Introductory talk on the need to use password managers and a quick review of Lastpass' features.
Presented at the OWASP Austin Cryptoparty in January, 2021.
2. Nice to meet you!
Bertold Kolics
● Question Asker at mabl
● Past roles include developer & tester
● Twitter: @bkolics
● Web: https://bertold.kolics.net
QA Manager, mabl
3. Passwords? I need more than one?
● In Real Life - physical keys
● Do you need more than one? YES!!!
○ If you lose one, the damage is limited, replace
just one lock
○ If you want to share one, you can limit who has
access to what
● Do you want your locks to be hard to pick? Of course!
4. Passwords are your keys on the Internet
Keep Them
● Secure
○ away from the eyes of the hackers
● Unique
○ unique key for each door - unique password for each service
● Hard to guess
○ Not just 123456 or your anniversary
○ Internet is open 24/7, ton of information is public about you
○ Don’t make it easy for the bad guys
5. How Do I Remember them All?
Do Not Remember Them All*
● In Real Life - physical keys
○ do you need more than one?
○ do your locks need to be hard to pick?
● YES - for your own security
○ If you lose one, the damage is limited, replace just one lock
○ If you want to share one, you can limit who has access to what
● Passwords are your keys on the Internet
○ Keep them secure
6. ● Your safe deposit box for the Internet
○ where you can keep your passwords securely
○ and do so much more
● Just one key to rule them all
○ the password to the password manager
○ make it hard to guess
■ more characters the better
■ use special characters, number
Password Managers To The Rescue
7. ● Create a strong password
○ PasswordCard
https://passwordcard.org
○ Diceware - https://bit.ly/diceware
■ roll dice 6 times
■ match them to words
● Practice to memorize it
● Store in your real life safe deposit box
○ No sticky note on monitor
Keep The Master Password Safe
8. Password managers do even more
● Generate secure, hard-to-guess passwords
● Automatically fill in username and password on websites
● Enable secure sharing with your family or friends
○ never e-mail or text passwords in clear text
● Not just for passwords
○ secure text
○ secure copies of important documents
9. Lastpass
● Download from https://lastpass.com for the desktop
○ Browser extension for Chrome, Edge, Firefox, Safari
○ Standalone app
● Download from the App Store or Android Store for your phone
● Passwords and other data will be at your fingertips
○ synchronized across devices such as iPhone, Windows laptop
14. Sharing, notes
● Share credentials safely with others without
sending passwords in clear-text in emails
● Notes allow you to save additional information
such as recovery codes
15. Lastpass - recap
● You must not use the same password across multiple sites
● You cannot remember all your passwords
● Use password managers to keep passwords safe
○ The last password you have to remember is
● Free tool for basic usage
○ paid options available for advanced users or family subscription
16. A word of caution
● Do not forget your master password
● LastPass cannot access your
credentials stored inside your
password vault