Would you like to see what setting I used in LastPass to make it as secure as possible to protect the cryptocurrency wallets that I have on my computer and also my Steemit account because you might want to do the same?
I have been using LastPass for ages and never had an issue with it, creating strong passwords, saving all my usernames and passwords for all the different websites that I am visiting. I even use "Secure Notes" on it, which is very useful.
If you haven't tried LastPass yet, go to https://www.lastpass.com and install it on your machine, on Chrome, Firefox and Safari.
With cryptocurrency wallets on my machine and also Steem, I recently realized that I could make it even safer than how it was and revisited the preferences and security settings.
A More Secure Setting for LastPass!
This is the Homepage of LastPass that you can download and use for free. I haven't felt the need to go premium as the free version already does everything a regular user would need.
I am not going to show you how to use LastPass, but how to secure it better.
The first thing to do is to go to "Preferences."
Then, under the "General" tab, check the two "Security" options to automatically log out after a certain time. Without that set up, it's like you are continually logged in, which is convenient, but this can be a weak point if your computer is unattended for just a few minutes and someone access your passwords. Do this for each of your browsers.
Then, in the vault, you have more options and "Account Settings."
Under the "General" tab, go to "Master Password" and change it for something that is more challenging and that you can remember easily.
I admit that I have used a short password for quite a long time because it was fast to input, but very week.
It is changed now to something that may be taking 2 more seconds to enter, but much more secure.
Below this "Login Credentials" section, there is a "SMS Account Recovery" section that I did not have set up, and which I went through. This would be silly to be logged out of LastPass, not being able to log in and lose all the passwords stored there.
This links your phone to the account, which makes it a bit more secure.
Then, on the "Multifactor Options," they have a list of authenticators that you can use.
I use "Authy" for all my crypto needs and it works just like the "Google Authenticator."
Click on the pencil, to set your 2-Factor Authentication (2FA) for LastPass.
First, select "Yes" for "Enabled" and "Disallow" for "Permit Offline Access."
Click "View" to see the "Barcode."
It will ask for your strong password, click "Continue."
I masked the code, but this is what you have to scan with the "Authy" app on your smart phone.
Click "OK" when it's done and then "Update."
You will have to enter your first 6-digit code from "Authy" on your smart phone into here and click "OK."
You will get a confirmation message that the settings have been successfully updated.
Click "OK," then log out and re-log in.
This pop-up will show and you will have to run "Authy" for LastPass.
Enter the six digits number, check "Trust this computer for 30 days" and click "Authenticate."
This will show it's on the Chrome browser for this computer on the "Trusted Devices" tab.
When you try to access LastPass from another computer and/or browser, you will have to use "Authy" again and authenticate the same way.
It's what I did with another computer and browser.
Now, I don't have to use "Authy" each time I want to log in, I am good for 30 days, and this is a good security measure to prevent unauthorized access to your LastPass account.
If someone gets your LastPass master password and tries to log in from another computer and browser, they will need to authenticate, and without your phone in hand that will be really difficult, nearly impossible to log in.
I hope this is useful for you if you have been using LastPass, or just want to try it, and that all your websites and cryptocurrency wallets will be much more secure now.
Would you upvote this post and follow me for more because this will encourage me to write more posts about online security like this one?
I have categorized my posts on Steemit for easy access:
Steemit tools | Steemit strategies | Steem economics | Steem on WordPress | Blogging on Steemit | Steemit posts I curated | Cryptocurrency | Cryptocurrency trading | Mac computer tutorials | WordPress & online marketing | Self-development & motivation | Travel in Thailand | Travel in Japan | Travel in France | Life in Thailand | Fitness challenge | Fruit-veggie juices & smoothies | Education | My answers on Quora | Fundition tutorials & projects | Miscellaneous writing
You may prefer to go to my Steemit Posts Directory.
The most important votes you can make on Steem are for Witnesses. The top 20 witnesses can influence the addition or removal of features in future Steem hard forks. Read my post: What is a Steem Witness, How to Vote and Why?
