LastPass is a freemium password management service which seeks to resolve the password fatigue problem by centralising user password management in the cloud. LastPass is standard with a web interface but also includes
plugins and apps for many modern web browsers and includes support for bookmarklets. LastPass could also refer to the trade name under which the developer of the LastPass service, Virginia-based technology company Marvasol, Inc., does business.Start Browsing & Saving:
With LastPass installed, start browsing to your sites and services.
LastPass will prompt you to save your logins, generate new passwords,
save Profiles for online shopping, and more. LastPass does the work for
you, so logging in and checking out requires no thought.
In order to help improve password security, Apple just recently
introduced iCloud Keychain in OS X Mavericks and iOS 7. The service is
designed is to sync passwords, credit card information, wifi passwords,
and account login information across devices.
Though it appears to do those tasks relatively well, it is Apple’s
first foray into this field, and there are several well-established
contenders already. Today, we’ll compare and contrast iCloud Keychain to
LastPass.
icloud: iCloud is a cloud storage and cloud computing service from Apple Inc. launched on October 12, 2011. As of July 2013, the service has 320 million users. The service allows users to store data such as music and iOS applications on remote computer servers for download to multiple devices such as iOS-based devices running iOS 5 or later, and personal computers running OS X 10.7.2 "Lion" or later, or Microsoft Windows (Windows Vista service pack 2 or later). It also replaces Apple's MobileMe service,
acting as a data syncing center for email, contacts, calendars,
bookmarks, notes, reminders (to-do lists), iWork documents, photos and
other data. The service also allows users to wirelessly back up their
iOS devices to iCloud instead of manually doing so using iTunes.One of Apple's iCloud data centers is located in Maiden, North Carolina, US.
Supported Platforms:
iCloud Keychain is built into the operating system and works only on Mac OS X Mavericks and iOS 7.
If you have an older device that won’t run these operating systems, you
won’t be able to use iCloud Keychain. In addition, it only works with
the Safari browser on your Mac and iDevices.
LastPass is available as a browser plugin for Mac, Windows, and Linux, running Google Chrome, Firefox 2+, Safari 3+, or Internet Explorer 6. In addition, there are mobile clients for iPad, iPhone, Windows Phone, Android, and Blackberry devices.
The mobile clients not only list the synced data, but also include a
browser that automatically fills form fields with saved credentials.
Browsers:
One of the major downsides of iCloud Keychain is that it only works
with Safari. Perhaps in the future, Apple will broaden support on the
Mac, but it’s not likely.
LastPass has made it a point to work nearly everywhere. In addition
to the mobile applications available for iOS, Windows Phone, Android,
and Blackberry, a bookmarklet feature is available for other mobile
browsers such as Chrome, Firefox, and Opera. Even Safari on iOS can use
the LastPass bookmarklet.
Password Generators:
Both iCloud Keychain and LastPass offer the ability to generate
secure passwords. iCloud’s generated passwords are four groups of three
characters separated by dashes.
LastPass allows you to specify the length and complexity of
passwords, allowing an infinite number of possibilities, especially for
websites that have strict rules about how long passwords must be.
Data Synced:
According to Apple’s website, iCloud Keychain syncs website usernames/passwords, web form fill information including credit card information, and WiFi network passwords.
LastPass can store website usernames/passwords, web form autofill
information (including credit card information), and a number of types
of “Secure Notes,” including the following:
- Bank account
- Credit card
- Database
- Driver’s license
- Email account
- Health insurance
- Instant messenger
- Insurance
- Membership
- Passport
- Server
- Social Security
- Software license
- SSH key
- WiFi password
- Generic secure note
As you can see, LastPass is much more flexible in what it allows.
Data Accessibility:
One of the more restricting qualities of iCloud Keychain is that you
are unable to access the synced data itself on your iDevice. Though you
can use the passwords, form fill data, etc. in Safari and the synced
WiFi passwords will work for joining networks, no secure notes or other
information is available in any way.
The LastPass app allows you to access any of your saved items from
your mobile device; you can even add, modify, or delete items in the
mobile app. This makes it especially useful for saving sensitive data
like bank account numbers, rather than using Evernote or another
insecure note-syncing app.
Encryption:
Apple says that the iCloud Kecyhain is encrypted with “robust 256-bit
AES encryption.” Unless you explicitly set up an advanced password,
your devices require only a 4-digit passcode to set up iCloud Keychain
and begin using it.
LastPass’ encryption is completely up to the strength of your
password. If you use a weak password, it would be easy for an attacker
to brute-force (attempt guesses many times in succession) your password.
If you use a long complex password, it will be very hard for someone to
access your account. Your data is always encrypted on your computer or
mobile device and the only thing synced between devices is a
random-looking chunk of text that means nothing without your master
password.
Sharing:
One of the big benefits of LastPass is that it allows sharing
passwords between people. You can share individual items with another
LastPass user and even give them “use-only access”—they can use the
password but not see it. LastPass 3.0, released in early November, added
a new feature called “Home Sharing” where you can create a folder
shared with another LastPass user and automatically share everything in
that folder with them.
Unfortunately, iCloud Keychain does not have any sharing options at this time.
Open-Source vs. Closed-Source:
iCloud Keychain is closed-source code, built into OS X and iOS.
There’s no way to verify what it’s actually doing—we just have to take
Apple’s word on the type of encryption and how the data is stored and
synced.
LastPass is partially open-source (browser plugins, website, etc.)
and partially closed-source (syncing back-end, etc.) to prevent
knock-offs by competitors. It is based on well-known open-source
cryptography, however, which allows the cryptograhy community to verify
that it works as described.
Bonus:
LastPass also offers a number of other password-related features,
including “Security Check,” a service that checks how many identical
passwords you have and alerts you to how good they are, and
“Identities,” allowing you to have different sets of passwords in your
account for work, school, home, etc. In addition to all the password
features, the company also offers free credit monitoring for credit
cards you have stored in their service.
Last Tips:
In this tutorial, I’ve covered a number of comparisons between iCloud
Keychain and LastPass. Though this comparison may seem like it’s
bashing iCloud Keychain in favor of LastPass, that’s not the case.
Introducing this feature so well-integrated into the operating system
is potentially a very good thing for end users, especially
technically-challenged people who would otherwise use the same password
everywhere. Hopefully this will encourage those types of users to
develop a better password strategy.
For the power user, LastPass offers a number of compelling features,
including sharing encrypted items and the ability to store/access a
number of data types on any device.
Both iCloud Keychain and LastPass offer unique strengths and can in
fact be used to complement each other. For instance, iCloud could handle
all the WiFi password syncing, while you might use the LastPass app for
browsing (or copy passwords from the app to paste into your favorite
browser) and accessing other data types on the go.
How do you plan to manage your passwords across your devices?
The End.....