LastPass – Secure Password Storage And Syncing

If you’re using a modern browser you very likely have some kind of sync option so that when you log in you’ll have all of your passwords, no matter what computer you access. This is great but the security issues that go along with syncing your passwords, the keys that unlock every important piece of data, should be apparent. Thankfully Chrome and Firefox handle password syncing very securely but if you’re looking for an alternative method  and the highest level of security possible you might want to check out LastPass.

What Is LastPass?

LastPass is a browser extension that will handle all password autofill, autogeneration, and synchronization for the browser. It encrypts the data locally, then transmits it through asymmetric encryption, and then encrypts it again server side. Your master password is never transmitted and it handles it in a cryptographically secure way (PBKF2 stretching with SHA256 and 500+ rounds along with AES.)

See this post on how to create a strong password before reading further.

How Do I Set LastPass Up?

Installation is easy.

That page will show you the extension you can download.

Once it installs you should be greeted by a page that asks for an email (provide one you actually check) and a master password. See this post on password generation.

It will also ask for a password reminder. I highly suggest you don’t bother with this. Enter in gibberish if you’d like. It’s much more important to actually create a memorable password than give a reminder that will provide valuable information to an attacker. If you feel it’s necessary make it as vague as possible.

After that’s done it’s a matter of:

1) Entering in usernames/ passwords (you can automate this on Windows with the binary extension.)

2) Deleting the passwords from your browser and disabling password sync.

Once you’ve done this I suggest you go to your LastPass ‘Vault’ where you can change a few settings.


You’ll see “Increase Iterations” and I suggest you change it to 1000. Any higher and some mobile devices/ very old systems won’t handle it. I’ve found I can go as high as 25000 before my single core CR48 slows down when I enter the MP. If you don’t use a mobile phone or anything weaker than a 1.6ghz ATOM you might want to try higher than 1,000 rounds.

What increasing the iterations does is slow down bruteforcing. It’s one of the best features of LastPass as you can even increase to as high as 100,000 rounds.

I don’t really mess with the other settings, they’re fine by default. Feel free to check them out though and tweak to your liking. If you think I’ve left out a key feature just leave a comment and I’ll edit it in.

And that’s all there is to it. LastPass will now save, autofill, and synch your passwords. It’ll even make suggestions for new passwords.

Tags: , , , , , , ,

About insanitybit

Novice programmer interested in computer security. I'll use this blog when I'm bored to post about things I find interesting in that field.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: