Every few weeks, we hear the news that another major website has been hacked. Often these hacks mean your personal information has also been compromised. In this post, we cover the important reasons for why you should use a password manager to protect your online identity, and how to get started with LastPass, a free password manager.
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access their account–a username and password.
As an online security best practice, you need to have long, complex and unique password for every web account you use.Strong passwords need to be:
- Long – The more characters in a password, the longer it would take a hacker to guess your password.
- Complex – By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
- Unique – You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important for your website?
If you use the same email address and passwords for multiple websites that you log into, what happens when one of those websites gets hacked?
Your email address and password is now on a list that will be used to try to log into other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Keeper Security’s list of the most common passwords of 2016. Do you recognize any of them?
1. 123456 | 10. 987654321 | 19. 555555 |
2. 123456789 | 11. qwertyuiop | 20. 3rjs1la7qe |
3. qwerty | 12. mynoob | 21. google |
4. 12345678 | 13. 123321 | 22. 1q2w3e4r5t |
5. 111111 | 14. 666666 | 23. 123qwe |
6. 1234567890 | 15. 18atcskd2w | 24. zxcvbnm |
7. 1234567 | 16. 7777777 | 25. 1q2w3e |
8. password | 17. 1q2w3e4r | |
9. 123123 | 18. 654321 |
Password Managers vs. Browser Password Storage
A Password Manager such as LastPass not only remembers your login information, but also helps you generate long, complex passwords and stores them and other information securely.
LastPass vs. Other Password Managers
There are several excellent options for Password Managers available:
Ultimately, using any one of these password managers is a good choice, but we recommend LastPass because it offers the most value in free vs. paid features.
Getting Started with LastPass
In this next section, we’ll cover how to get started with LastPass.
Creating an Account
- Click the Get LastPass Free button in the header at lastpass.com.
- Walk through the steps to create your account.
Your LastPass Master Password
- The most important part of this process is creating your master password.
- This password is the master key to all the other passwords in your account.
- It’s the only one you need to know, so make it memorable but secure.
- Example: [email protected]@[email protected]!ms0nT!d3 (and, no that’s not my real password ?)
- All your information is encrypted based this Master Password. Not even LastPass can access your info without it – so don’t lose it!
Setting Up the Browser Extension
At the beginning of the account setup process, you will also set up your software (or go here to download the LastPass software
- Download and install the Universal Installer for your operating system which will set up the app and extensions for every web browser you have installed.
- The LastPass icon should appear on your browser next to the search bar.
- Once you log in, LastPass is now ready to save new logins.
Importing Existing Passwords
If you’ve been using your browser to store passwords, you can usually import them into LastPass without a problem.
- Click the LastPass icon in your browser and choose Account Options.
- Then click Advanced and then Import.
- You should see an importer for your browser that will step you through the process.
- Be sure to turn off saved passwords on your browser when you’ve finished the import because you’re using LastPass for this job from here forward.
- If you’re not sure how to do this, just Google something like Turn off password saving in Chrome
How to Add and Save Sites
Adding Sites Automatically
- Whenever you log into a website that is not yet saved in LastPass, it will prompt you with a request to add the site to your LastPass Vault.
- Click Add and your login will be saved for future use.
Creating an Account on a New Website
- When you create a new account, LastPass recognizes this process and will prompt you to store the information.
- On most sites, you should be able to pre-fill information you’ve stored as a Form Fill (see below).
- You should also be able to generate a random password by clicking the circular arrow icon in the Password field and click Generate and Fill. This should fill the password and confirm password fields.
Adding Sites Manually
- You can add a site manually by clicking the LastPass browser icon
- Select Sites then Add Items and then select Password to open a window where you can enter your login information.
- This is particularly useful to save websites with nonstandard login code that is not recognized by LastPass’ automatic saving system. This does happen from time to time.
Pre-Filling Website Logins
- Once a website is stored in LastPass, when you visit that site again and attempt to log in, you will see the gray LastPass 3-dot icon in the username and password field.
- Click the icon and select your login to prefill the login form.
The LastPass Vault
Your vault is where all your secure items are accessed, including website logins, form fills, and secure notes. Access the vault by clicking the LastPass icon in your browser and choosing Open My Vault.
What you should know about the LastPass vault:
- Add sites and secure notes by clicking the (+) icon at the bottom right
- Search and sort logins into folders easily
- Access your Form Fills
How to Fill a Form
Set Up Form Filling
- From the LastPass Vault click Addresses in the left menu and set up your information.
