Skip to main content

Password manager

11 'Password manager' stories November 2013 - March 2017
See All Stories

LastPass details recommended precautions as it fixes vulnerability discovered over the weekend [U]

Avatar for Ben Lovejoy Mar 28 2017 - 6:10 am PT
0 Comments
Site default logo image

Update:

LastPass says that the browser extension vulnerability has now been patched, and that there is no evidence that it was ever exploited.

Google security researcher Tavis Ormandy reported a client-side vulnerability in the LastPass desktop browser extensions, but neither he nor LastPass released any details pending a fix. The company said that this has now been done, and most users will be automatically updated to version 4.1.44.

On Saturday, March 25th, security researcher Tavis Ormandy from Google’s Project Zero reported a security finding related to the LastPass browser extensions. In the last 24 hours, we’ve released an update which we believe fixes the reported vulnerability in all browsers and have verified this with Tavis himself.

Most users will be updated automatically. Please ensure you are running the latest version (4.1.44 or higher), which can always be downloaded at https://www.lastpass.com/.

LastPass has now provided details of the issue in a blog post, but warns that the obscure nature of the vulnerability means that the explanation is highly technical.

Password-manager LastPass is recommending that users follow precautionary steps while it works on fixing a vulnerability discovered over the weekend. Two of the recommendations are generic in nature, and should be followed anyway, but one is specifically geared to protecting your account from the vulnerability …


Expand
Expanding
Close

How to protect your iCloud account, as some hacked credentials confirmed valid

Avatar for Ben Lovejoy Mar 24 2017 - 6:24 am PT
0 Comments
Site default logo image

While the available evidence suggests that hackers have not gained direct access to more than 600 million iCloud accounts, some of the sample login credentials supplied by the group have been found to be valid. ZDNet, for example, used Apple’s password reset function to test 54 logins supplied by the hackers, and found that all of them worked.

Apple has said that there have been no breaches of its own systems, and that the credentials likely came from ‘previously compromised third-party services.’ Most of the account owners contacted by ZDNet lent weight to this claim …


Expand
Expanding
Close

LastPass password manager update adds emergency access, sharing center and new UI [Video]

Avatar for Ben Lovejoy Jan 5 2016 - 5:42 am PT
4 Comments

lastpass

LastPass has updated its Mac and iOS apps and browser extensions to version 4.0 to add an emergency access feature and shared passwords, as well as a significantly revamped user-interface.

Emergency Access (shown below) is designed to ensure that you aren’t permanently locked out of your account if you ever forget your master password.

Emergency Access lets users designate trusted family, friends or colleagues to have access to their password vault in the case of an emergency. For added security, a user can require a waiting period between when an Emergency Access contact can request access to the vault and when access is granted. During the waiting period, users can decline an Emergency Access request to their vault.

The new Sharing Center is designed to provide a safe method of allowing multiple people access to the same account, such as when two or more family members want access to utility accounts …


Expand
Expanding
Close

1Password Mac app updated to support one-time passwords, in line with iOS app

Avatar for Ben Lovejoy Apr 7 2015 - 5:07 am PT
19 Comments
Site default logo image

1password

A couple of months after the 1Password iOS app was updated to support one-time passwords, the Mac app has been given the same feature, allowing the popular password manager to support two-factor authentication.

Version 5.3 of the pricey but powerful app also gains a number of other improvements, including improved credit card filling on a number of sites, among them Hilton, Cineplex, Drafthouse, Amazon, and PayPal. More custom fields have been added, and you can add your own fields in secure notes also … 
Expand
Expanding
Close

Site default logo image

Here are the worst passwords of 2014 (and ‘password’ still isn’t the worst)

Avatar for Ben Lovejoy Jan 20 2015 - 5:24 am PT
3 Comments

hacked-passwords

SplashData, the company behind corporate password manager SplashID, has just compiled the latest top-25 ‘most hacked passwords’ rankings. As last year, the most-hacked password is 123456, with ‘password’ only managing second place.

But perhaps naive Internet users have been paying attention. It seems some of those using 123456 have come up with a cunning plan to defeat the hackers: dropping the final digit. 12345 has raced 17 places up the charts into third place. Old favorite ‘letmein’ has climbed one place to #13.

New additions this year include baseball, football, batman and access (cunning). You can see the full top-25 below. If you’re not already using a password manager to enable strong, unique passwords for each website, check-out our how-to guide.

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

Site default logo image

LastPass matches Dashlane with automated password changing – but it doesn’t yet fully compete

Avatar for Ben Lovejoy Dec 10 2014 - 6:52 am PT
1 Comment

lastpass

After password manager Dashlane grabbed the limelight yesterday with an automated password changer for 50 top US websites, LastPass has hit back with its own version of the same feature. However, while LastPass supports more sites, it falls short of the Dashlane offering by forcing you to change one password at a time, rather than doing all supported sites en-mass, and not yet supporting sites that employ two-factor authentication.

We’re excited to announce that the Auto-Password Change feature we released to our Pre-Build Team last week is now available for all users in beta. LastPass can now change passwords for you, automatically. We’re releasing this feature for free to all our users, on Chrome, Safari, and Firefox (starting with version 3.1.70) […]

Auto-Password Change already supports 75 of the most popular websites, including Facebook, Twitter, Amazon, Pinterest, Home Depot, and Dropbox.

LastPass notes that it does this while maintaining its secure approach of ensuring that only encrypted versions of the password are ever stored on the LastPass server, with the apps doing the decrypting on your device.

You can download the beta from the LastPass download site. If you’re not yet using a password manager, check out out our how-to guide.

Dashlane password manager can now automatically change your password on 50 top US websites

Avatar for Ben Lovejoy Dec 9 2014 - 6:50 am PT
4 Comments
Site default logo image

dashlane

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required … 
Expand
Expanding
Close

1Password 5.1 released with iPhone 6 support, third-party keyboard settings, and much more

Avatar for Mike Beasley Oct 6 2014 - 10:50 am PT
8 Comments
Site default logo image

1Password, the powerful and popular password manager for iPhone and iPad, has been updated to version 5.1 today, introducing a host of new features and improvements. First on the list is support for the 4.7-inch and 5.5-inch screens on the iPhone 6 and iPhone 6 Plus, with full 3x image support on the Plus model.

Touch ID support has also been significantly improved, with the app’s security settings now simplified to avoid the confusing and unnecessary differentiation between the Master Password and PIN code, and Touch ID is now more reliable. You can also create new tags to add to your stored data, allowing for easier sorting on-the-go.


Expand
Expanding
Close

1Password 4 for Mac now allows editing in the browser extension, better sub-domain matching and more

Avatar for Ben Lovejoy Mar 13 2014 - 6:10 am PT
11 Comments
Site default logo image

[vimeo 88901304 w=800 h=500]

The popular password manager 1Password has been updated with one of the most-requested features: the ability to edit entries within the browser extension, 1Password mini, rather than having to use the main app.

It also promises much better matching of logins to subdomains, so that your stored logins should work more of the time. Previously the app would often fail to recognise subdomains as being part of the same site, so automatic login would not be available when you jumped straight to a particular section of a site, forcing you to login manually then create a new entry.

AgileBits describes version 4.2.1 as “a huge update with over 30 new features,” which are detailed below the fold … 
Expand
Expanding
Close

Site default logo image

The worst password of all is no longer ‘password’ according to hacked accounts chart

Avatar for Ben Lovejoy Jan 20 2014 - 4:27 am PT
16 Comments

passwords

You might have thought that it would be hard to come up with a worse password than ‘password,’ but according to a chart compiled by SplashData from hacked accounts, it has been edged out by ‘123456’.

The far more secure ‘12345678’ (33 percent more secure!) retains its position as number three, while a new entry in sixth place goes as far as ‘123456789’. Sadly, ‘letmein’, a password I always felt deserving of classic status, dropped seven places to achieve a mediocre ranking of 14.

Apple introduced iCloud Keychain as part of Mavericks and iOS 7.0.3, and if you’re not already using it, you can read our how-to guide. If you’re using older versions of OS X or iOS, we also ran a how-to guide on using a password manager to have unique, secure passwords for each website.

Via re/code

Site default logo image

LastPass password manager iOS app gets simplified UI & family logins

Avatar for Ben Lovejoy Nov 5 2013 - 4:35 am PT
15 Comments

LastPass-Mobile

The popular free password manager app LastPass has been given a revamped user-interface across iOS app, Android app and browser add-on, aimed at both a cleaner look and greater ease of use.

Paid users also get access to a new Shared Family Folder, allowing up to five users to get shared access to joint logins. The LastPass blog highlights the new features in version 3.0 as:

  • Revamped user experience and user interface
  • Field icon menus for easy access to logins and LastPass tools
  • A Shared Family Folder for up to 5 users
  • Expanded Shared Folder features for LastPass Enterprise
  • A revamped LastPass for Applications
  • Secure Note history, to track changes to your notes

LastPass is a free download, and we have a detailed tutorial on how to use it.