Meet LastPass, one of the best programs for storing passwords, distributed as a single plugin installer for Internet Explorer, Google chrome, Mozilla Firefox, Opera and Apple Safari developed by LastPass. Passwords in LastPass are protected by a master password, are stored locally, and can be synced to any other browser. LastPass also has a form filler that allows you to automate password entry and form filling. The plugin supports generating passwords, sharing data, logging site logins, creating secure notes, and much more. Download LastPass below.

One master password (the motto on the site is "The last password you must remember!").
Synchronization of browsers.
Generating strong passwords.
Encrypting passwords.
Online form filler.
Import passwords from other password managers as well as export.
Passwords are stored in the cloud service lastpass.com in encrypted form (AES-256).
The LastPass Master Password is stored in your head and when you enter it, all passwords are decrypted from the database (AES-256).
Passwords are transmitted over a secure (https) connection.
LastPass creates a hash of your username and password, which is the key to the AES algorithm.
For authorization, the LastPass service uses a double hash, it is he who is sent to the server and is the verification key for authorization.
The names of groups, accounts and data are transmitted in encrypted form, https is used everywhere.
LastPass collects passwords that other password managers don't see, including many AJAX forms, and makes it easy to create strong passwords.
You will be able to import and export data from many known systems storing passwords (such as: RoboForm, 1Password, KeePass, Password Safe, MyPasswordSafe, Sxipper, TurboPasswords, Passpack, Firefox and Internet Explorer and many others). Passwords in LastPass are protected by a master password and are stored locally and can be synced to any other browser.
LastPass uses strong client-side cryptography - passwords leave the computer already encrypted, and only the user can decrypt them. And even if someone gets this data, then the encrypted data is basically useless.
What I like most is that all data is stored on a computer and a secure service, periodically synchronized, and can be accessed from any computer where LastPass is installed. In addition, it has a very convenient function for creating secure notes and other equally useful functions.

Almost everything. The program does everything by itself. He will offer to save the login - password, enter them into the fields when you next visit the page, or even enter it herself (if you want). At the same time, it generates passwords that you absolutely do not need to remember, and they will be different for each resource. This greatly increases the security of secure access.
If you want, your secrets can always be with you, wherever you work and whatever computer you use. To do this, you can use the local version (LastPass Pocket) for a flash drive (for this, it is advisable to first export your data from your LastPass account to a file on disk, so that you can later open it portable version anywhere without installing the main program). Everything works without any restrictions on the amount of stored data, time of use, for free and in Russian. Although there is a paid version, with slightly more advanced features, we are not talking about it.
The procedure for installing the program and registering a LastPass account is quite simple, you just need to agree with the default settings, and the installer will offer to disable password managers in installed browsers due to their unreliability. It is also very easy to create a master password (here you will be presented with options and shown the resistance of your master password to cracking). In addition, the developers recommend that you periodically change your Master Password to prevent unauthorized access to your LastPass account. The LastPass service itself does not have access to your confidential data, which they honestly warn about. That is, if you forget or lose your master password, you will only be sent a hint for password recovery (and not your passwords, logins, etc.), or you will have to use account recovery.
A big plus of LastPass, in my opinion, is that if you have an existing LastPass account (well, a learned master password, of course, to log into your account), you have absolutely nothing to be afraid of "falling" or reinstalling the system, you just need to install it again LastPass and log into your account, then the program will work for you. It goes without saying that all your passwords, websites, forums, protected notes, in general, everything that you saved will be restored on the new computer. The developers are on the alert, constantly updating LastPass, strengthening it (and your security) and improving the program, and in browsers, LastPass extensions are updated in the background without interfering with your work.
This is the description of the LastPass features turned out, far from complete, I hope you like the program. In the end, I note that after trying many password managers, paid and free, I have long opted for LastPass because of its simplicity and reliability. The program is updated quite often, both on the official website and services Google extensions, Firefox, Opera and Safari, there is a detailed online help and video on setting up and using the program.


Developer: Joe Siegrist
License: FreeWare
Language: Multi + Russian
The size: 59 MB
OS: Windows
Download:

Let's start from the very beginning. What are password managers for? We use many online services every day: mail, messengers, social networks, blogs, forums, payment systems, dating, entertainment, etc. Each system requires a separate account and password.

For simplicity, it is extremely unsafe to use the same password, since having hacked one of your accounts, the domino principle will work, and attackers will gain access to the rest of the accounts. Remembering many different passwords is basically unrealistic. There is a variant of generating passwords according to some principle known only to you, but it is also not always safe and convenient.

Password managers come to the rescue - programs that securely collect and store your passwords. Your task is reduced only to remembering one master password from the manager himself (the so-called master password). Very comfortably!

That is why lately all personal "anti-virus combines" (programs of the class Internet Security and above) are supplied with similar functionality. But such products are not suitable for everyone and not everyone can afford, so it is interesting to take a closer look at decent free managers passwords that turned out to exist.

LastPass is a completely free personalized password manager that is designed to create, store and manage passwords for various Internet sites. Work with other programs besides LastPass browsers does not know how, therefore, for the sake of clarity, we will call it the browser password manager.

