A business uses multiple passwords every day to access the many systems they use – for themselves and on behalf of their clients. God forbid a password should ever get into the wrong hands and cause a data breach… One of the best ways you can help secure your (and your clients’) personal data, and help comply with the GDPR, is to use an online password manager, such as LastPass. This article looks at how LastPass works, how to install it and how to use it as securely as possible by enabling further security features.
What is LastPass?
LastPass is a cloud password management system that allows a user to create complex and secure passwords without needing to remember them. The user will only need to remember their master password to login to their LastPass account. When a user goes to the login page of the website or system they wish to log in to, LastPass will automatically fill the username and password fields with the saved login details.
To install LastPass on Google Chrome, open the Google Chrome Web Store and search for “LastPass” in the top left-hand search box. The logo of LastPass is a red square with three horizontal white dots.
Select the LastPass extension and click “Add to Chrome”. Then wait for the installation to complete.
Once the extension has been added to Chrome, you can click on the grey square with three white dots in your extensions (located in the top right-hand corner of your browser). This will open a login interface for your LastPass account. If you have an account already, go ahead and log in. If you don’t have an account then select the ‘Create Account’ button. Fill out all of your details, ensuring your email is correct, and finish setting up your account.
Once you have created your account and logged in, you need to configure your settings to not leave LastPass logged in after closing the browser/shutting down your machine. This is for security reasons. Logging out of LastPass helps to ensure the security of your data if your machine gets lost or is stolen.
LastPass extension Icon > Preferences > General
Enable ‘Automatically log off when all browser are closed…..’
Enable ‘Automatically Logoff after idle…’
Save your changes
Restart your browsers
N.B. This will need to be applied to all browsers where you have LastPass installed, as browser preferences do not sync across browsers.
When you first login to a website, such as a WordPress login, you will manually enter your login details into their respective fields. Once you have successfully logged in you will see a small popup towards the top right-hand corner of your browser. This will be the LastPass extension asking if it should save that login information. Once you hit save, the login information will be stored there until you delete it.
If you revisit the login screen you will see a grey version of the LastPass logo on the entry fields. Click that and select the username you want to log in with. The extension will then auto-fill the fields with the data you saved and you can log in.
To manage your passwords, select the extension icon and open your vault. This is where all passwords are stored and you can search for various passwords by the website it is for or by the username you have used. You can update the passwords at any time either by a popup from LastPass when changing your password or by manually editing the stored password in your vault after successfully changing it on the website.
LastPass can only be accessed using the login information you set when creating your account. As such we recommend updating your LastPass password every 3 months as a minimum requirement.
To change your password, open your vault and select your account in the top right-hand corner and click account settings and then “Change Master Password”.
We also recommend enabling the SMS Account Recovery option and paring your account with your mobile phone should you ever forget your master password.
Finally, we recommend enabling two-factor authentication which is a method of adding security to your account.
You can do this by navigating to account settings as before and selecting the Multifactor Options tab. We recommend using the standard LastPass option, but you can set up the Google authentication if you prefer. After setup you will need both your mobile device and your master password in order to log in to your account. When attempting to login you will enter your username and password and then on the next page, you will have to enter a code which will be sent to the mobile device you have set up two-factor authentication with.