Initially, this meant that I had to swallow the enter-a-password-whenever-you-start-the-browser pill. I didn't like this, but I adjusted my behavior to minimize instead of close the browser, and I used suspend or hibernate whenever possible instead of shutting down.
Well, with LastPass, you don't need to keep your browser running in order to stay logged in. They have a desktop app which stores your logged-in state at the OS level, and communicates with all of your browsers. That means you sign in once in Firefox, and you're automatically signed in in Chrome. If (for some unknown reason) you are compelled to use MSIE for something and you're logged in there too. (LastPass also supports Safari and Opera, but I don't currently use those.)
This scores major points with me in the trade-off between security and convenience!
The premise behind LastPass is that the password that encrypts your data could be "The Last Password You'll Have to Remember!" If you only need to remember one password, then it can be a strong password, with different character types and such.
They certainly do go a long way towards making it possible to not type in (or even know) your passwords for any website. LastPass can (optionally) create strong passwords for you that it will auto-fill and auto-login when you visit the appropriate site. They have excellent browser support across all the major platforms, including smartphones, which brings us to their business model: LastPass is a freemium service. They give you basic functionality for free, and when you're ready to be a power user, you can pay for the next level of service. In the case of LastPass, this next level comes in the form of their smartphone apps, which, as I am not a premium member, and do not have a smartphone, are beyond the scope of this review. I did, as promised, pay for Xmarks Premium, however.
Anyway, at work, I stuck the "LastPass Login!" bookmarklet in my bookmarks toolbar, logged in to LastPass, and viola! Instant access to my passwords. (Okay, I had to add lastpass.com to my third party cookies whitelist, but that isn't necessary unless you block third party cookies.) You can't add login information or form data to the LastPass vault with the bookmarklets, but you can do that with the website.
LastPass behaves much like your browser's normal password saving feature. When it detects something it can do, a bar will pop down from the top of the browser until you take an action or dismiss it. LastPass puts its logo inside form and password fields that it wants to interact with. You can also access the LastPass menu from a button installed in your toolbar.
If you choose to save some information, you are presented with more options:
|Saving a site's login information with LastPass|
|Stored Mint.com password|
- Store and fill shipping and contact information, credit card data, or any other specific form on the web. After installing the plugin, LastPass had collected much of this information from saved form fields (not credit card numbers though, obviously).
- Import passwords from browsers and just about anywhere they're stored (including KeePass). It will export to Firefox if you decide to stop using it.
- Store, retrieve, and print secure notes - something that might come in handy should the need arise.
- Share selected passwords with another user - this is useful if I want to be able to log in to Google and Facebook on my wife's computer and we each have separate accounts (or if we share access to a credit card account and the credentials change). If I update the password in my LastPass account, the correct password shows up in hers as well.
|LastPass confused by a Facebook form|