- Do the same for Payment Cards and Bank Accounts from within the Vault.
- You will be able to select saved information when you fill a form on a webpage.
Filling a Form Automatically
- Once your information is set up in the Form Fills area, LastPass will place a form filling icon (looks like an ID card) at the top of any web form it can fill.
- Click that icon and your form will be automatically filled with the information in your vault.
5 Nifty Things You Can Do Once You Set Up LastPass
1. Generate a Strong Password
If you have a need to generate a strong password, just click the LastPass icon in your browser and Generate Secure Password.
Note, you can set the password length and what kinds of characters are allowed (which is helpful on some sites that inexplicably don’t allow special characters)
2. Take the Security Challenge
Once you’ve used LastPass for a while and have stored a number of logins, open your Vault and click on the Security Challenge.
This process evaluates your password strength, checks for known compromises and allows you to automatically change your passwords for many popular sites. Running this process from time to time is a good practice.
3. Start Using Notes
Secure notes allow you to save information other than website logins securely in your LastPass Vault.
- You can store driver’s license info, passports, etc. as text information and also upload attachments like photos for each one.
- Since this information is accessible on a mobile device as well, this is an excellent way to make these kinds of information available anywhere securely.
- To set up a Note, open your Vault and click Notes in the left menu.
4. Set Up Sharing
You can share some or all of your saved logins with other users by setting up Sharing in the LastPass Vault.
- Open the Vault and click Sharing Center in the left menu.
- Then set up a shared folder and invite users to access it.
- Any site logins you add to that shared folder will be available to the users invited to that folder.
5. Set Up Emergency Access
What happens if I get hit by a bus? By giving trusted friends or family emergency access to your LastPass account, you can allow them to access your account after a pre-defined wait time.
- In the LastPass Vault, click Emergency Access in the left menu.
6. Set Up Two-Factor Authentication for Your Master Password
As an added measure to a strong Master Password, you should really set up two-factor authentication by using LastPass’ own authenticator or one of several other industry standard two-factor authentication options.
- To set up two-factor authentication, access your Vault, click Account Settings in the left menu, then choose the Multifactor Options tab at the top.
- Select your preferred provider(s) and set it up.
LastPass Free vs. Premium
As you can see, LastPass Free has everything you need to securely store and fill passwords on a single kind of device (for example: a Mac computer, a PC Computer, an iPhone, an Android Phone).
But if you want to access LastPass on different kinds of devices, you will need to upgrade to LastPass Premium for $24/yr. LastPass also offers Business and Enterprise versions that focus on a single bank of passwords accessible by users.
Watch the Video: Getting Started with LastPass
In this webinar video, we walk through how to get started with LastPass, as well has how to take advantage of several of the great password manager features.
Download the handout

Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.
This looks good … I would really like to use Lastpass, but haven’t they been hit by cyber attacks in the past?
My concern about password managers like LastPass is the fact that if they get compromised, all of your passwords are out there for the world to see.
Any thoughts on that?
Even though the information is encrypted is there any possibility (any at all) that the site could be hacked and the hackers could obtain passwords?
I’ve been using LastPass for many years now, it’s a truly invaluable tool and I don’t know where I’d be without it! I’ve you’ve not started using a password manager, give it a go, there will be no looking back!
LastPass is a really great tool and offers perfect functionality even with the free version. And in this tutorial you have showed me what I didn’t know that was even possible with it.
I think its also necessary to mention “form grabbers” and “key loggers” when talking about password managers otherwise people may think that a password manager will solve all their online security issues.
In addition, for a more comprehensive explanation of how to create a password that is easy to remember and complicated to crack: https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
Whenever I set up a new website for a client and create their safe passwords, I email them this information;
NOTES ON PASSWORDS
Passwords should be as long and complex as possible for your own security.
You should never need to type these passwords as it’s easy to make a mistake, instead you should copy and paste them as required.
Using a good password manager software is a good idea so you can keep all your passwords safe in one place and just use one password to unlock them, that way you only ever need to remember one password for all your secure information.
A good Password Manager to use is this one;
http://www.selznick.com/products/passwordwallet/
Remember to backup your password file regularly.
Note that this is not an affiliate link (though I am not averse to transparent affiliation). This is a software company that I respect just as I respect iThemes. Top-notch quality software, service and value.