LastPass is a password manager that works on all your devices.
It is free to use on computers, and has a premium upgrade for mobility devices.
With LastPass you can have very secure passwords for all your services and sites, without having to remember or write them down.
Do you want more videos with Steve?
Click here to subscribe!
If you like this video, tell the world!
Please click "Like"!
Steve Dotto is a long time host and executive producer of Dotto Tech, Canada's longest-running technology TV show.
After 15 years on national television, Steve now delivers his advice and how-to videos on YouTube.
Every week we produce one new video which shows how technology fits in your life.
We cover all aspects of technology for my personal use perspective. Concentrating on productivity solutions.
Windows, Mac, iOS, android, iphone, apps, gmail, google drive, ipad tables all get covered.
If you have an suggestions for videos you would like to see, drop us a note at
Check out Steve's excellent online free workshops
Inbox Zero - www.dottotech.com/3steps
Productivity - www.dottotech.com/dmp
Book Steve to speak at your event, he is an outstanding keynote speaker. For more info:
For more from Steve
including our weekly radio show /podcast
I've always wanted to know this and nobody ever says. How come some websites have logo's or site names in color and others don't have anything but an empty box? How can you change that or put a favicon in it? Thank You
Love the video. I'm curious, however: when you use LastPass to generate a password, what is stopping it from recording what password it has given you and tying it to your most recently updated site? Is it not possible for LastPass to then have a list of all your usernames and passwords that is visible to them?
Great videos. I switch phones allot, most of them are android phones, when I get a new phone, I have to sign in using my gmail account in order to complete the setup then go to google play store, download lastpass, other apps and so on,so if I add my gmail account to lastpass, then how can I access my password during a setup for a new phone? And if I dont use lastpass for my gmail, then am wasting 70% of my security. Kindly help
I just spent about (3.5) hrs researching LastPass videos and came out blind! from a beautiful blonde, people who spoke decent English, and just WHAT??? Thank you, sir, for breaking down(dumbing it down) so I could make a decision! LastPass has it!!!!!
QUESTION - I want to use a PW manager like LastPass (LP) - but when I think about other scenarios, it may not work for me. For example, if I have all of my accounts with off-the-wall cryptic passwords saved in LP on my home computer. Then I try to log into my bank account on, say, a friend's computer, then I won't have the password and won't be able to access it. Am I correct? Or am I missing some functionality within LP that would solve for situations like this? Thanks.
Hello Steve, thanks for the great video tutorials, your a total pro!
I have a question about vulnerability if my Laptop, Surface Pro tablet or other device are lost or stolen.
Right now my LastPass account auto populates all my Usernames (UN) and Passwords (PW) for account I log into.
I just left click on the LastPass icon inside the UN and PW infill boxes and it has my UN and PW saved, I just click left click and it logs me into my account.
If my Laptop, Surface Pro or other device is lost or stolen it's just a matter of some stranger hacking my windows or android login which is pretty easy for a pro and voila, they can open all my supposedly secure accounts.
Can you advise me and your audience on how to set LastPass security settings so that the auto populate of UN and PW boxes is disabled, ie;
1) I will have to log into the account by first entering my LastPass master PW then clicking on the saved site icon.
2) I have to enter web site UN and PW's by memory first, failing that I enter the Vault with my master PW to retrieve my site PW's.
My preference for both of these options is that LastPass remembers and ads UN and PW's to the Vault but never auto fills UN or PW's on any of my devices.
Is this possible?
Looks like this is the setting instruction from LastPass;
A short video tutorial on this would be great!
I took your advice from another Last Pass tutorial and I was just coming to this one to learn more. Thank you for the Apple app review. I'm nervous about this process, but fear isn't going to keep me from acting! Thanks so much for your simple, clear and accurate instructions!
Looks good but I have some questions. If I install LastPass on my MacBook, does it synch with my iPhone or do I install it on that as well. Also, can my wife and I share this somehow, say for our Amazon account.
I have a question. For example: Lets say I'm at work, I have LastPass for my email account, but I want to log into my email account on my work computer, is this possible? Or do you have to have LastPass installed on every computer/phone you try logging into? Thanks.
Just a quick note: substituting symbols the way you did is very useless. People who bruteforce passwords use dictionaries yes, but these are coupled with strong "rules" that effectively override that little cleverness. Think of entropy. Substituting letters with common symbols doesn't add any "information" or entropy. Your password's strength is left the same, you're just straining yourself each time you enter your master password looking for symbols that don't add anything other than a mild annoyance. Instead, think of these "rules" and circumvent them. Instead of replacing spaces in passphrases with commas (again, useless), put spaces in non obvious places like to divide a word or something. Make no mistake also: simple passphrases with solid "rule-dodging" are infinitely more secure.