So let's see what kind of beast it is. After installing the program from www.lastpass.com to Mozilla browsers Firefox and Microsoft Internet Explorer add special plugins and toolbars. I must say right away that the manufacturer's website indicates support for Google Chrome, but in reality it is not (at least on Windows 7 x64 and Google Chrome 5.0 it does not work).

An important feature of LastPass is that the program stores all your passwords "in the cloud", i.e. on the vendor's remote server in a special personalized Vault. At its core, LastPass is not even a program, but a service. This has its big pluses as well as big minuses.

The upside is that you can use LastPass stored passwords on any computer with Internet access. No need to think about backing up the database, exporting and importing to other computers, synchronization, etc. actions that negate all the convenience of using a password manager.

The disadvantages, of course, are the lack of control over the remote storage and the risk that the server or your main account (master password) will be hacked, and all passwords will go to the black market in bulk.

Important! When registering, set the strongest master password that you will be guaranteed to remember.

LastPass has a feature to export saved passwords from browsers, which allows you to export saved passwords from browsers after installation.

Now let's see the program in action with a few examples. When registering with a website, LastPass automatically detects password fields (based on the tag attribute ) and offers to generate and save in your database secure password for him. There is an option to select a password option, as well as fine generation settings (number of characters and their type).

If you enter your password manually on a site, LastPass automatically prompts you to save the password to its database. If necessary, you can refuse to save the password, which is important, for example, for Internet banking (it is better not to trust these passwords to anyone or anything).

As a result, your personal LastPass Vault will look something like this over time. There, if necessary, you can take notes on passwords, export or import passwords, etc.

When you enter a site that requires authorization, the password for which was previously saved, the password manager will offer to log in or will do it automatically (there is a special option). This opportunity, in addition to convenience, gives more. You do not type passwords from the keyboard and the risk of them being intercepted by malware is minimized.

LastPass settings are quite adequate. Can be customized appearance programs, alarm functions and some important safety functions (see pictures below).

An interesting feature of LastPass is its built-in password strength audit. When generating passwords, their strength is shown on a special scale (see above), but you can quickly check the strength of all passwords, including old ones.

The results of the password strength analysis are given in the form of% of ideal, in my case it turned out almost 69% - there is something to work on.

Here are some statistics on average password length, repeated passwords, weak passwords, etc. You can see the strength analysis for each password separately in a special table, but for obvious reasons I will not give it here :)

In conclusion, I can say that for me personally, the functionality of LastPass was sufficient. Testing for several months did not reveal any significant disadvantages(except for the lack of support for Google Chrome). Most of my password passwords are associated with web services, and the browser password manager optimizes work with them and saves time. The functions of automatic login to sites, generation of strong passwords, auto-filling of forms by templates, export / import of a database and analysis of the strength of all passwords in general are very useful.

Once again, I want to note that the passwords saved in LastPass are stored on a remote server. The pros and cons of this have been described by me above. If for some reason you do not trust "cloud services", then you should look for some other password manager.

Password managers are discussed on our forum.

You can see the product in action, though with comments in English. language.

Back in the summer of 2016, Google Project Zero specialist Tavis Ormandy is sincere: "Do people really use this LastPass thing?" Then Ormandy discovered a vulnerability in the code of the LastPass add-on for Firefox 0-day, which allowed him to remotely compromise all user passwords.

Now, almost a year later, the expert has decided to put the security of LastPass to the test again, and, unfortunately, the application cannot be said to have passed this test. Ormandy writes that he found an issue in the official LastPass extension for Chrome browser... According to the researcher, the content_scrip of the extension contains a vulnerability, an attack on which could lead to the compromise of all credentials stored in the application. Moreover, to implement an attack, an attacker only needs to lure the user to a malicious site.

The researcher explains that the script is only used to access a specific domain on lastpass.com, and if you take a closer look at how it works, it looks like this:

Here, as Ormandy notes, lies the mistake. The script proxies unauthenticated window messages to the extension, which can be dangerous, because anyone can do the following:

This will give the attacker full access and force LastPass to execute RPC commands, of which there can be hundreds, but the most dangerous, of course, is the ability to copy and populate passwords. In some cases, this can even lead to the execution of arbitrary code on the user's machine, through the operation of openattach. As an example, Ormandy demonstrates running a regular calculator (calc.exe).

The LasPass developers, apparently, have already fixed the problem in the Chrome extension by disabling 1min-ui-prod.service.lastpass.com. However, some users note that the server is still running for them, and the vulnerability is still relevant. LastPass for Chrome users should probably disable the extension for now and wait for the full fix, as version 4.1.42, dated March 14, 2017, was still vulnerable.

It's worth noting that Tavis Ormandy found another very similar bug in the LastPass Firefox addon last week. The vulnerability in the same way allows you to extract all user passwords if he visits a malicious site.

This problem has not been fixed yet. The LastPass developers have already prepared a patch, but the revised version 3.3.2 is still under review by Mozilla specialists. Also, the authors of LastPass emphasized that the 3.x branch is still considered obsolete, and users are encouraged to move to the safer 4.x branch.

But LastPass's problems don't even end there. Today, March 22, 2017, Tavis Ormandy warned that the LastPass addon for Firefox contains another bug that allows you to steal other people's passwords for any domain. Moreover, this time the more modern and secure version 4.1.35 is vulnerable. The expert promises to publish the details in the near future.