Michel Gerard
My only input for extra security is to make sure and "UN-Check" the setting in Authy to allow multiple devices to authenticate.
If that setting is turned on, then the app is definitely not as strong as Google Authenticator.
Thank you @musictherapy for pointing this out because this is very important indeed.
I have been contemplating changing from LastPass to a different method. Simply because of the fact that LastPass is a cloud service and my faith in them dwindles a little every day.
I was thinking of a hardware solution: https://www.themooltipass.com/
But I haven't had a chance to do all my research yet, want to see if it is really worth the hassle.
I may just be unessecarily paranoid 😊
I have the mooltipass. It is definitely much more secure than online password managers and you can backup your information as well. However, there are some limitations a) You need to carry around the device b) The backup process is not automated. You need to manually initiate it. c) 31 character limit on passwords d) Only passwords can be stored no security questions /notes etc..
Thank you for your comment @anarcist69. I have a friend whose computer was hacked. They emptied all his crypto wallets, made several brute force attempt to crack the LastPass password and were not able to do so.
What you are showing me is interesting, but there is still the risk to lose the device, and your passwords, and somebody hacking in it. I believe it's easier to crack a device than a very secure server.
I beg to differ. Any good device should have a good encryption method for storing its data for me to even consider using it.
This particular device says that it uses a PIN number to access the additional AES-256bits key that will decrypt the data.
If someone was to steal the device AND the card they only have three attempts to guess the PIN before the card is disabled. Once that happens, unless they have some super computer there is no way they could crack the encryption code.
My experiences with servers show that even a slight slip up in security can compromise significantly. At least a physical device isn't exposed to the millions of devices that are connected to the internet.
Just my opinion and I thank you for yours :-)
I agree with your point, but all passwords are still lost when losing the device unless you can do a backup and store it in a very safe place?
In LastPass, my financial sites are in "Secure Notes" and I also remove 4 secret characters in the password, so if it's cracked, it's still not a complete password.
You can backup the Mooltipass.
With lastpass , if your client computer is compromised(with a keylogger and database stealer) ALL your passwords are compromised. With Mooltipass or Trezor PM, only the paswords that you type in the machine are compromised. (As passwords are individually encrypted).
Thank you very much for your feedback. That's why the computer has to be checked and clean of spyware and keylogger or LastPass is vulnarable. I will check out the solution you suggest.
I love this pick by my curator. I love this job when I find posts like this that I really want to read but might not have seen otherwise. I use lastpass and will read through this information later when I get a chance b/c I am extremely interested.
Your post had been curated by the @buildawhale team and mentioned here:
https://steemit.com/curation/@buildawhale/buildawhale-curation-digest-07-03-18
Keep up the good work and original content, everyone appreciates it!
Thank you very much @nicnas for your kind comment. I am glad you like it and that it was curated.
I haven't use third-party software for browser security, I feel like 2FA is enough for websites I use already. I might give this a try though, since you introduced it. Thanks for the post!
Thank you very much @zhuwa for your comment, I am glad this is useful for you.
@gmichelbkk.... Thanks hame es kes ke ware me janna tha sie...
Thank you for commenting.
@gmichelbkk It looks much secure as it has Google Auhtenticator and some other options also, i will definitely try this. Thank U :)
@sarfaraz6699, I am glad this is useful for you.
Security is key nowadays. Thanks for sharing.
Posted using Partiko Android
I am glad that this is useful for you, thank you @mrgeeksunited for commenting.
I have also started writing tutorial series...please have a look and provide your feedback.
https://steemit.com/business/@mrgeeksunited/affiliate-marketing-course-1-different-internet-marketing-business-models
Posted using Partiko Android
I read it and upvoted. Good post. Only on think, put a link to the source of each image: >> Source pixabay.com (and link to the image)
@gmichelbkk
Security is very important aspect of today's life.. most of us use Google authentication for extra security. LastPass also looks promising. Worth a try. Thanks for the information..
I am glad you like it @anishag. Thank you for commenting.
This post has received a 4.36 % upvote from @booster thanks to: @gmichelbkk.