Wednesday, July 09, 2014

LastPass vs. iCloud: Compare, Contrast and Review.

      LastPass is a freemium password management service which seeks to resolve the password fatigue problem by centralising user password management in the cloud. LastPass is standard with a web interface but also includes
plugins and apps for many modern web browsers and includes support for bookmarklets. LastPass could also refer to the trade name under which the developer of the LastPass service, Virginia-based technology company Marvasol, Inc., does business.

Start Browsing & Saving:

With LastPass installed, start browsing to your sites and services. LastPass will prompt you to save your logins, generate new passwords, save Profiles for online shopping, and more. LastPass does the work for you, so logging in and checking out requires no thought.
 
                      In order to help improve password security, Apple just recently introduced iCloud Keychain in OS X Mavericks and iOS 7. The service is designed is to sync passwords, credit card information, wifi passwords, and account login information across devices.
Though it appears to do those tasks relatively well, it is Apple’s first foray into this field, and there are several well-established contenders already. Today, we’ll compare and contrast iCloud Keychain to LastPass.

icloud:  iCloud is a cloud storage and cloud computing service from Apple Inc. launched on October 12, 2011. As of July 2013, the service has 320 million users. The service allows users to store data such as music and iOS applications on remote computer servers for download to multiple devices such as iOS-based devices running iOS 5 or later, and personal computers running OS X 10.7.2 "Lion" or later, or Microsoft Windows (Windows Vista service pack 2 or later). It also replaces Apple's MobileMe service, acting as a data syncing center for email, contacts, calendars, bookmarks, notes, reminders (to-do lists), iWork documents, photos and other data. The service also allows users to wirelessly back up their iOS devices to iCloud instead of manually doing so using iTunes.One of Apple's iCloud data centers is located in Maiden, North Carolina, US.

Supported Platforms:

                                      iCloud Keychain is built into the operating system and works only on Mac OS X Mavericks and iOS 7. If you have an older device that won’t run these operating systems, you won’t be able to use iCloud Keychain. In addition, it only works with the Safari browser on your Mac and iDevices.
LastPass is available as a browser plugin for Mac, Windows, and Linux, running Google Chrome, Firefox 2+, Safari 3+, or Internet Explorer 6. In addition, there are mobile clients for iPad, iPhone, Windows Phone, Android, and Blackberry devices. The mobile clients not only list the synced data, but also include a browser that automatically fills form fields with saved credentials.

Browsers:

                One of the major downsides of iCloud Keychain is that it only works with Safari. Perhaps in the future, Apple will broaden support on the Mac, but it’s not likely.
LastPass has made it a point to work nearly everywhere. In addition to the mobile applications available for iOS, Windows Phone, Android, and Blackberry, a bookmarklet feature is available for other mobile browsers such as Chrome, Firefox, and Opera. Even Safari on iOS can use the LastPass bookmarklet.

Password Generators:

            Both iCloud Keychain and LastPass offer the ability to generate secure passwords. iCloud’s generated passwords are four groups of three characters separated by dashes.
iCloud-generated password
LastPass allows you to specify the length and complexity of passwords, allowing an infinite number of possibilities, especially for websites that have strict rules about how long passwords must be.
LastPass-generated password

Data Synced:

                    According to Apple’s website, iCloud Keychain syncs website usernames/passwords, web form fill information including credit card information, and WiFi network passwords.

LastPass can store website usernames/passwords, web form autofill information (including credit card information), and a number of types of “Secure Notes,” including the following:
  1. Bank account
  2. Credit card
  3. Database
  4. Driver’s license
  5. Email account
  6. Health insurance
  7. Instant messenger
  8. Insurance
  9. Membership
  10. Passport
  11. Server
  12. Social Security
  13. Software license
  14. SSH key
  15. WiFi password
  16. Generic secure note
As you can see, LastPass is much more flexible in what it allows.

Data Accessibility:

                                   One of the more restricting qualities of iCloud Keychain is that you are unable to access the synced data itself on your iDevice. Though you can use the passwords, form fill data, etc. in Safari and the synced WiFi passwords will work for joining networks, no secure notes or other information is available in any way.
The LastPass app allows you to access any of your saved items from your mobile device; you can even add, modify, or delete items in the mobile app. This makes it especially useful for saving sensitive data like bank account numbers, rather than using Evernote or another insecure note-syncing app.

Encryption:

                         Apple says that the iCloud Kecyhain is encrypted with “robust 256-bit AES encryption.” Unless you explicitly set up an advanced password, your devices require only a 4-digit passcode to set up iCloud Keychain and begin using it.
LastPass’ encryption is completely up to the strength of your password. If you use a weak password, it would be easy for an attacker to brute-force (attempt guesses many times in succession) your password. If you use a long complex password, it will be very hard for someone to access your account. Your data is always encrypted on your computer or mobile device and the only thing synced between devices is a random-looking chunk of text that means nothing without your master password.

Sharing:

                 One of the big benefits of LastPass is that it allows sharing passwords between people. You can share individual items with another LastPass user and even give them “use-only access”—they can use the password but not see it. LastPass 3.0, released in early November, added a new feature called “Home Sharing” where you can create a folder shared with another LastPass user and automatically share everything in that folder with them.
Unfortunately, iCloud Keychain does not have any sharing options at this time.

Open-Source vs. Closed-Source:

                               iCloud Keychain is closed-source code, built into OS X and iOS. There’s no way to verify what it’s actually doing—we just have to take Apple’s word on the type of encryption and how the data is stored and synced.
LastPass is partially open-source (browser plugins, website, etc.) and partially closed-source (syncing back-end, etc.) to prevent knock-offs by competitors. It is based on well-known open-source cryptography, however, which allows the cryptograhy community to verify that it works as described.

Bonus:

               LastPass also offers a number of other password-related features, including “Security Check,” a service that checks how many identical passwords you have and alerts you to how good they are, and “Identities,” allowing you to have different sets of passwords in your account for work, school, home, etc. In addition to all the password features, the company also offers free credit monitoring for credit cards you have stored in their service.

Last Tips:

                        In this tutorial, I’ve covered a number of comparisons between iCloud Keychain and LastPass. Though this comparison may seem like it’s bashing iCloud Keychain in favor of LastPass, that’s not the case.
Introducing this feature so well-integrated into the operating system is potentially a very good thing for end users, especially technically-challenged people who would otherwise use the same password everywhere. Hopefully this will encourage those types of users to develop a better password strategy.
For the power user, LastPass offers a number of compelling features, including sharing encrypted items and the ability to store/access a number of data types on any device.
Both iCloud Keychain and LastPass offer unique strengths and can in fact be used to complement each other. For instance, iCloud could handle all the WiFi password syncing, while you might use the LastPass app for browsing (or copy passwords from the app to paste into your favorite browser) and accessing other data types on the go.
How do you plan to manage your passwords across your devices?
                                 The End.....