I have been looking for a password manager that I can use that is very secure and easy to use. I tried KeePass but every time I use it, I need to go to the UI and get the password then go to the browser and paste it in. Hassle isn't it?

Well, for some time I am using the lastpass extension from lastpass.com and for quite some time, I am loving it. The first thing I wanted to know is how secure is it? How safe my passwords to them? Well, I did some checking and a bit of research, as well as reading some user reviews and some forum discussions. Then I came to a decision to go and try it.

Here are some of the major things I found and love which I look for on a password manager:

Cross-platform

Lastpass is cross-platform. Meaning you can use it on different browsers. Whether you are using IE, Firefox, Opera, Chrome, Safari, etc, they have it for you. Heck, they even have some mobile apps for the iPhone and blackberry.

Ease of Use

Lastpass is very easy to use. You just need to fill out the necessary username/password of your account and it automatically fill in or login to the page. They even have some sort of auto fill in for forms like what Roboform does.

They also have a portable app called Lastpass pocket, where just like keepass, you can download your encrypted password database and view your passwords even though you don't have any internet.

You can also import from a wide variety of password manager which some of them are firefox password manager, keepass, one password, and many more.

Moreover, they also have password generator, too. Cool!

Security

This is the feature I am very sensitive of. Well, you're talking about your passwords. Your key to all your gates through your online life. So this is very crucial.

I spent many times reading some topics in forums regarding lastpass and from what I found is that it looks like lastpass doesn't keep your passwords or any information about your sensitive data. What they do is that when you enter your desired master password they will hash it along with your username with an AES-256 encryption and they do it locally. They don't do it in their end. So, what they only get is gibberish random characters so even lastpass developers don't know what is your username and password is. Now that, I think, is secure.

So, that's it. My quick review about lastpass. And from some time that I am using it, it looks like I will be staying with this one (sorry keepass).

How about you? What's your password manager? Why don't you try this one? This, I recommend.

Update:

The great security guru - Steve Gibson - from grc.com, did a full review on lastpass. And from his review, it seems he trusts lastpass. Now knowing how Steve is with security, I guess I am really staying with lastpass and if I have some money I'll get the $1/month premium 'coz I think is very reasonable.

Here's the transcript from Steve's website about his review.