This post was inspired by the following blog post on Digitwirl: The password manager that hackers hate
LastPass is a great product, and a very useful tool. But now that it’s been available for a while, and probably really starting to cross over that line into mainstream consumer usage, I think there are a few “tweaks” needed.
- Your master password is a “single point of failure”. If someone gets it, you are done. LastPass offers two-factor authentication, but I think that, particularly for ordinary consumers, the importance of two-factor authentication really needs to be drilled home, again and again. While they offer a few forms of two-factor authentication, my preference is to use the YubiKey option.
- LastPass is great at storing and retrieving your passwords, but the tool could start to move into a higher-level password management role – perhaps by allowing you to setup groupings of passwords, where you could set expiration dates and be notified on your most critical passwords to change them at certain intervals.
- Similarly for the fantastic Security Challenge tool, which does an audit of the overall security of your passwords – I’d love to see an option to get nagged periodically to run it, so I would remember to run it more frequently.
- Finally, sharing passwords is a great feature, but it would be nice to be able to manage the sharing with a dashboard of some sort which might allow you to share large groups of passwords very quickly, and easily audit which passwords were currently shared.