Bonnie wants to know why the user interface of LastPass had suddenly changed. Leo says its a good question, and programs do this all of the time to keep them up to date. Leo says a password vault is kind of a special thing, something that people need to trust. LastPass had been sold from an individual to LogMeIn about 6 months ago. One of the reasons he did it is because LogMeIn has more resources, and one of the things LogMeIn paid to do was update it to something more elegant. Bonnie can go back to the old style, however.
Mark was using the same password for every site he went to. Leo said that he used to do the same thing. The importance of password security has snuck up on us, and we should all really be using a password vault like LastPass or 1Password. The main important difference between LastPass and 1Password is that LastPass keeps your vault on their servers, whereas 1Password gives you control over where the vault is stored. Each are very securely encrypted.
Bob wants to write a document that has personal information on it and he wants to keep it offline and inaccessible to the internet. Is there any way to keep it stored to the hard drive and not be available? Leo says security is hard and thinking you can try and keep your information 100% safe is a fool's errand. Leo can think of several options to foil any defense, even not having it at all. The reality is, he'll most likely be protected through obscurity. He would also be much better off using a security tool like encryption.
For years, Leo has advocated using the password vault Last Pass to guard your passwords. But this week, Last Pass got bought by Log Me In, which Leo says doesn't have the best track record regarding software security. There are other options out there, so Leo isn't backing off the need for a good Password vault. But whether it will be Last Pass? Only time will tell. Meanwhile, Leo is using KeePass.
Word is that Log Me In bought Last Pass and Leo says that it casts some doubt on whether Last Pass will be able to remain the password vault he trusts. Only time will tell.
John is a Mac user and tried a Samsung Galaxy Note 5, but he had to go back to the iPhone. Leo says that being all in with Apple does make it far easier because it syncs across the board. And that's not by accident.
Carl wants to know how Secure Safe works for password protection. Leo says they use a key that only he has, and it backs that up with second factor authentication. So only he has access to his encrypted data. Not even SecureSafe can unencrypt it, and that's exactly what Carl will want. He can store 15 passwords for free. But Leo says they check all the right boxes, so it should be OK. Leo typically recommends LastPass, which has also been vetted by security expert Steve Gibson.
Paul has trouble remembering all of his passwords. Leo says that the best password is one that's long, random, and filled with letters, numbers and punctuation. But that makes it impossible to remember and a hassle to always type. This is why Leo relies on a password vault, or wallet, that has all the passwords in it. Then he'll only have to remember one master password. But he'll have to choose carefuly because the downside of a vault/wallet is that it has a single point of failure. So when he has one, he should make sure the master password is one that only he knows.
Vicky works out of her house in California, while her office is back East. Since they've added McAfee on her computer, her passwords aren't being saved in her browser. Leo's not a fan of McAfee, but since Vicky has no choice, she should check her settings to see if there's something triggered that's preventing it. Can she use post it notes? Leo says sure, because she works at home and that's not going to hurt. She can also keep a notebook.
This week, Leo's preferred password manager LastPass got hacked. Leo still recommends them though, because they can generate extremely long custom passwords, so all you have to remember is the one LastPass password. But that's where the achilles heal was.