One of my most important apps – and one that I recommend everybody should use – is that excellent password manager LastPass. It’s an essential tool in your cyber security set up. Passwords are obviously one of the most important security steps and should never be used on more than one website. But remembering long and garbled randomised alphanumeric passwords isn’t something us humans do very well.
But LastPass does it all for you. And it does it wonderfully across multiple platforms different devices and different operating systems. Until now its free version has been so compelling it has hardly seemed worth the minimal $30 or so annual fees.
I always subscribe to the software and services that I use for my job. But I was still emailed the notice this week about LastPass is changing this free offering.
It’s one of the cleverest ways of providing the so-called freemium model. This business model assumes that the vast majority of users will not pay for a service, but the small percentage of people who do, are sufficient for the service to be profitable. The most obvious example of this freemium system is probably Spotify, that excellent music and podcasting service that is the gold standard for streaming music.
LastPass’s clever solution to how it offers its free service is, quite simply, very fair. If you use LastPass on mobile devices, you can use it for free on all your mobile devices. If you use it on a computer, you can use it on all computers for free.
But if you want to use LastPass on both computer and mobile, you have to upgrade to the premium offering. That’s $36 a year discounted to $27 (R400).
I’ve always been happy to pay what I think is a reasonable amount for this excellent check piece of armour in my cyber security defence. I really think the way LastPass has structured its free service means those users can continue to use it on their respective platforms.
But, fair is fair, if you want to use it on two platforms then it is worth paying the premium. LastPass clearly has concluded that if you own both a laptop and smartphone, you can not only afford both of these, but also a small annual subscription for what is actually an essential service.
Of course, passwords alone are no longer enough in what is a hostile cyberspace environment. But you do have to have a secure and unique password for each site or service or app. LastPass offers that, and also offers the other essential tool you should be using, an authenticator app.
Microsoft makes one, as does Google and so does LastPass. These are apps that generate a specific six-digit number for a period of time – usually a minute or five minute – which you are required to enter as the second “factor“ in the security chain. This is known as two-factor authentication. But what TFA really means, is you verify that your password, which is the first factor, and then either an SMS or this time-based code
There is no doubt that authenticating apps are much more secure then getting an SMS. Most phishing or other Internet banking scams have often involved the swapping out of SIM cards for the over-the-air (OTA) SMSes that are sent as verification (or a second factor).
If you are not using both of these, please start immediately. If you don’t have two-factor authentication turned on, please do that immediately.
You need to do this double security step for all of your important accounts, especially email, Facebook, Twitter, Instagram, LinkedIn etcetera. I know it’s a schlep but it’s a worthwhile schlep.
You really can never be too paranoid when it comes to your digital security or the way you guard your personal privacy and data. Please don’t ever assume you do not need to be constantly attenuative and the way that people out on the Internet truly do want to hack into your accounts.
This article first appeared in the Daily Maverick.