser (Safari Menu Item -> Quit).

We've worked hard to try to add all the features available on our other platforms, and we're largely there. There are also a few unique to LastPass Safari features like if you customize the toolbar you'll see 2 other possible buttons: Fill and Submit and Form Fill for easier access to those capabilities. We still have a few notification preferences to add, and potentially a local vault and multi-factor authentication is currently disabled.

It does work with Snow Leopard (OS X 10.6) but you must set Safari to run in 32 bit mode (Go to Finder -> Applications -> Right click on Safari and hit 'Get More Info' then set 32 bit).

LastPass for iPhone has benefited from this effort, and we're sending a new build to Apple's App Store queue tonight which has added Form Fill, Identity support, Offline network retries, local file writing, a password generator and more. Our commitment to OS X will also have us syncing your Keychain data soon too.

And before you ask, we've stared on Google Chrome and Palm Pre; they're next on the docket and will be completed soon.

Using a strong password more important than changing your password frequently

2009-08-26T13:42:00.004-04:00

Larry Magid, a technology journalist with CNET News, recently discussed a study published by the Chief Marketing Officers Council that highlighted the disconnect between people fears of security risks and what they do to protect themselves.

To protect against phishing and identity theft, security and antivirus companies highly recommend that users change their passwords on a monthly basis. Larry takes issue with this saying:

While a terrific idea, it's unrealistic to expect people to change their passwords monthly though, as I pointed out in a recent post, it is important for social networkers to have very strong passwords and consider using a password manager like LastPass.

The full article can be found here .

LastPass vs Roboform by the Associated Press

2009-08-13T08:43:00.004-04:00

Peter Svensson, a Technology Writer for the the Associated Press, recently compared LastPass directly against RoboForm with ease of use being one of the most important considerations.

Review: LastPass and Roboform take password management to the next level with online storage

Peter wisely discusses why the way most people store passwords is extremely insecure and espouses the benefits of password management applications. He covers how the new breed of password management applications are storing passwords encrypted online to allow universal access to your data.

From the article:

The [RoboForm] system is still cumbersome.
[...]
In providing an online storage option, Roboform is catching up to a new password management program, LastPass, that's designed from the ground up to store passwords online. Trying that, I found it slightly easier to use — at least, it didn't confront me with cryptic dialog boxes. It also has the virtue of being free, while Roboform costs $30.
[...]
Since LastPass is free and has the edge on browser and Mac compatibility, it should probably be your first pick.

What's a bigger problem than malware/Viruses? Poor Password Management

2009-08-09T00:47:00.002-04:00

Interesting post by Larry Walsh, which nicely frames the issues we saw when we created LastPass:

http://blogs.channelinsider.com/secure_channel/content/authentication_and_access_control/poor_password_management_eclipses_virus_problem.html

Passwords are a huge problem at every organization I've worked with, and are typically the weakest link in the security chain, no matter what the policy has been. The solution is a single password people actually care about making secure and associated multi-factor addons to increase security. The last password you'll have to remember.

LastPass still has a lot of work left in bringing to life our vision of allowing you to use a single password everywhere but we should be able to complete our first stage (web based integrations) and moved into our second phase (desktop applications, flash and Java, etc) in a couple months.

Easily login to your LastPass accounts from your iPhone? There's an app for that.

2009-08-01T08:54:00.003-04:00

LastPass for iPhone has made it to the App store. LastPass in the App Store. We're very excited about this because we love using it, and find it incredibly convenient to have all your sites and secure notes available for easy access on your iPhone. The App allows you to edit and add sites and secure notes and launch sites in a built-in browser where LastPass fills in your data automatically.

Help Page / Frequently asked question

We're going to continue adding functionality and improving usability so let us know what you think and how we can make it better.

Like our Android, BlackBerry and Windows Mobile applications, this application is a part of our LastPass Premium offering. You will be able to try LastPass for iPhone for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

We're also very close to releasing our first alpha version of LastPass for Safari (OS X) so stay tuned.

