security_class_101 Day_2

security 101:

Day 2: 

LastPass

LastPass is my cloud based Password data-base management application. I personally use KeePassX for local, and LastPass for my Internet passwords alone. I like different features in either app better. The major advantages to LastPass are the full range of Browser compatibility(IE,Opera, chrome/chromium, safari).  The browsers it does not play well with are:Maxthon, Avant, and a bunch of the Linux web-browsers(epiphany{gnome}midori), while a bunch of Linux browsers are based on the source code of firefox.

I will say that I am reviewing this from a free user perspective. If anyone wants to see a review of the pro, and how yubiKey works with LastPass. Although Hak5 has done a bunch of episodes on using yubiKey's, and LastPass.

LastPass advantages:


~ compliant w/ all of the major operating systems:Linux/mac/windows/BSD(sadly no haiku)

~ has a two factor authentication w/ cards, to perform two factor auth. with the free version.

~ has a security check for checking the strength of your passwords.
(there were three fast screens that flew by encrypting passwords, sending passwords, calculating password strength...)

~share the results to brag to your friend's or like in my case be disappoint by a mere 86%...:~{

~ Imports from almost any format, but doesn't export into many formats.

Import

VS.

export

~  Secure notes for keeping "secret" Lists.
(you can also copy/paste anything in one of thise lists you want.)


~ one click filling of form-data
(although I use AutoKey 2 automate strokes portably from inside a encrypted volume)

~Generate secure Passwords...

The LastPass Password generator, to give you an unlimited amount of random passwords.

 ~ It is my opinion that LastPass strength's lay in Cross-platform/browser, security check you can share with your friend's, a strong encryption focus. You can also use your Last Pass from the local Encrypted Vault. The Vault does work off-Line from your web-browser, but will alert you to off-Line being used. So even if Last Pass is doing maintenance, your still golden. I use my KeePassX local Linux password data-base, to fill in the Master-Password for my LastPass every time I log into most any of my browsers(I like Maxthon/Avant, Midori, and Epiphany as well...:/).

Although I think the main advantage from using any kind of password dataBase, is going to be the ease of use it is for (possibly-incompentent non-tech. users)to enter propperly strong passwords, and to easily change them if they find out their NT was attacked.