In a study conducted by the B2B review and rating platform GoodFirms in 2023, it was found that 30% of respondents, all IT professionals, experienced data breaches directly linked to weak passwords. Additionally, Cybernews, a cybersecurity research platform, reported that "123456" was the most common password in 2023.
Despite increased awareness of the importance of strong passwords, many users still rely on predictable combinations. This issue has prompted some countries, like the United Kingdom, to take legal action. On April 29, the UK government enforced regulations under its Product Security and Telecommunications Infrastructure (PSTI) framework, mandating strict password protocols for Internet-connected devices to encourage the use of unique, non-trivial passwords and mitigate cyber threats.
While the UK is updating its laws to bolster its residents' defense against cyber threats, it is crucial to take personal security measures, such as creating strong and unique passwords. The LastPass password generator, a feature of the LastPass password manager, has been a popular choice for this purpose for a long time. However, after it fell victim to a cyber attack in 2022, there have been strong concerns about its reliability.
Is the LastPass password generator and manager still effective for cryptocurrency users in 2024? Let's delve into the details.
LastPass password generator and manager
Firstly, let's understand what LastPass offers. The team behind LastPass claims this product is a manager that can effectively secure passwords in a vault, accessible via a locally hosted file. Acting as a centralized hub for password-related tasks, LastPass facilitates auto-filling passwords, password synchronization across different devices, generating robust passwords, and monitoring their strength.
The LastPass password generator is touted to allow users to create the most secure and random passwords, aligning with security best practices. Users can access the random password generator via the LastPass icon in their web browser toolbar, browser extension, or vault. Customization options include password length and character types.
Random passwords generated by LastPass can contain up to one hundred characters and offer three modes: "Easy to say," "Easy to read," and "all characters." After selecting preferences, users can copy the password to their clipboard or generate a new one as needed. LastPass recommends logging out and back in using the new password for enhanced security.
Is the LastPass random password generator and manager free forever?
At the time of publication, LastPass did offer a free option for one device type. According to the official website, it provides unlimited passwords, one user account, a LastPass password generator, and several useful features such as saving and auto-filling passwords, one-to-one password sharing with other LastPass users, access to a security dashboard, dark web monitoring, and passwordless login.
Premium LastPass account
At press time, the Free plan also included a thirty-day free trial for the Premium plan. Meanwhile, the Premium plan added additional functionality to the free features, including access across all types of devices, one-to-many sharing, and advanced multifactor options.
This plan also provided emergency access, which grants one-time access to your vault to another LastPass user in the event of an emergency or crisis, as well as personal customer support. Additionally, Premium customers could upgrade their secure notes storage of 50 MB from the Free plan to 1 GB. This storage can be used for backing up critical documents such as passports, credit cards, insurance cards, and tax documents.
The regular price for the Premium plan was €2.90 per month, while at press time, there was a 20% discount and the plan was priced at €2.32 per month.
Families LastPass account
LastPass also offered a special Families plan which granted all premium features to six users. This plan came with six individual, encrypted vaults and a family manager dashboard for simplified user and security management. This plan also supported grouping and sharing items in folders.
The regular price of the Family plan was €3.90, however, at press time, it was offered for €3.12.
Thus, you currently have a choice of three plans for the LastPass account you create. One of them will allow you to use the LastPass app to generate and store your passwords for free. However, free accounts are limited to the use of a single device type.
Is LastPass app safe in 2024?
The safety of LastPass in 2024 has been a concern following security incidents in 2022 when, both the company and its customers suffered a data breach. The team behind LastPass claims its password management solution features advanced 256-bit AES encryption. However, it did not prevent the security incident from happening.
"Based on its poor track record of security problems, the short answer is that no, LastPass is not safe, and you should probably avoid it," secure email service ProtonMail recommends, adding "If you already have it installed, the safest option is to delete LastPass and to export and then delete any data the company holds so it's no longer at risk."
Customer reviews about LastPass
To better understand the trustworthiness of the LastPass solution, it is also worth exploring customer reviews. At press time, based on 673 customer reviews left on the popular review platform Trustpilot, the password management solution scored only 1.3 out of five stars, which is regarded by the service as bad. Only 7% of reviews gave LastPass five stars, whereas 79% gave it only one star.
It appears that since January 3, all reviews except one, giving the service a maximum number of stars, ranked it rather low.
Read also: Windows Server 2022 Users Alarmed by Unexpected Copilot Installation
Security concerns were mentioned as one of the major issues why users were unsatisfied with LastPass. Many of them also mentioned unauthorized charges to their cards without consent. Some LastPass users also complained about the difficulty in accessing customer support.
Users also report encountering obstacles such as unreasonable requirements for assistance or outright inability to reach a customer support representative. Users found it particularly difficult to cancel their LastPass subscriptions because of hidden cancellation policies and resistance from customer service.
Performance issues and lack of updates were also experienced by many users. Moreover, there were users who voiced such significant concerns with LastPass that they were prepared to take legal action against the service, citing breaches of privacy rights and mishandling of personal information.
The best LastPass alternative to generate and secure passwords
Because of security breaches and numerous customer concerns, LastPass may not be the best random password generator and manager. Which LastPass alternative should you choose to generate secure passwords and store them?
Forbes Advisor recommends NordPass as the "best for usability" password manager, rating this solution with 4.9 stars out of 5 based on various criteria according to reviews and fees. On Trustpilot, this service scored 4.3 out of 5 stars based on 1,406 reviews, 83% of which gave it the maximum number of stars. While the majority of the most recent reviews about NordPass were positive, there were two negative opinions emphasizing the difficulty of getting refunded after canceling the use of the service as well as the inability to turn off automated updates.