LastPass for Android BETA

2009-07-17T16:09:00.004-04:00

We are pleased to announce the beta release of LastPass for Android! LastPass for Android is an application that allows you to access and edit your LastPass data from a Google Android smartphone. It also features a built-in browser that will automatically fill your login information for each of your saved LastPass sites.

To install, simply open Android Market on your phone, and search for LastPass. Or if you're already browsing this on your phone, simply click here.

LastPass for Android is still in an early beta stage, and as such, we'd love to hear comments from our users on how we might be able to improve and extend it.

Like our BlackBerry and Windows Mobile applications, this application is a part of our LastPass Premium offering. You will be able to try LastPass for Android for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

Password Fatigue and LastPass

2009-07-13T09:41:00.003-04:00

John Kelly of the Washington Post had an amusing article today about how much trouble it is to create a new password every 90 days:
So Many Passwords, So Little Time

Hopefully John will find LastPass and put these troubles behind him -- using LastPass' Password Generator he'd be able to specify that uppercase, lowercase, numbers and special characters are required; generate it with a click and never have to remember what it was. LastPass takes care of the rest.

The title actually speaks to the exact problem LastPass solves: one last password to remember and you can forget all the others.

Troubling stat of the day

2009-07-10T10:09:00.002-04:00

I saw a statistic today that really caught my eye. pcworld.com.nz ran an article that discussed the proliferation of botnets in the last 2 years. They reported:

About 38% of the credentials stolen by Torpig were obtained from the password manager of browsers

It is certainly not a surprise to us here at LastPass, we have learned first hand how easy it is to get to the passwords that were saved by Firefox and IE.

So use LastPass. And follow our advice to import all of your browser's passwords and delete them from your computer! It will make you safer.

New Release

2009-06-09T21:37:00.004-04:00

Some highlights of LastPass version 1.51.2:

-A new product called Sesame for our premium members that allows for multifactor authentication with your existing portable USB device
-Windows Mobile application now generally available as a trial for non-premium users
-Many general improvements to our core engine: improved autologin support, non-compact search shows drop down menu of sites, reduced the frequency the notification bar is shown for sites that have login forms on every page, more translations, etc.
-Support an optional way to store a disabled one-time-password on your PC in case your forget your password: this allows password recovery for those who want it without revealing your password to LastPass.

As always, a more complete list of the changes can be found here.

Are you a talented graphics designer?

2009-05-26T14:24:00.002-04:00

We're looking to do a refresh of our website and other areas within the LastPass.com product suite.

If you are a talented graphics designer with a knack for usability, and have some ideas on a new look and feel, please contact us at support@lastpass.com. When contacting us, please send us a link to a portfolio showcasing some of your past work.

Thanks,
LastPass

1.51 Released

2009-05-06T09:36:00.001-04:00

We have been working so hard on adding new functionality and products that we haven't updated our blog in a while. Let me bring you up to speed:

1.51 was recently released. Some of the highlights of the release are:
- LastPass can create a new form fill profile directly from the form you're filling online
- Can now more easily mix and match credit cards and profiles when form filling
- New option to prompt to login to LastPass on startup of browser
- Previous state of your vault (what groups are expanded/collapsed) is remembered
- Password Strength Meter added to generated password window, and online editing of accounts
- Include a 'Recently Used' category on Vault and in toolbar menu

For a full list of new features and some bug fixes, take a look at our Release Notes.

We have released a sneak peak of our iPhone application to our existing premium members. We will release it generally very soon.

We are also working on a Windows Mobile application and some other neat projects that should be available in the next few weeks. Stay tuned!

LastPass listed in ZDNet's "top 5 Windows tools for keeping your digital life in sync"

2009-04-07T13:16:00.003-04:00

Yesterday, Ed Bott from ZDNet, listed LastPass in his top 5 Windows tools that help keep peoples digital life in sync. A former RoboForm user, his review praises LastPass for "its superb web-based integration" and for doing things "better".

http://blogs.zdnet.com/Bott/?p=787

From the article:

Last year, when I put together a list of my 10 favorite Windows programs of all time, one of the superstars on that list was RoboForm. Since then, I’ve found a replacement that does everything RoboForm can do and more—and it’s completely free.

[...] LastPass will make you more secure online, period.

[...] I recommend it enthusiastically.

LastPass awarded PCMag.com's Editors Choice for Password Management

2009-03-21T10:49:00.002-04:00

Neil J. Rubenking from PCMag.com just published a comprehensive review of LastPass giving it 5 out of 5 stars.  His article pits LastPass against all existing password management offerings and awards LastPass with its "Editors Choice for Password Management".

 http://www.pcmag.com/article2/0,2817,2343562,00.asp

From the article:

LastPass's catchphrase is "The last password you'll ever need," and I think the app does a pretty good job of living up to that claim. It has just about every software feature offered by any other password manager, as well as some the others don't have. Its multiple mobility options ensure that you can use it anywhere. And it's free! I'm switching to LastPass, our new Editors' Choice for password management.

First Release Version of LastPass!

2009-03-20T16:42:00.003-04:00

The LastPass staff is proud to announce our first official release today! It has been almost 1 year to the day since we began to work on this product and we have come a long way. But rather than look back, we have our sights on the future. We have a lot of exciting products in our pipeline, some of which are nearing completion.

We have also released our premium offering this week. Among the added benefits of signing up are guaranteed support, a native blackberry application, and no ads. The entire list of features can be found here. It is only a $1 a month, which we will put towards our hosting costs and will be used to build new features.

LastPass for BlackBerry BETA, and LastPass Premium

2009-03-16T13:27:00.005-04:00

We are pleased to announce the beta release of LastPass for BlackBerry! LastPass for BlackBerry is an application that allows you to access and edit your LastPass data from a BlackBerry smartphone. It can also cache your data in an encrypted file that gets stored on your BlackBerry, so it's available when you have no network coverage as well.

To install, simply point your BlackBerry browser to https://lastpass.com/, and then select the large green "Get LastPass" icon. You can also browse directly to https://lastpass.com/LastPassBB.jad.

LastPass for BlackBerry is still in an early beta stage, and as such, we'd love to hear comments from our users on how we might be able to improve and extend it.

This application is the first in a new line of features we're calling LastPass Premium. You will be able to try LastPass for BlackBerry for free for 14 days, but you must become a LastPass Premium subscriber to continue using it after that.

Along with LastPass for BlackBerry, LastPass Premium also gives you an ad-free experience and priority phone and email support. It's available for only $1 per month! You can read more and subscribe to LastPass Premium at https://lastpass.com/premium.php.

We plan on augmenting our LastPass Premium feature set even more in the near future, with features including YubiKey support, an iPhone application, and Windows Application support. Stay posted for further details on these features.

New features in 1.45

2009-02-16T09:42:00.001-05:00

Notification Bar shown less - Changed the FormFill/Generate Password/'Log into LastPass' notifications so they are shown only when you click on the first input field rather than on page load. This is in response to some feedback that the notifications were being shown too often. You may revert back to showing on page load if you uncheck 'Show certain notifications only after click' in the Advanced tab in Preferences.

More Vault Improvements - There is now a right click menu available for sites and groups listed on the Vault. You can create subgroups, rename existing groups, move groups, etc. It is pretty powerful and should help you organize your sites more efficiently. This can also be combined with your ability to select multiple sites to perform right click actions on multiple sites at once (such as move, delete and share all).

More Security Options - You can automatically clear copied passwords from the clipboard after a predefined time period, logout automatically after browser has been closed for X minutes, and you have the option to delete your locally cached files.

And as with other recent releases, our volunteer translators have been hard at work to make this available in more languages. We have also fixed a number of bugs that have been submitted by you.

Monster.com Is hacked, Usernames and Password stolen!

2009-01-27T01:38:00.005-05:00

Monster.com has been hacked exposing usernames and passwords:

Monster Hacked

If you used LastPass and used a generated a password, just login to Monster.com and generate a new one.