He's just telling the viewers that these substitution numbers are somehow difficult to remember especially when incorporated with the upper and lower case letters. He want to tell us even if his sample [email protected] is secure, using a password manager will allow you to generate random characters and numbers for each secure sites you visit and no one can hack that. And the best part is that you are not required to remember that unique password generated for you.
+MrrQuackers good and famous comic! It's the same idea I presented but I would go further. With no assumptions ("rules") made, it's true that the passphrase is good. But imagine if the attacker thinks "hey! let's try ALL combinations of 4 English words". As you can see, that does sound infinitely easier than trying out all possible 44 bits. Do you see what I mean?
Obviously, you don't brute-force the site. In the case of Lastpass, should your vault be compromised and available to a hacker, they could decrypt it if your password is weak (in the way I described). Granted, Lastpass uses PBKDF2-SHA256 with a default of 5000 rounds, which is pretty slow and very secure. But using the right tools (eg a large cluster of GPUs), brute-forcing a subpar password is terrifyingly easy and your Vault is fair game.
Steve. You're obviously bright. Great articulation. Nice energy. All that. But you would do well to do a more linear presentation of how to enter this plug-in, and go straight through the use for a particular site, complete with form fill-in, etc. Because with this current presentation, you have so many "asides", stream-of-consciousness stuff, etc., that it is very difficult to follow a skein of the functionality of the program. So rather than providing lucid instruction, this presentationcomes off more like some glib guy who is in love with the sound of his own voice. I really --- really --- doubt that that is what you are about. But that is the way this 10 minutes comes across.
Just to make a couple of things clear:
Even if LastPass got hacked, the data stored there is useless. In order for your passwords to be usable they need to be decrypted. The private key needed for that decryption is never stored on their servers. It's a zero knowledge prinicple.
The superstrong password you use for your lastpass account is never sent in the clear, it's a salted hash with some extra bells and whistles, so that password is also secured.
That sounds great!! Thanks you.
What if I have several logins for one website? Will it work for all of them?
What if I need to allow access to some of the passwords to my employee? Can I create a group and give permission to that specific group of passwords?
I still don't get it. Can't I just change all my password so every password is different, and then let Google Chrome remember it?
If I'm at someone else computer, I could just log into my Chrome and all my passwords will be there, since my passwords is synced with my Chrome.
For phone, after entering a password on a site, the phone would always be logged into this sites, so I wouldn't need to enter the password again. I assume everyone is like that when it comes to phones, right?
Make a password on your phone, and nobody can enter you phone.
So really, what is the big deal about Lastpass?
Is the Chrome security bad? Google Encrypts all your passwords, so I wouldn't say the security is any better or worse than Lastpass.
Just because people let Google remember the passwords, doesn't mean everybody uses the same passwords for all sites. Chrome can easily remember multiple passwords, if people got the wrong idea.
+dottotech I do understand that Google store them online, and Lastpass store them local on your computer. I still wouldn't say your password is not protected since Google do encrypt it, even though it's online.
I did get Lastpass in the end btw, simply because if I get a new phone, I can use Lastpass to enter my passwords, without opening Chrome, and entering my passwords from there, to my phone.
But you really do just need to enter your password one time on your phone, since it does stay logged in all the time. And it's not like I change my phone every month or something, so it isn't really that big of a deal.
But that's the only reason I see using Last pass, is when you get a new phone, and you would need to enter passwords for: Twitter, Facebook, Skype and so on.
And Lastpass did get hacked not long time ago. I think they got 5 million Gmail passwords.
Often I get hung up on changing passwords and then I have to have the website email me and start over . Can you do a slowmo how to on lastpass for me :) Believe it or not I'm not a ludite :)
+Nelly Kostelijk I am working through that myself. I am inclined to stay with Lastpass, but having a good close look at what is involved in switching. You will now if I do as I will post a video on it.
+Nelly Kostelijk Actually I am not sure I am going to feature LastPass in my next Password demos, I am concerned about the fact they were just sold, and thinking I may feature Dashlane next time instead.
From what I read you can log into LastPass' website and copy and paste your credentials from there, also they offer USB portable options (standalone applications that can be installed on a USB stick and carried with you).
+Delsing Van Kampen Nice to hear from you again. LastPass responded very quickly and let us know, and no harm was done. I am not concerned because of how our data is siloed, everyone online is under constant attack.....that is the norm now!
I have used lastpass for 3-4 years now, and i love it.
I save all my passwords in two places, first is lastpass. and the second is a big encrypted text file that i store the Ciphertext in dropbox and the key on a USB flash drive.
And for my passwords, i usaly generate a uniqe password that are usaly 32 characters long.
Upper, lower, numerical and special charachters.
New to your audience, thanks for the great tutorial. It makes sense to me but what if someone gets a hold of my computer or phone? If it is just a matter of clicking the icon, how does it prevent anyone else to get my passwords or accounts?
