Deprecated: LastPass for Beginners
Note (2/27/2021): I no longer suggest LastPass due to problematic changes in the company’s ownership. Consider 1Password, Bitwarden, or KeePassXC instead.
Passwords are often the only thing standing between a hacker and your online accounts. This guide will introduce you to using LastPass to create strong, unique passwords. As a bonus, we’ll show how password managers can also help you save time when filling out login screens and online forms. It’s an easy way to make browsing the web easier, faster, and more secure.
Why it’s a good idea to use unique passwords
I don’t think I need to convince anyone that passwords are annoying. It’s hard to remember them, so everyone uses the same password for all of their accounts. You know this, I know this. But hackers also know this.
If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. And it seems like every week, we hear about a massive new password breach. (Think about how we recently learned that all of Yahoo’s 3 billion accounts were breached in 2013.)
Imagine if an attacker used your single, easy-to-remember password to access your health care records, your home address, credit card numbers, or your social security number. To minimize the damage from a breach, you should use unique passwords on each account. But it can be a challenge to remember each password.
Enter password managers
Password managers make it easy to remember a single password, and still have long, unique passwords on all of your accounts. How is this possible? You use just one password to unlock your secure password “vault.” From your vault, you can quickly fill out login forms on all of your devices.
A few password managers are usually recommended by security specialists, including LastPass, KeePassXC, and 1Password. 1Password is a powerful and easy-to-use password manager which offers similar features to LastPass, but is relatively expensive and lacks native Linux support. If you want to use 1Password, take a look at my article on 1Password for beginners. For a good free and open source alternative, look at my article on KeePassXC for beginners. In this article, we’ll walk through getting started with LastPass.
LastPass allows you to generate and automatically fill out strong and unique passwords. It’s easy to use, and it’s free.
LastPass is accessed through your browser, and works with Google Chrome, Safari, Firefox, and Opera. You can download the extension for your preferred browser here.
LastPass also has dedicated applications on Android and iPhone. You can download the LastPass app for your device here. You can also search for the app in the App Store, or the Android Play store.
Create and log into your LastPass account
When you download the extension, you will see a new icon in your browser, usually next to your search bar. Click here to sign up for a LastPass account.
After entering the email address you would like to use for your LastPass account, you will also create your master password, which unlocks your password vault. This is the only password you need to remember, and it needs to be a *really* good one so no one can guess it. LastPass can’t recover your password for you, so it’s important to remember it.
Consider using a long password with upper and lower cased letters, numbers, and symbols. Alternatively, use a passphrase — a phrase that only you will remember. Unusual passphrases can help to make them more memorable. NSA whistleblower Edward Snowden offers the example, “Margaret Thatcher is 110% sexy.” It’s long, has upper- and lower-cased letters, numbers, symbols, and spaces. And it’s hard to forget.
Sign in with your new credentials on your browser, and any other devices you want to add. Use the same email and password to log into LastPass for your mobile device. Your passwords will be added to your vault on all devices.
If you want to add LastPass to a new device, attempt to log in from that device, and LastPass will send you an email to confirm that you want to add the device. Email confirmations also serve as a security measure, in case someone tries to remotely log into your account without your permission.
Adding accounts to LastPass
Now that you’re logged into LastPass, you can add accounts to your password vault. LastPass will automatically show up in the login fields for websites, allowing you to click the LastPass icon to generate unique passwords. You can also save your existing passwords from the same menu by clicking “Save credentials from this site.”
The easiest way to add your login credentials to LastPass is to simply browse the web, and save them along the way. LastPass will ask “Should LastPass remember this password?” at the top of the screen. Just click “Save Site.”
Filling out logins with LastPass
Once you’ve added a new password to your vault, you can quickly fill out your password by clicking the icon in the login form.
Saving and changing passwords
When signing into accounts, LastPass will invite you to save passwords to your vault automatically. But the real benefit of LastPass isn’t saving your existing passwords — it’s about generating long, randomized passwords that you don’t need to remember. Consider changing the passwords on the websites you visit most often, and updating them in LastPass. The application will offer to update your login information whenever it changes. Generate new, random passwords and update them in your vault.
When you create a new account online, LastPass will also offer to add the credentials to your vault. Be sure to use the application to randomize your passwords when making a new account.
The main downside of LastPass
Once you’ve set up LastPass, it can be very annoying to log in without it (e.g., if you want to log in on your friend’s computer). If you know you’re going to frequently use a password on a device that does not have your LastPass information, you may want to commit the password to memory rather than randomizing it.
Save and fill information beyond passwords
Just like with passwords, you can save and fill other types of information in your browser, such as credit cards. First, log into your LastPass vault. You can manually add logins to your vault by clicking the “Plus” symbol at the bottom left of your vault. To find other types of data you can easily fill with LastPass, click on the credit card icon on the left side of the screen. From there, you can also add whatever field you like — credit card addresses, contact information, bank accounts, and custom fields.
Add multi-factor authentication to LastPass
Multi-factor authentication helps make your LastPass account more secure by requiring a second login step after entering your master password. This second “factor” is a disposable password that usually takes the form of a short code that can be sent to you through a mobile authentication app, such as Google Authenticator. To enable multi-factor authentication, click on your username in the top right corner, and navigate to “Account Settings” > “Multifactor Options”. From here, click the pencil icon to the right to enable the authenticator of your choice, and follow the instructions.
Now you know everything you need to get started with LastPass. I hope this has been helpful! If you have thoughts or questions, feel free to reach out here, or on Twitter at @mshelton.
Updated March 17, 2018: Copy edits, KeePassXC-related changes, as well as changes to reflect that LastPass no longer charges to sync across one computer and mobile devices.