If you're part of the majority of the population that uses the same password on every site, you should be worried. Some nefarious characters have your username and password to many of your sites. This is just another concrete example of why your current password management strategy of "none" or "tiered" is a bad idea. Unfortunately this isn't rare, it's the second time it's happened to Monster.com!

Protect yourself -- use a different password on every site with LastPass. Here's the basic instructions on how to use Generated Passwords with LastPass:

New features in 1.44

2009-01-25T10:40:00.002-05:00

Here are some of the new features in our most recent release:

Selective Form Fill - To selectively fill forms, simply use your mouse to highlight only the form fields you would like to fill (by clicking and holding the mouse button while you drag the mouse over the page). Then, use form fill as you normally would, and only the fields you selected will be filled in. This feature has been added to the plugins and also in the bookmarklets.

Drag & Drop on Vault - The local Vault page now handles dragging and dropping of your sites between groups. This should allow you to organize your sites quicker and easier.

Sharing improvements - If you log into your account on https://lastpass.com, you will now see a new 'Friends' tab. This allows you to see who you have shared sites with, what sites they were, and how many times they have been accessed. You also now have the ability to sharing multiple sites at a time and to share with multiple people.

In addition to these changes, some of our translations have been updated (thanks goes out to our volunteer translators). We have added numerous bug fixes and minor improvements (many of which were suggested by you).

Opera, Google Chrome, Safari, iPhone, Opera Mini and more with Bookmarklets

2009-01-19T10:20:00.009-05:00

[ UPDATE ] LastPass has since released a Google Chrome extension, an iPhone App, Windows Mobile, Blackberry Android, and Symbian mobile apps which you may want to look into instead or in addition to the bookmarklets.

----

LastPass has just released 3 bookmarklets to extend the LastPass experience to all the other browsers and mobile devices in your life.

We're very proud of implementing our complete Form Filling solution in a bookmarklet too -- Now if you want to buy something on your iPhone at an online store with your credit card you can do it in 10 seconds rather than 15 minutes (or not at all), it's amazing.

If you're already an IE/Firefox LastPass user the experience is a little different -- you have to do some setup, and you have to activate the LastPass feature on each page -- but if you are on the road and can't install software, have a mobile browser, or like to use Opera, Google Chrome or Safari, this solution works quite well.

We've prepared a quick video covering setup and an example of the feature in Google Chrome:

To get started you'll want to go to https://LastPass.com/ and sign in then hit Bookmarklets. If you're a new user -- go through the installer, then use your LastPass plugin to get all your passwords working before setting up the bookmarklet.

We've also improved m.LastPass.com as part of this process to have a login simply activate your session, and your bookmarklets, rather than try to immediately download and decrypt all your data -- this is far more workable if you have hundreds of accounts, like many of you LastPassers do.

A number of people have asked how to setup iPhone here how it's done:

New Notification Bar Preference

2009-01-06T09:57:00.003-05:00

We received feedback from some users that the notification bar that is shown you when you have multiple logins at a particular site was distracting because it pushed the page down.

With the release of v1.42, LastPass now gives you the ability to show the notification bar at the bottom of the page rather than the top. To try it out, simply click on the toolbar and open Preferences. On the advanced page, click on the 'Show notifications below browser' option.

Let us know what you think and keep the suggestions coming!

Protect yourself online: A New Year's resolution

2009-01-01T11:47:00.007-05:00

The arrival of the New Year often brings resolutions for self-improvement - exercise more, work less, eat better, etc. But have you considered adding protect yourself online to that list?

LastPass recommends that you use a unique, strong, random password for each of your online sites. No more using your pets name or your birthday for your password. No more using the same password for each site. That simply isn't secure.

By spending a little time now changing your existing passwords to strong ones, you will reap the benefits for years to come.

The worst form input field in the Top 100 Internet Retailers (by annualized sales)

2008-11-27T10:21:00.008-05:00

LastPass just came out with beta version 1.38, where we spent the week improving our form fill to perfection on the top 100 Internet retailers (by annualized sales). Overall it was a good exercise and improved our form filling capability dramatically on some sites.

