As I work for a password manager, I always find myself explaining the product to friends, family, and new acquaintances. Naturally when I do, one of the first questions I always hear is, ‘doesn’t my browser already do that?’
The short answer is yes, but don’t. Browsers like Google Chrome and Mozilla Firefox will ask to save your passwords for you and then fill them in automatically when you visit that site again in the future. However, there are critical differences. Some you can see as a user (like a built-in password generator) and some you can’t (like the security model) that make a password manager like LastPass a much better solution for you.
So for those of you who find yourself wondering about the differences between storing your passwords in LastPass and in a browser (or trying to make the case to others), here’s a detailed rundown of how they differ:
Anytime, Anywhere Access
With LastPass, your data is not stored in a single ecosystem (such as your browser). Rather, LastPass syncs all of your data across every browser and device on which you’re accessing LastPass. When you use a browser to store your passwords, you can only access the data on that browser. What about when you need that password on your phone or tablet? You’re out of luck. And should your computer crash or your smartphone go for a swim, everything you’ve stored in LastPass is securely backed up. You can even log in to your account when you don’t have Internet access. You’re never without the information you need.Security Model
Your LastPass account is protected by a master password that only you have. The master password is never sent to our servers and can only be retrieved by you. LastPass requires you to log in to your account before gaining access to the passwords and data stored in the vault. Some browsers require a log in, but not always, and not by default. We’ve built LastPass with AES 256-bit encryption, widely recognized as one of the strongest encryption standards available. Encryption and decryption happens locally on your device. Our zero-knowledge architecture ensures that we never have the master password, and therefore never have the key to your data. We strengthen the master password and encryption key against large-scale, brute-force attacks by slowing down guesses with salted hashing and PBKDF2 implemented with SHA-256. Browsers also encrypt their passwords (though the Opera browser suffered an attack in mid-2016) but details beyond that are hard to find. LastPass and other password managers make their security model readily known for users.What’s the Password Again?
How many times per week are you asked ‘what’s the password for…’ by your spouse, kids, or even friends? Probably more than you like to admit! With your browser, you do not have a way to share those passwords at all. Password managers like LastPass allow you to share not just passwords (think household bills and streaming media), but also important information like medical IDs, your AAA number, and passport numbers. Not only is it simple to share these in LastPass, but also safe because all data is encrypted and decrypted locally.More than Just Passwords
The term ‘password manager’ is a little misleading at this point because most tools do much more than manage your passwords. They also autofill those passwords for you, as many browsers do as well, but they do SO much more.- Password generator: LastPass allows you to generate strong, unique passwords right from the ‘new password’ field or your browser extension, whichever is easier.
- Payment cards & addresses: Especially during a busy shopping season, it’s a hassle to enter your credit card and shipping address over and over again. With LastPass, securely store those in your vault and you can fill them in a few clicks when you need them.
- Two-factor authentication: With Google Chrome, you can add 2FA to your Google account, but we know most people don’t do that. Make sure you take this extra step when you’re using a password manager!
- Security Challenge: Put your passwords to the test with the Security Challenge and find any weak, duplicate, and potentially-insecure passwords.