net-security.org: A closer look at LastPass
I've been using LastPass for a bit now and have been pretty pleased with both the security model and the capabilities of the tools they provide. I have to agree, though, that its not for the technically challenged because there's little help to understand the user interface or the whole package. LastPass can be confused by a site, for example, asking you to save things under similar names of other sites you've already saved, but lets talk about the software and then we'll get into the issues.
First thing to understand is that LastPass is designed as a major enhancement to the functionality of what web browsers already have built into them, password saving functionality for web sites you visit as well as storing other information you'd use on the web in a secure manner. There are several nice things about how LastPass does it, however.
- available on tons of mobile devices, web browsers and operating systems including IE, Firefox, Chrome and mobile devices (mobile devices are part of Premium services, $12/yr at this time)
- your web site / password database is synced across all platforms
- all passwords are encrypted on the local system, so no passwords are stored at LastPass.com, just the encrypted bits
- stores shopping "profiles", as I'll call them, including your shipping and credit card information, if you choose to keep it there
All that being said, however, LastPass is not a direct replacement for something like eWallet, KeePass or Password Safe, which are all designed to manage lots of tidbits of information. I have used all three of those products before LastPass and found eWallet most to my liking because it would allow me to easily store and categorize things like SSNs, VINs from my vehicles, frequent flier numbers, gym locker combinations, etc, into one application and storage place. LastPass is geared almost exclusively to web sites and only has one option to store "Secure Notes" for absolutely anything else.
Testing LastPass on 2 mobile devices, Windows Mobile 6.5 and Android 2.1, the mobile UI needs some help too, although all my information was there, so I guess I can't complain too much. The automatic web-fill options are not available on mobile platforms because they don't have the browser hooks for add-ons that are available on full-fledged PC platforms.
In the end, I have mostly migrated my eWallet information to LastPass. I had several, several things that didn't import correctly, but upon emailing technical support, they had a developer contact me directly and we worked over several email dialogs to resolve issues with the import of the eWallet export file. eWallet is a lot more polished, but doesn't offer a toolbar to generate and capture passwords/logins. I hope LastPass improves through interest/development. There's a lot of promise here.