This also exposed us to some questionable decisions made by some of the retailers in their forms. For example, some sites like to combine the credit card expiration month/year into a single select box. Nice if your expiration date is in 3 months, but when it's in 2017, and you have to scroll through over 100 entries it's a lot less usable. This is not a big deal; LastPass handles it so you won't have to think about it or waste time with it.

There was one form entry that we refuse to support on the moral grounds that this just needs to die. It looks like this:

Wow. An email field that asks you to split your email up into parts. It doesn't work well period, but it really doesn't work well with my email address from school (...@cs.umd.edu), nor for people in the rest of the world with multi level top level domains, or for people with long domains (it's too smal to fit them too).

This is particular gem is on Dr Foster and Smith's pet supply site (which just made the top 100), and gets close to a million unique visitors a month. Perhaps a little exposure will encourage them to fix it.

Bonus points to anyone who can find a similarly bad input entry on such a prominent site. I'll accept any site with over 100k unique visitors as judged by compete.com with one point per 100k uniques. The Dr Foster and Smith example is currently a 8.1. Can it be broken?

Enjoy Thanksgiving, Black Friday and Cyber Monday!

Joe

New LastPass Features

2008-11-09T14:48:00.003-05:00

New features are typically listed on our Upgrade Page when we release, but I want to highlight a few recent additions in case you missed them:

1) Identites: Allows you to create different views into your LastPass account. This is most commonly used to hide some of your sites when you log into LastPass from a particular location. A common example might be that you create a 'home' and a 'work' Identity.

2) New Language Support: Thanks to our many volunteer translators, LastPass has been translated into French, Swedish, Hebrew, German, and Dutch. Many more languages will be available soon.

3) LastPass Home: We created a super fast page that allows you to see all of your sites, organized as you like them, immediately. It allows for quick searching, editing and autologin.

4) Better support for iPhone: iPhone users can now launch site logins from our mobile site, https://m.lastpass.com.

5) Form Fill Improvements: We continue to improve our algorithms and feel we have one of the most accurate form fill products available.

Keep an eye on our Upgrade page for new features. We have come a long way these past few months and plan on continuing that trend moving forward.

After Yahoo Email Debacle, Sarah Palin Needs Lastpass

2008-09-19T11:51:00.022-04:00

"Rather than some automated tool or complex virus, Google and Wikipedia searches appear to have been the weapons used to knock down the walls guarding [Sarah Palin's] e-mail," according to this eWeek item.

Most people are vulnerable to the type of attack that compromised Palin's email account, as Markus Jakobsson wrote recently in IT World, "...almost all of us reuse what we may think of as “meta passwords” – the information used to reset passwords..."

Every three months about 1.5% of Yahoo's 250 million email account holders forget or lose their email login or password. This creates tens of millions of password email reset/recovery requests per year, according to this research report. This translates into a lot of wasted time in password recovery purgatory (at best) or opportunities for privacy problems and online fraud (at worst).

The password security and password recovery process is vulnerable to several different types of attacks:

1) Phishing attacks - where someone mimics a trusted website usually by sending an email directing you to a "fake site." There they get you to enter in personal information/ data like passwords/credit card information or social security numbers or "meta password data" like birthdays or mother's maiden name, name of your first pet. The phisher captures this information and uses it be assume your identity and either access your sensitive accounts or creates new accounts in your name.

Lastpass protection: They protect against phishing attacks by verifying that every site you log into is the actual website you're trying to enter. When you attempt to log-in to a website using Lastpass, the password manager will highlight login/form fill fields and offer auto login only to confirmed, legitimate website where you have an account. You’ll see the Lastpass icon and highlighted fields and know it is safe to proceed.

2) Brute force attacks - where someone methodically applies password combinations in an attempt to guess your password. One popular variation of this theme is a dictionary attack where weak passwords are uncovered by simply probing your password by testing it against the words in a dictionary.

Lastpass protection: They make creating, using and remembering strong passwords simple. Most people, myself included, make it too easy for brute force attacks to be successful because we use weak passwords (that are easier to remember than strong, complex ones) and reuse these weak passwords across different sites (meaning if one password is stolen/compromised, many of my sites are vulnerable). Lastpass makes it easy to use strong and unique passwords for every website. I use Lastpass to auto generate strong passwords for me and remember these passwords for me so I don’t have to.

