Fortunately there is a much better competitor, Bitwarden which we’ve used for almost five years now and which you should use too. The interface is better, the browser plugin is far more reliable. Bitwarden is the creation of a sole creator, Kyle Spearrin, who built Bitwarden from the ground up in a superhuman effort, including doing support for a couple of years while he built Bitwarden up. Now of course there is a larger team in place but Bitwarden is still very close to the technical founding team and is much better for it.
All of the good things we say about using a password manager like LastPass below apply to Bitwarden.
As they say, the only secure password is the one you can’t remember. This is the idea that keeps password managers like LastPass going. With LastPass, you only need a one super-strong master password (there goes the name—”the last pass you’ll ever need”), which can be a line from your favourite song translated to a different language you speak, a quote from a movie, or any other phrase that is not too easy to hack.
Once you’ve entered the master password, LastPass will let you access your credentials for every other account saved in LastPass (Facebook and Twitter logins, e-mail, etc.) or do the autologin (If you activated it. Don’t do it.). This way, you can use strong generated passwords for your accounts, without having to remember them or writing them down.
The great thing about LastPass is that it stores your data encrypted online and the data is only decrypted locally in your browser with your key, which even LastPass itself does not have. This way, LastPass users are protected from hacker attacks like the ones that happened to Adobe or Apple users.
For us as an agency, an important feature of password managers like LastPass, is sharing passwords with our clients and among our team members. This way, we don’t need to send each other passwords or keep a document with all the passwords, which is way too far from secure. However, if you do need to send somebody your credentials, make sure you make the effort to use services like Reveal It!, that delete your message as soon as it is seen by the recipient.
Security is a number one priority for us at Foliovision, because we are responsible for the safety not only of our own accounts, but also of our clients’. As we once wrote, LastPass has its issues, but still, it is the best option we found so far to secure our passwords.
HOW TO USE URL RULES TO FIX THE ISSUE WITH AUTOLOGIN ON SUBDOMAINS
As much as we like using LastPass, we’ve discovered one annoying issue when using subdomains. The problem was, that when you have different credentials for several subdomains, LastPass would often fill in the wrong login information as the first option. This was because LastPass didn’t recognize the subdomains and treated them as domains. For example, we had this problem with these domain and subdomains:
Luckily, we’ve found a solution to this problem (big thanks to Rich for his helpful blog post).
We’ve found this fix to be quite easy, once you figure it out. You need to specify the exact URL, and LastPass will ignore all other sites in your vault, even similar ones within the same domain. To do so, you need to create a URL rule. Here’s how to make it:
1. Go to your LastPass vault and press the account settings button.
2. Click on the URL Rules thumbnail.
3. Click Add.
4. Put the address of the subdomain into Domain or Host field and click Add. Now the LastPass should only offer to autofill the login information for this specific subdomain and ignore the others. We didn’t need to write anything in the Path field, specifying the exact URL was enough.
5. Use the same procedure to add all the other subdomains.
Now you are all set!
Final Thoughts
There are a lot of reasons you should use a password manager: it generates random and complicated passwords that you don’t need to remember and allows you to share sensitive information as securely as possible.
Don’t repeat Irene Adler’s mistake! Human-generated passwords are generally weak and easy to hack.
Even though we found LastPass to be the best password manager so far in terms of price and quality, this isn’t your only option. The most popular alternatives for LastPass are Dashlane and 1Password. They are all not perfect, but the benefits of using a password manager definitely outweigh the risks.
However, all of those password managers will be useless if you don’t take care of your cyber security hygiene. We probably don’t need to mention the basics like not reusing the same passwords, not sending any sensitive information via messaging, or using a public Wi-Fi network. Or do we?
But one thing is often overlooked by the users—the browsers’ inbuilt password managers. Firstly, you risk that in case your device gets stolen or accessed, the safety of your passwords and other sensitive information will be compromised. Secondly, the recent breach in Opera browser shows that the browsers’ password managers aren’t sophisticated enough at this point to secure your passwords from hacker attacks.
That’s why you should never save your passwords and logins in your browser. If you ever did so, make sure you delete all your passwords from your browser right now (here is an easy guide on how to do it). Even if you usually don’t save the passwords in your browser, it still might be a good idea to check this, cause these pop-ups are quite sneaky and you could have pressed “Save” by mistake.
Be aware of these risks and truly commit to keeping your passwords safe!
KI00KI
Thank you!
Thanks a lot. This works great. Why Lastpass doesn’t speak about it ? Strange
This is a work-around for some very irritating behavior. Why doesn’t LastPass sort on the subdomain first and match other subdomains after that? Because of some internal domains, we have lots of subdomain passwords and it’s always a pain to get the right one to match. Clearly a flaw in the software.
So, what if there are 14433 subdomains…. add each by hand? (no, I’m not joking) There must be a general setting to just enable this. (In fact it should be the default anyway!) Or would a wildcard work? Something like *.domain instead of adding each one manually?
I would recommend that you not use LastPass under any circumstances, Rob. Bitwarden is better in every way. Bitwarden is $10/year for individuals, $40/year for a family of up to six users, free for two people in an organisation, $3/month/user for teams. If you have a really small business with less than six people using password sharing, you could probably get away with using the family plan.
100% what others said. That is still not a good workaround for subdomains when you work for a company with dozens of subdomains like mine at a major university.