Trusting LastPass or a similar service/software with all your passwords is definitely a valid concern and I get why some people don’t wish to use it.
There is no such thing as a 100% secure system. It comes down to finding a solution that fits your needs and has the least amount of security holes.
I’ve done my research and the most suitable option for me is LastPass.
- I have probably 20+ accounts on various platforms that I use almost daily.
- I also have a decent amount of clients who trust me to keep their website secure.
- There’s no way I could remember all the passwords especially if a password is a random string of numbers, letters and special chars. I don’t use names, places etc. because it’s simply not secure.
- I have tried various techniques in the past such as formulas, but I didn’t find those very secure nor convenient.
So I needed a solution that is able to protect all my tools, clients and something that would be convenient to use. After trying several solutions (online & offline) I found LastPass.
- It’s secure (AES-256, SHA-256 and salted hashes)
- Decrypting is only at the device level so no interceptions and even LastPass doesn’t have the passwords in text format. They can’t sell my passwords.
- It has 2FA which means you need to have access to my phone to get in.
- It’s available through my browser and it has plenty of shortcuts.
- It’s super cheap
I think every web developer should use something like this to keep their clients secure
It doesn’t have to be LastPass, it can be any other service.