3) "Meta password" attacks (a.k.a. mother's maiden name and other common password retrieval challenges). Under this increasingly common scenario, someone collects your personal information via Facebook, public record searches, ect. They use that information to figure out what they need to reset my account password and access my information.

Lastpass help: The password manager enables me to change the way I answer these “meta password” questions. Basically, I can offer less personal information. Gone are the days where I enter in simple answers, now I auto generate strong password-like answers to questions like mother’s maiden name and my elementary school? I use the password generator to make up “junk” answers and save these answers in the “edit site information” notes section with each new account. Because Lastpass auto logs me in to websites I no longer have to use the meta password data to reset passwords. If I were to need to access the meta question answers, that info is securely saved and accessed from my Lastpass portal page.

Because Lastpass does password management differently, they sync all my information across platforms and machines and I can still access all my account information, log-into my websites without uploading any sensitive information to their servers.

So, unlike many password managers, Lastpass doesn’t require too much “trust “from me. It saves all my sensitive information and encrypts it locally on my machine. They don’t have access to any of my information, it doesn’t get saved onto their servers, it remains secure, encrypted and on my computer.

It’s probably time for all of us including Sarah Palin to rethink our online information management and make life easier and safer with a password manager like Lastpass.

Sharing accounts and the future of how you deal with passwords

2008-09-10T15:08:00.002-04:00

When we explain account sharing to people, it's not uncommon that they ask why would I want to share an account?

Usually this objection is grounded in the fact that most people use the same username and password everywhere today, and by sharing, they'd be giving access to all their accounts. We're hoping you'll start changing your habits with LastPass -- let the program do the hard work of remembering usernames and passwords so that you can feel free to pick good passwords everywhere you have an account (using the LastPass Password Generator to do it).

There's lots of reasons you'd want to share an account with someone else -- if you share a bank account with your spouse, isn't it better that you both can use your 'LastPass' password rather than be forced to keep the same password? If you have a special login for work, isn't receiving that password in LastPass a lot easier than having someone email it to you, where you'll have to go searching through your email at a later date?

All of this is predicated on your use of unique passwords for each account, so if there's a reason you're not doing that, we'd love to know.

Have you seen what passwords a virus could pull from your PC?

2008-08-27T18:58:00.002-04:00

One of the reasons we created LastPass was to remove a threat that we were worried about -- if you somehow got a virus on your PC, could it immediately grab passwords and then uninstalls itself leaving you none the wiser? This would be a particularly insidious attack as you'd be unlikely to notice, and unlikely to change your passwords as a result of the attack.

If you're on a Windows PC, I'd encourage you to try https://lastpass.com/lastpass.exe
this is the LastPass installer, and as one of the installation steps allows you to optionally see what passwords LastPass can find, and optionally choose which (if any) you'd like to encrypt and then potentially remove from your PC.

It may be a big eye opener about what passwords are sitting out there in an unencrypted form on your PC, and even if you don't choose LastPass to be your Password Manager, you'll at least know what you're risking, and be able to clean up.

Recently a virus called Gammima.AG. made it onto the space shuttle, and it's goal was to gather passwords (albeit not in the exact same way I describe above), but it shows that attacks of this nature aren't far fetched and can happen to the best and brightest of us.

How LastPass protects against phishing attacks

2008-08-27T10:37:00.001-04:00

Hopefully you have started using LastPass and are now hooked because of the added convenience, security and organization it brings to you life. One facet of LastPass security that we haven't really mentioned is how we protect you from phishing attacks.

Phishers setup rogue websites with domains that are close in name to their target, so they can catch people who mistype the URL. They make the page look identical, so it is easy to enter your login information without a second thought.

LastPass protects against this if you use the LastPass website to login or the Sites drop-down in the plug-in. There is no URL to type, LastPass navigates to the page for you. It is both convenient and safe.

