Secure password managers are very important in modern times because they can help protect you from many different online security threats. Password managers can generate strong and unique passwords for each of your accounts, which reduces the risk of having your accounts hacked due to weak or reused passwords. Additionally, password managers can store your passwords securely, so you don’t have to worry about remembering all of them.
LastPass is a popular password manager that offers a lot of great features, including strong encryption, multi-factor authentication, and the ability to generate and store complex passwords. However, there are several other alternatives to LastPass that you may want to consider:
- Dashlane: This is another popular password manager that offers strong encryption and a variety of additional features, such as dark web monitoring and a VPN service.
- 1Password: This is a well-regarded password manager that offers strong encryption, two-factor authentication, and the ability to securely store sensitive documents.
- KeePass: This is a free, open-source password manager that offers strong encryption and the ability to store your passwords offline.
- Bitwarden: This is a free and open-source password manager that offers strong encryption, two-factor authentication, and the ability to store passwords and other sensitive data securely.
Ultimately, the choice of which password manager to use depends on your individual needs and preferences. However, no matter which one you choose, using a secure password manager is a smart way to protect your online security.
Storing the Passwords in a More Secure Manner
The password managers already use sophisticated encryption solutions, however if you’re not using a local password manager, and not hosting one on your infrastructure, your data might be less secure because it’s hosted on the password manager’s infrastructure, for example LastPass.
While collaborating with someone, or just using a password manager to share the access data with your teammates/employees, this might be a big concern, because external services are more likely to be hacked or exploited, leading to data leakage and potential risks of your access data being in the wrong hands.
To store your data more securely in LastPass, you can use PGP to additionally encrypt your information.
The most common OpenPGP implementation is GPG (The GNU Privacy Guard).
You can store the PGP-encrypted data in the LastPass notes, for example.
Here is a simple guide to use GPG with LastPass:
Firstly, you need to install GPG and generate your PGP key.
You can install the GPG program on any operating system using the binary releases from the GPG Downloads page.
Otherwise, you can use your Operating System’s package manager to install the package (winget on Windows, Homebrew on MacOS, apt on Debian, etc.)
To generate your key, you will need to issue the following command in the terminal:
$ gpg --full-generate-key
- At the prompt, specify the kind of key you want, or press Enter to accept the default.
- At the prompt, specify the key size you want, or press Enter to accept the default. Your key must be at least, 4096 bits.
- Enter the length of time the key should be valid. Press Enter to specify the default selection, indicating that the key doesn’t expire. Unless you require an expiration date, we recommend accepting this default.
- Verify that your selections are correct.
- Enter your user ID information.
- Type a secure passphrase and make sure to remember it.
Then, you can ask your colleagues/collaborators to send in their public keys, which you can use to encrypt the notes in LastPass, after which, your collaborators will decrypt them using their corresponding private key.
You can use this to encrypt your passwords, Corporate VPN configurations and other sensitive data.
This approach makes it so that if any data leaks occur on the side of the password manager, your data will be more secure because it will be signed with a complex PGP key.