Monday, May 4, 2009

A Great Password Solution at Last!

I've been searching long and hard since 1997 for a good way to manage hundreds of online accounts and passwords securely. Everyone who has been on the internet for any length of time has the same problem. It is impossible to remember all your account names, IDs, and passwords let alone use different strong passwords for each account (so that if one is compromised the rest are not). Yet if you write them down, that introduces other security risks. Having your browser remember them is also very insecure.

Roboform and many other password safe solutions were inadequate (not cross platform or too hard to use). Bank of America's My Portfolio and Yodlee provide interesting solutions but have flaws depending on your perspective.

By far the best cross platform solution and the one I now use is LastPass (http://LastPass.com).

In a nutshell, it locks all of your account information into an AES-256 bit safe that only you can open. That safe moves wherever you want it to go. LastPass makes it simple to log onto hundreds of accounts all with different strong passwords while also providing safe storage for arbitrary bits of sensitive textual information. It does what Roboform does, but better.

The only thing it currently lacks is a trusted auditor (like KPMG or Ernst & Young) to verify that LastPass's documented security protocols are really what it does. Based on my review of LastPass, it is the real deal. I highly recommend it. And it's free!!!!!!

Kudo's to my friend Andy Sohn for introducing me to LastPass.

[Added 5/5/2009: See also some older reviews at Downloadsquad and LifeHacker. These additional reviews compare LastPass to KeePass, an older open source alternative.]