The second way phishers often trick people is by sending emails that look legitimate, but have links that point to their website instead of who they are impersonating. LastPass protects against this by only form filling and putting our icon in the form fields if you have an account with this site.

So if you do not see the LastPass icons in the form fields on one of your sites, do not simply enter your information! First make sure you are logged into LastPass and review the address.

Lastpass Saved Me While Traveling Abroad - No Stress Bill Pay From a CyberCafe

2008-08-27T04:47:00.005-04:00

Victory was mine this morning, Visa won't being getting a late fee from me! Even though I was traveling abroad - on the road - without a secure internet access point this morning in Berlin, Lastpass's virtual keyboard and universal access saved the day.

About six million north americans live abroad with 20 million more working/traveling outside the country every year. As a member of this traveling horde, I sometimes find myself stuck in a foreign country, without secure Internet access needing to pay an online bill or transfer funds between bank accounts. In the past - I had to choose between logging on from a public PC and hoping for the best - vis-a-vis keystroke loggers and other bad online things or paying late fees or overdraft penalties.

Not today. I was able to log-on to my credit card account using the Lastpass virtual keyboard ( feature in the upper right on the log-in page) and pay a credit card bill. I know the guys behind Lastpass from our days at eStara so I'm not terribly surprised they've made Lastpass easy to use , portable and secure, but I am pleased that they did. Thanks guys!

Protecting your privacy by using base64 encoded inline images + table images for IE

2008-08-20T16:43:00.000-04:00

While creating LastPass we wanted to show an overlay on the page when you autologin to a site. We ran into an issue though: if we used a image on that overlay, the image would leak the referring URL -- a privacy leak that we wanted to avoid.

In Firefox, there is a relatively straight forward and elegant solution: use an inline base64 encoded image. This method is covered here: http://www.websiteoptimization.com/speed/tweak/inline-images/

This was great, but Internet Explorer doesn't support inline images unfortunately; we found inspiration for the solution here: http://ddzoom.net/jsimages/ and adapted it to create pure HTML not javascript. Using a table to create an image will probably make you squirm, but it works.

The overlay we are creating is in HTML, and IE can render tables quickly, so we gave it a shot and it worked great, much faster than the javascript version (because it skips all the reading and it ultimately creates a table itself).

Granted this is a very small image (our logo), and we probably wouldn't do it if we needed a very large image, but it accomplishes the goal while protecting your privacy which makes us happy.

How people deal with password overload today

2008-08-19T17:56:00.000-04:00

Working on LastPass.com for the last few months has given me the chance to question quite a few people about their current password habits. It's been eye opening to hear just how many people use the same exact password for any application they're faced with, completely not recognizing or not caring about the risk they're facing.

The people that do recognize the risk, typically 'tier' their passwords, making a strong one for the sites they care about the most, and a lower level one for ones they care about less.

Both of these are pretty flawed approaches because some companies are radically better at authenticating users than others; the most secure companies (like LastPass) use https (encrypted data passing), create a one way hash of your password client side (so your password never leaves your computer), and salt that hash against that for what they store.

Unfortuantely almost no companies are that careful, many allow you to send your password over a non-encrypted channel to them, then store your exact password unencrypted in their databases and will even send that password to you over email (which is also insecure), meaning that there's at least 6 distinct ways your password could fall into a nefarious person's hands for just that one site (sniffed over the network, taken by an employee at the company, sniffed over the network between the company and your email provider, sniffed over the network between the email provider and you, taken by an employee at your email provider, and stored unencrypted in your email client) .

Handling passwords the right way isn't hard if you have software that will create and remember strong passwords for you.

LastPass : The last password you'll have to remember

Resolutions Recap: Share Your Feedback!

Resolutions with LastPass: #10 Strengthen Your Master Password

Resolutions with LastPass: #9 Check Out Multifactor Authentication Options

Resolutions with LastPass: #8 Generate OTPs to Use on Untrusted Computers

Help Us Celebrate "National Change Your Password Day"!