It's certainly very convenient but password storing isn't worth any subscription as low as it is. I rather have more work than to pay for something as redundant as that. Unless, of course, you are very well off financially speaking and you can afford to spend money on every little thing no matter how unnecessary, and you have a whole lot of accounts. In that case, the scale starts tipping into the side of it being worth it. That's my opinion, at least, lol. Good video. Thanks!
+dottotech You have a point. I ended up deciding to try this software and I love it. The premium is not for me, for the time being but I realize that, in some cases, it's definitely worth it since many people are constantly on the go and security is very important. Thanks for your answer! :) It's definitely a game changer, this software!
+euheide Thanks for sharing, but you may miss the point, the passwords are secure, robust and I can access them from multiple devices, the convenience AND security benefits are HUGE therefore worth (IMO) spending a few dollars on.
+dottotech Heheh. True. This seems like a really great software though. It convinced me to change my MO, for the time being. I'm still keeping my old encrypted volume with the passwords but I now have much less work and it probably offers equivalent security :) The other good thing is what you mention, that this ended up allowing me to considerably beef up the security of each password by allowing completely different and bigger passwords for each website. Undoubtedly it's worth it! :) Thank you very much!
LISTEN OUT THERE!
I have repaired over 500 computers with viruses, Trojans, Worms and anything in between. I have seen identity theft in it's worst! OK, no more drama. LISTEN to this guy, if you only have one or a couple that you use all the time, SHAME ON YOU, AND NO PITY IF YOU GET HACKED. It's funny, most think the odds are on their side. SHAME ON YOU!
Thanks to your great tutorial, I just signed up for LP Premium and after I paid the $12, I tried to enter the account information and it says my email address is incorrect, which it isn't. I then remembered that many years ago when I had a pc I signed up but never used the service or forgot the MP. Now I have a mac. Is it possible to just start all over again without changing my email address which I've had for 15 years or am I forever locked out? If so, will my visa be credited $12?
+dottotech Thanks for your quick response. I will call them today. If I can't re-open due to my poor record keeping, I'm going to make it your fault because you...um.. I'll come up with something. Seriously, I'll let you know what happens.
Very good video! I have one question: I find myself using public computers or free de computers or office computers quite often so, is there any USB bootable or any way to have the passwords without being on my computer? Also, is there a way to export the passwords file to be able to open it using KeePass (or any other password manager) in case lastpass closes? Thanks!
I apologize if this has been asked but I have a question about mobile apps. How does last pass help me if I use my bank's, social media, itunes and streaming music apps on my phone? Would I have to use the last pass browser to access these services through a mobile browser only? This also poses questions about using a Playstation, xbox, chromecast etc... when accessing accounts from other devices.
+Chase Abendschein I think you should be abler to find your LastyPass access in the share tool at the top of the screen (at least on iPhone) But I am not 100% certain it world with every password enabled app
I love this......but one thing happens to me when logging into Google. I have more than one google acct, and when I go to log into Google, lastpass has 3 logins, If I click to change one, it pops immediately back to the default.....I have to make several attempts before it changes the fields so that I may log in to the account I want. It only happens with Google though, nothing else
Do I have to use the lastpass browser on my mobile device? Or can it still work with chrome on my phone? Also, what about password in third party programs on the computer. For example, I enjoy playing a certain mmo, can lastpass generate a password and fill that password into the launcher?
+curtst I use the last pass browser in mobile. As far as I can tell you can copy and past info, but not the same integration as on the desktop.
I think it will work for your game but I am not positive.
Great video that probably will help me a lot, but I have one question though. What if I need to reinstall my system from the scratch? Are my LastPass info saved somewhere in the cloud? Can I retrieve it back in the case I need to reinstall my system?Thanks
Hi, thanks for the informative video. At 2m 27s and at 9m0s you are showing the vault and mobile app, respectively. So if someone gets hold of my device while it is unlocked or they manage to crack the device login then they have access to all passwords in LastPass because those are in plain view or can at least be seen through "show password" options, etc? I think I saw somewhere that the amount of time for which LastPass is available after log-in should be set as short as possible. Having said that, do I need to be logged into LastPass in order for the tool to automatically populate my password? Does this concern make sense? Would you be able to comment?
+Anja Eichen The way I use it is for all secure sites I use the Lastpass Browser, everything I start a session with it I need to use my master password. once the screen locks again or if I go to another app for a shot time I need to log in again
Using the built in Browser in Lastpass I access all my secure accounts.
You think this could be a solution for corporate situations? I can't count how many times I have had to regenerate a username and password because someone forgot it. Seems like this would be a great solution for workers who are not allowed to keep their passwords in written form.
4:47 Unfortunately, it's actually not true that it's a hard to hack due to the well known 1337 (Leetspeak). It's a simple substitution that doesn't do very much of anything. It's NOT secure. Don't use dictionary words (even with letter substitution)
It's a really, really useful tool!! I've been using it for ages! There's also an Android version, but you'd need the premium account to use it on your smartphone. Use this link to subscribe https://lastpass.com/f?3080906 it will give you a month free to try (although the annual subscription is ridiculously affordable for $12)
The Lastpass website says that using the fingerprint feature is available in premium,although its working for me in the free version perfectly fine.
I wonder if there's something different with the fingerprint feature in premium version??
I want to install and use this but have concerns. What happens if LastPass decides it's not worth the effort and shuts down. How can we get access to our sites without the cryptic passwords that LastPass generates? Also I'm assuming if I use LastPass on web sites like Hotmail that I also regularly access on my phone that I lose access to Hotmail on my phone?
Thank you for the quick reply. I guess I'll bite the bullet and give it a shot. Looks like I will have to buy the premium edition in order to sync my mobile phone with my desktop so I can open a couple of web sites on my phone.
I can't speak to the issue of Lastpass remaining in business, although they have been around for a while and seem to be in good shape, I think the bigger issue may be that that get acquired. +Jake Beckham
the app works on mobility devices, You may need to pay $12 a year for that.
One downside I can spot is that if you regularly have to use public PCs or other PCs where you're not allowed to install software, that necessitates the mobile app. However, that mobile app only works on specific operating systems. What if I am using an operating system that is not supported and need to regularly log into public PCs?
Not really, at least not in an unencrypted form, you it is complex, but your passwords are partially on Lastpass, and part on your system, you need to connect the 2 to get a useable password.
Not perfect, if you have a better solution I would love to hear it!
Has anybody used LastPass for Windows 8 phones? I just tried out LastPass on my desktop, but ended up deleting my account. The program wouldn't export data correctly, has too many crammed features (secure notes? really?), and I somehow ended up with duplicate website profiles. I don't see any videos of anyone using it on W8 phone. I don't want to pay the fee just to try it out.
For now I will keep using my password protected Excel spreadsheet... not the most convenient.
seems like a nice program/app but how do you deal with programs or games that require a login name and password? eg battle.net? u have LassPass to generate a password to the website but u going to need that same password to login to the game client, and if you have more than 1 game/program client to login to that's allot of copy and paste as well, or i am missing something?
Another Hat Tip, You can even restrict access to your Lastpass Account BY COUNTRY through your Lastpass Preferences window. This is another good and effortless (on user's part) layer of security to prevent your account from being accessed from anywhere else. So apart from the 2 Factor Authentication this restriction of access by country is another handy dandy layer of security for securing your lastpass account from prying eyes.
Great overview but you missed one of the key security features for LastPass. You can (and most definitely should) protect your master password with two-factor authentication. LastPass supports Google Authenticator and others.
Isn't it a real leap of faith, to give all this info to one place,, love the idea but, these days who can you trust?? I didn't like the idea they asked for your social security info at start up,,so i didn't give it,,, I will tread cautiously but am willing to try, cause these passwords are really getting out of hand,,,
I also want to say I am so glad to find you again,, I used to watch your program on tv way back in the day and you haven't changed a bit!
Any advice on something, I am a bookkeeper and want to get a online backup service, but I also need secure file sharing capabilities, I have done some research and am leaning towards back blaze and drop box, but do I really need both?
The data is encrypted on your machine so even LastPass can't decode your data as they don't have the private key. The biggest issue is if your master password gets stolen from something like a phishing attack. You can set up 2 factor authentication though with the Google authenticator app which pretty much eliminates a phishing attack. Using these security measures and having a different password with every site seems like the best option out there really to me. Having your passwords written down in a notebook has it's own issues.And trying to remember them in your head forces you to choose less secure passwords.
The problem is not that Facebook and Google are the only advertising platforms. The problem is that they are considered mainstream media and without these two, the trend of cryptocurrencies gaining legitimacy is delayed. That is right, I said delayed not blocked or prevented.
The World Has Changed.
Five years ago, when bitcoin was unknown to most people, this might have been a fatal move. Today is a different story. I recently traveled to a remote mountain town in the interior of Mexico. Everyone I met had heard about Bitcoin and eyes lit up with excitement when I ask if I could pay for lunch with bitcoin.
Today are dozens of websites dedicated to cryptocurrencies, either holding them, exchanging them or just writing about them. Probably the most effective advertising remains on Google, it is called Google Search and it is free.
If someone wants to learn about owning bitcoin or any other currency, there is a ton of educational information.
The Flipside Is Being Ignored.
Not All Regulation Is Inherently Bad.
If we examine the full spectrum of regulation to this point on a global scale there is one common target most everywhere. That is the practice of exchanges. So far there has been little or not regulation, threatened or enacted, to protect investors from loss of funds due to security breaches.
Capitulation Is A Good Sign.