As per Forbes Advisor, this solution is free for personal and family usage, whereas business clients have to pay $1.79 per month.
Among the downsides, Forbes Advisor emphasizes that "Unlike LastPass, it does not provide a native option for one-time password (OTP) generation." Forbes Advisor also points out that "Advanced business features, such as Google Workspace SSO, are only available in the Business or Enterprise plans."
Another top suggestion of a LastPass alternative from Forbes Advisor is Norton Password Manager. Forbes Advisor rated this service at 4.8. Forbes Advisor claims this solution is the best for integrated cybersecurity solutions but points out that Norton Password Manager does not have a user-friendly interface like LastPass.
Other alternatives suggested by the Forbes Advisor experts are Keeper Password, KeePass, 1Password, Bitwarden, and Dashlane.
Passwords you should avoid at all costs
The LastPass password generator is certainly not the only application that can be used to create a password and store it. However, if for any reason, you do not want to use LastPass or any LastPass alternative, and prefer creating your passwords manually, it is crucial to keep in mind word and number combinations, as they can significantly compromise your security.
"In total, we were able to analyze 15,212,645,925 passwords, of which 2,217,015,490 were unique," the team behind Cybernews shared in its report adding, "We discovered some interesting things about the way that people create passwords: their favorite sports teams, cities, food, and even curse words," Cybernews claims that it is possible to distinguish demographic patterns based on the passwords chosen by users. "We could even deduce the probable age of the person by looking at which year they use in their password," it states.
It turns out that creating secure random passwords is a real challenge to many users.
Passwords including years
Using a year as a password or its fragment is considered a rather basic approach to establishing your online security. Cybernews has found that the birth year of a user is the most popular year to be added to a password, followed by the year when the password was created, as well as any other year regarded as special by the user.
Interestingly, based on the data examined by Cybernews, using the year 2010 in the password was particularly popular in 2023. The platform reports that there were approximately 20 million passwords that incorporated this year and its variations. The second most commonly used year was 1987 with 8.4 million occurrences in passwords, followed by 1991, which was incorporated into 8.3 million passwords.
Passwords including names
A name is another common component of a weak password. Unfortunately, millions of users still stick to using names. Based on its data, Cybernews was actually able to access the most popular names.
"The winner is Eva, but just barely. The number 2 name is Alex, which comes in about 50,000 instances less than Eva," Cybernews states, providing further statistics. "After that is Anna, and it tapers down consistently to the number 10 most common password name, Daniel." In-between, there are such names as Max, Ava, Ella, Leo, Jack, and Ryan, whereas Darcie and Darcey did not enjoy such popularity.
Passwords including names of sports teams
Adding the name of your favorite sports team to your password is another sure way to make it rather weak. Cybernews explains that the data for sports teams incorporated by users in their passwords is so common that it can be assumed the most favorite teams and kinds of sports based on passwords only.
Thus, it appears that "The number one sports team in the NBA’s Phoenix Suns, followed by the Miami Heat," whereas Liverpool is the most popular football team.
More basic password ideas: curses, cities, months, days, and food
If you do not want your password to be guessed easily, it is certainly not a sensible idea to add one of the words used by the majority of English-speaking people. Adding English curses to your passwords is one of the most effective ways to compromise your security online.
Cybernews has found that as much as 7% out of 2.2 billion unique passwords had a curse word in it.
Showing appreciation for the city of your birth or another favorite place in your password is a bad idea as well. There are literally millions of people doing so which significantly simplifies the work of cyber criminals.
Abu Dhabi and Rome are absolute favorites of Internet users, followed by Lima, Hong Kong, Milan, London, Liverpool, Austin, San Antonio, and New York.
The use of seasons, months, and days of the week also makes your password rather predictable. Cybernews reports that summer is the season mostly used in passwords, while the most common month is May. Friday, in turn, is the weekday most frequently appearing in passwords.
Finally, the research by Cybernews revealed that food-related terms also constitute a significant portion of commonly used words which makes passwords rather predictable. The words "ice," with almost 6 million use cases, and "tea," which was added to over 3.22 million passwords are leaders in this group.
Read also: Telegram Desktop Security Update: Clarification on Zero-Click Vulnerability Rumors
The weakest passwords in 2024
While the words mentioned earlier enjoy such great popularity among Internet users that they make it quite easy for threat actors to guess them, there are ten unbeatable leaders. Unfortunately, the study from Cybernews also shows that the weakest possible passwords that do not even incorporate the words discussed earlier are actually the most frequently chosen options by Internet users.
Thus, half of the top ten most popular passwords are comprised of purely numerical sequences such as:
- 123456;
- 123456789;
- 12345;
- 12345678;
- 1234567890.
Such a basic password as 111111 is also one of the most common choices of Internet users, whereas two of the leaders are based only on letters, such as "qwerty" and even the word "password" itself. Others are more "advanced" versions, combining both numbers and letters, such as "qwert123" and "1q2w3e."
Bottom line
While the LastPass online service remains a popular choice for secure password management, its reputation has been tarnished by past security breaches and numerous customer concerns. Although LastPass may be a convenient solution to generate a unique password, the safety and reliability of its password management features have been called into question.
Meanwhile, alternatives like NordPass are gaining more and more traction, offering robust security features and user-friendly interfaces. As cybersecurity threats evolve, it is crucial for users to prioritize password security and choose solutions that effectively safeguard their sensitive information.
If you prefer to create and manage your passwords on your own, ensure that you avoid replicating any of the popular patterns discussed above, as they can significantly compromise the strength of your password. Remember, a secure password isn't just complex; it's also fundamentally unique.