LastPass 1.90 Released for All Browsers, Featuring Import & Export of WiFi Passwords

Resolutions with LastPass: #7 Update Your Account Email Address

New: LastPass for BlackBerry PlayBook 2.0 is Here!

LastPass for Windows Phone 7 Update: Edit, Add Sites and Secure Notes

LastPass Is Hiring!

New Year's Resolutions with LastPass: #6 Revamp Form Fill Profiles with Our 4 Tips

Have a Zappos Account? 4 Steps to Take Now with LastPass

New Year's Resolutions with LastPass: #5 Generate Your Answers to "Security Questions"

New Year's Resolutions with LastPass: #4 Root Out Insecure Account Data, Store Miscellany in Secure Notes

New Year's Resolutions with LastPass: #3 Replace Weak and Duplicate Passwords

New Year's Resolutions with LastPass: #2 Organize Your Vault

New Year's Resolutions with LastPass: #1 Run the LastPass Security Check

Your LastPass account is safe on Carrier IQ enabled mobile devices

Three Great New Features Added to Windows Phone 7 App

Gearing Up for Seasonal Online Shopping: A User's Guide to LastPass Form Fill

Introducing Support for Google Authenticator

Moving to a New Email Address? Update LastPass, too!

Free 6 Months Premium for All University Students!

New LastPass Enterprise Feature: Link Your Personal Account to Your Company Account

LastPass Gets a New Look for Mac Lion & Safari 5.1 Release

LastPass for iPhone Gets an Update!

Windows Phone 7 Update

LastPass Security Notification

Content Security Policy (CSP) implemented on LastPass.com -- the beginning of the end of bookmarklets?

Cross Site Scripting vulnerability reported, fixed

PC Mag Says LastPass Is "Still the Best"!

LastPass One Million User Giveaway: An Apple iPad and Two $100 Amazon Gift Cards

A User's Guide to Setting Up LastPass on Your USB Thumb Drive

LastPass for Windows Phone 7 Has Arrived!

Windows Phone 7 Update

LastPass Acquires Xmarks!

LastPass for Opera 11 is here!

Tip: Be Prepared for Travel Mishaps with LastPass!

Computerworld Reviews LastPass

LastPass How-To: Replacing a Site's Old Password with a LastPass Auto-generated One

We've Released Version 1.70 - Check Out What's New!

LastPass Adds Support for Dolphin HD on Android

Another Glowing Review for LastPass

LastPass Gets the Green Light from Security Now!'s Steve Gibson

LastPass IE Anywhere Is Here!

Native Extension for Safari 5 Released

New Release for LastPass Tabbed Browser for iPad

Version 1.68.6 of our tabbed browser for Apple's iPad was released to the iTunes Store yesterday! New features include:

Version 1.68.6 of our tabbed browser for Apple's iPad was released to the iTunes Store yesterday!

New features include:

Resolved issues include:

LastPass for Safari 5 on Mac OS X

You Asked For It: iPad Sneak Peeks!

Stumped on a Mother’s Day Gift? Give the Free Gift of an Easier Online Experience!

New Release Available!

RSA, Google IO, and other updates

Are you at risk from the Twitter phishing scam?

The LastPass Security Challenge and 1.64.4 released

New LastPass website and LastPass version 1.62.0 released

LastPass Featured by PC World

LastPass for iPhone 1.60 on the app store

LastPass 1.60.0 released, x64 for IE

The PC World 100: Best Products of 2009

LastPass.com Featured on FOX News

Disturbing Password News

LastPass for Google Chrome Alpha

New and improved mobile applications

Safari extension updated, full 64-bit Snow Leopard support

LastPass for Safari OS X 10.5+ beta released

Using a strong password more important than changing your password frequently

LastPass vs Roboform by the Associated Press

What's a bigger problem than malware/Viruses? Poor Password Management

Easily login to your LastPass accounts from your iPhone? There's an app for that.

LastPass for Android BETA

Password Fatigue and LastPass

Troubling stat of the day

New Release

Are you a talented graphics designer?

1.51 Released

Version 1.68.6 of our tabbed browser for Apple's iPad was released to the iTunes Store yesterday!

New features include: