Introductory talk on the need to use password managers and a quick review of Lastpass' features. Presented at the OWASP Austin Cryptoparty in January, 2021.

1. Password Managers
LastPass
OWASP Austin CryptoParty | January 26, 2021

2. Nice to meet you!
Bertold Kolics
● Question Asker at mabl
● Past roles include developer & tester
● Twitter: @bkolics
● Web: https://bertold.kolics.net
QA Manager, mabl

3. Passwords? I need more than one?
● In Real Life - physical keys
● Do you need more than one? YES!!!
○ If you lose one, the damage is limited, replace
just one lock
○ If you want to share one, you can limit who has
access to what
● Do you want your locks to be hard to pick? Of course!

4. Passwords are your keys on the Internet
Keep Them
● Secure
○ away from the eyes of the hackers
● Unique
○ unique key for each door - unique password for each service
● Hard to guess
○ Not just 123456 or your anniversary
○ Internet is open 24/7, ton of information is public about you
○ Don’t make it easy for the bad guys

5. How Do I Remember them All?
Do Not Remember Them All*
● In Real Life - physical keys
○ do you need more than one?
○ do your locks need to be hard to pick?
● YES - for your own security
○ If you lose one, the damage is limited, replace just one lock
○ If you want to share one, you can limit who has access to what
● Passwords are your keys on the Internet
○ Keep them secure

6. ● Your safe deposit box for the Internet
○ where you can keep your passwords securely
○ and do so much more
● Just one key to rule them all
○ the password to the password manager
○ make it hard to guess
■ more characters the better
■ use special characters, number
Password Managers To The Rescue

7. ● Create a strong password
○ PasswordCard
https://passwordcard.org
○ Diceware - https://bit.ly/diceware
■ roll dice 6 times
■ match them to words
● Practice to memorize it
● Store in your real life safe deposit box
○ No sticky note on monitor
Keep The Master Password Safe

8. Password managers do even more
● Generate secure, hard-to-guess passwords
● Automatically fill in username and password on websites
● Enable secure sharing with your family or friends
○ never e-mail or text passwords in clear text
● Not just for passwords
○ secure text
○ secure copies of important documents

9. Lastpass
● Download from https://lastpass.com for the desktop
○ Browser extension for Chrome, Edge, Firefox, Safari
○ Standalone app
● Download from the App Store or Android Store for your phone
● Passwords and other data will be at your fingertips
○ synchronized across devices such as iPhone, Windows laptop

10. Create strong passwords
● LastPass generates strong passwords for you
and stores them securely

11. Automatic filling
When you visit the website again it fills out the
credentials automatically

12. ● It detects password changes and make it easy
to update your saved credentials
Detects Password Changes

13. More than passwords
Store other data safely even photos of
important documents

14. Sharing, notes
● Share credentials safely with others without
sending passwords in clear-text in emails
● Notes allow you to save additional information
such as recovery codes

15. Lastpass - recap
● You must not use the same password across multiple sites
● You cannot remember all your passwords
● Use password managers to keep passwords safe
○ The last password you have to remember is
● Free tool for basic usage
○ paid options available for advanced users or family subscription

16. A word of caution
● Do not forget your master password
● LastPass cannot access your
credentials stored inside your
password vault

17. Thank you!
Bertold Kolics
Twitter: @bkolics
Web: https://bertold.kolics.net
QA Manager, mabl