This is a guest post by Chad Warner, Internet safety enthusiast at Defending Digital.
LastPass is one of the world’s most popular password managers. A password manager is software that securely creates and stores passwords. LastPass works from your computer, phone, or tablet, and syncs between them. And because your data is encrypted on your device before traveling to LastPass’ servers, neither LastPass’ employees nor anyone can access your passwords. Now, let’s walk through how to set up LastPass.
Go to the Download LastPass page. If you’ll only be using LastPass for one browser, click the Download button for just that browser.
If you’ll be using LastPass for more than one browser on a computer, install the Universal Installer for your operating system (LastPass Universal Windows Installer, LastPass Universal Mac Installer, or LastPass Universal Linux Installer). The Universal Installer will add LastPass to all your browsers, and will give a few other features such as sharing login state between browsers, and allowing you to automatically log out of LastPass.
Configure Your LastPass Account
Once LastPass is installed, you can create a LastPass account. You can start with a free account, or upgrade to a paid Premium plan if you want the following:
Ability to give another LastPass user access to your LastPass account in an emergency
Integration with Windows applications (beyond your browser)
You’ll need to create a Master Password, which is the password that will unlock your LastPass vault (your collection of passwords and other data). What makes a good Master Password?
Long (15+ characters; 20+ is better)
Complex (at least one uppercase, lowercase, number, and symbol)
Relatively easy to remember, because you’ll type it often
Relatively easy to type, because you’ll type it often
To make it memorable, you could connect four random words with hyphens. You can do that with 1Password’s online password generator (check the box for Memorable Password). To make it stronger, you could add a word or two, and add a capital letter and/or number.
Once your account is created, open your vault by clicking the LastPass icon in your browser, then Open My Vault. Then, in the bottom left corner, click Account Settings.
At the bottom of the screen, click Show Advanced Settings.
In the Country Restriction section, check the box for Only allow login from selected countries and then check the box(es) for your country(s).
In the Tor Networks section, check the box for Prohibit logins from Tor networks (unless you know that you will log in from Tor networks).
Multifactor Options Tab
LastPass supports several forms of multifactor authentication. I highly recommend enabling one or more of them, to increase your account security. You’re probably already using an authentication app such as Google Authenticator or Authy, so click the pencil icon to enable and configure an option. LastPass will walk you through the steps. For an authentication app, you’ll scan the QR code to add your LastPass account and get your code.
Note that you can use Authy or other similar TOTP (Time-based One-time Password) authentication apps with the Google Authenticator option.
At the bottom of the screen, set the Default Multifactor Option to the strongest form of authentication you have enabled. If you have a hardware device, such as a YubiKey or Fingerprint / Smart Card, select that.
When you’re finished, click the Update button at the bottom of the screen.
Configure the LastPass Browser Extension
After you install LastPass, you’ll notice a LastPass icon in the top of your browser, around the same level as the address bar. It’s a button with 3 large dots (…). Click the LastPass icon in your browser, then Account Options, then Extension Preferences.
Check the box for Log out when all browsers are closed.
Check the box for Log out after this many minutes of inactivity and set it to 10 (or the number you prefer).
Check the box for Don’t overwrite fields that are already filled.
Check the box for Share login state between browsers, if you use multiple browsers.
Grant Emergency Access
If you have the Premium plan, LastPass lets you designate one or more trusted contacts who can request access to your LastPass account in an emergency, such as if you became incapacitated or unreachable, and someone needs to pay your bills or access your financial accounts. When your contact requests access, you receive a notification. If you don’t deny the request before the wait time is up, they receive access.
Click the LastPass icon in your browser, then Open My Vault. Then, in the bottom left corner, click Emergency Access.
In the bottom right corner, click the red plus icon.
Enter the email address the other person uses for their LastPass account. Then, set the Wait Time to the amount of time you want to be able to respond to their request before access is granted. Then, click Send Invite.
Print One-Time Passwords
As a backup, you can print one-time passwords that can get you into your LastPass account if you forget your Master Password.
Click the LastPass icon in your browser, then Open My Vault. Then, in the bottom left corner, click More Options. Click Advanced, then One-Time Passwords.
Follow the instructions to print your one-time passwords. Save these somewhere secure, such as a safe deposit box, or fireproof safe in your house.
If you didn’t do it earlier, you can now import any passwords you have saved in your browser or elsewhere on your computer.
Click the LastPass icon in your browser, then Open My Vault. Then, in the bottom left corner, click More Options. Click Advanced, then Import. Follow the steps to import.
Once your passwords are in LastPass, delete them from wherever you saved them before, and disable the password manager in your browser settings.
Take the LastPass Security Challenge
The LastPass Security Challenge checks your passwords to see if any are compromised, weak, reused, or old. This is done on your device, without anyone at LastPass seeing your passwords. Here’s how to use it.
Generate Passwords with LastPass
LastPass will automatically put a Generate Password icon on password fields. You can click it to create a password. Alternatively, you can click the LastPass icon in your browser, and click Generate Secure Password. Then, click More options. You can then choose your password rules.
To make your passwords strong, I recommend the following settings:
Password Length: 20
All characters: checked
Unfortunately, some websites and apps don’t accept 20-character passwords, or they don’t accept certain symbols. If an account rejects a password, you can adjust your generated password to fit the requirements. But if you change the settings in the LastPass password generator, make sure to set it back the next time you create a password, so you don’t weaken all your future passwords.
LastPass will securely save this password. The next time you come to the site, LastPass will offer to fill in your password for you! You can also click the LastPass icon in your browser and start typing the name of the site to quickly navigate to it in the future.