LastPass & Some Thoughts & Questions

Hello everyone,

I have a question regarding password managers but more specifically Lastpass because of its synchronization support. So, with the recent scare of the heartbleed/heartbeat bug and estimated effect of 17% it had on web-servers worldwide I feel much more motivated to changing some if not all of my passwords because like most people passwords are not kept as diverse as they should be across servers nor constructed as complex as they should.

And another note as i will be making my transition from chrome to the recent release of firefox 29 with its new added features and better synchronized support  id like to have a fresh and secure new start.

 

My question is what is an effective way to start the deployment of Lastpass? What are some of the more stronger and effective guides out there? Whats your input on it? What possible problems could one run into? What is a safe password generating site or program i can use to make all my passwords very complex and long like this http://helpdeskgeek.com/free-tools-review/4-online-password-generators-to-create-strong-and-complex-passwords/

What if i combine Lastpass with firefox's Password manager, does it create any redundancies? What if i am not home and do not trust a forigen system i am about to log into, does lastpass provide any security for that situation? What if it is a secure system but because i created absurd and numerous passwords i cannot remember them is there a situation that i can relie upon to help me with that such as a usb drive i can plug in(i understand now that some sites are adding in two factor authentication and support for lastpass)?

Here is an example: I heard of one person who had it so that anytime the person logged into an account somewhere public (on a public machine such as a school) the password he would use would be or some how had a time to live of one use. And this may be more for the advanced user or more toward servers and off topic but had some sort of private and public key authentication.

Hopefully i have not forgotten to add anything. Thank you guys for any and every bit of help you have.

roach,

Why don"t you just go ahead and try it? I am using it myself and I can recommend it. You'll find answers to 90% of your questions by just getting it, trying it, playing around, looking at the features, settings and digging around in the menus (it's free, after all). Just use a few dummy accounts to try it if you don"t want to start migrating before getting all your answers. If you still have specific questions after that feel free to ask!

Yeah, this is what i plan to do. Today at work i just spent all my lunch and break time researching about it and i noticed it seems to pretty much have everything i need. I guess really all i wanted to know is what are some of the more professional/industry standard/best practice ways of setting it up.

So for instance i was reading the official documentation and ran into some configuration tinkering for a bunch of different settings they have built into the system and i just figure maybe some of you here might have some strong backhand knowledge of what to set up which is a "must"( Because the default configuration usually is just a basic backbone setup with tweaking required by the more knowledgeable and skilled hence the insight i am partially seeking). But maybe thats asking to much from everyone and requires  a good knowledgeable industry cryptology background, idk.

As soon as i get another fresh copy of ubuntu installed and tinker that i will install lastpass on it and configure it because i dont trust my windows installation. All that FUD.

Well, I can only comment for myself but to me 2-factor authentication is a must. I've also limited the country IPs that are able to log into LastPass to a country of a VPN node that I always use. That's pretty much as far as I will go in terms of security, and I honestly think it's good enough. The menus are really cramped up with settings though so I understand you perfectly. It took me a while to read them all but in the end I settled for "only" 2FA and limiting IPs.

Do you enable 2FA on lastpass or on both lastpass and other things like google mail?