Apps
HowTos

coeno

9.5.2013

How do we actually organize our passwords?

We all know how important it is to use a structured and secure password strategy. This sounds good in theory, but the reality is that passwords are almost never changed and often used multiple times. The simple reason for this is that it is much more convenient to remember a password, and since you don't want to remember too many passwords, you use one for everything. What this can lead to in the worst case can be read in Mat Honan's "Epic Hack".

A new level of complexity is reached when access data is shared, as is probably the case in every company. This starts with WLAN, VPN and FTP access, concerns shared web services, CMS backends, or e-mail accounts and sometimes even access to online banking, credit cards, or other highly sensitive data.

This data is shared by e-mail, collected in a document in a central location, or written down somewhere by hand, which then either leads to a great deal of searching, or again results in a drastic simplification à la "one password for everything".

One solution - LastPass

So we looked for a solution to the problem, and after some searching and trial and error, we decided on the cloud-based password management system LastPass.

LastPass is available in a version for individual or private users - which one or the other knows for sure - and in the Enterprise Edition for companies. Unfortunately, the user interface is not a beauty, but that's not the main point here.

The principle of LastPass is the following: Each user has his own "safe", i.e. an encrypted file containing all the access data relevant to him. This file is stored locally and secured with a password, hence the name LastPass - the last password to remember. With the help of a browser extension or a smartphone app, the safe can be opened and managed. Thanks to Cloud-Sync, the current version of the vault is stored on every device.

LastPass proves to be a useful helper in the browser, as it can automatically enter login data or directly accept new access data. This means that the password can be made as cryptic as you like - a password generator is also available, so you can forget it again.

In addition to access data for browser-based applications, LastPass can also handle so-called secure notes, which can contain any kind of confidential data, from FTP access to credit cards to driving licenses.

The Enterprise Edition extends the basic functionality to include the possibility to share access data with other users or user groups. Nevertheless, each user has his own safe, which nobody else (not even an administrator) can access.

Using LastPass Enterprise Edition

First there is an invitation from the administrator to use LastPass. This is in the form of an e-mail containing an activation link, which among other things determines the master password. The LastPass installer can then be downloaded from https://lastpass.com/misc_download.php The installer installs LastPass in all available browsers and stores the Tresor file centrally in the system. This is where LastPass differs from a simple browser extension, which normally does not leave the browser context.

If everything went well, a button will appear in the browser to open the vault.

01

To manage all access data, simply click on "My LastPass Safe". Here you can add websites, secure notes, groups or shared folders via the left column. A shared folder can be shared, so that all access data in this folder is visible to other users or user groups. There is also the possibility to limit the access rights so that users are only allowed to read, for example.

02

LastPass can also be used from the popup after clicking the browser button. Here you will also see directly matching login information, i.e. if a page is open for which there is access data in the Vault, it will be displayed directly or, depending on the settings, entered directly into the login form. This is visualized by a red border around the input fields.

03

A click on the entry in the popup shows further options.

04

When creating a new account it is recommended to use the already mentioned password generator. Since you do not have to remember the password, it can be very complicated.

05

In summary, the use of LastPass can solve all the security problems described above. There is no need to use easy to remember but insecure passwords, you can easily create a separate password for each access and sharing in a workgroup is no longer a security risk.

In addition, LastPass is also available as a mobile app for Android, iOS, Windows Phone, Blackberry, etc., so that you always have your confidential information and access data at hand when you are on the road.

Since only the 256-bit (AES) encrypted file is transmitted via SSL, I think LastPass is already sufficiently secure, because even if someone should get to the Tresor file, it is almost impossible to open the file.

If you want to add an additional protection layer, we recommend the 2-Step verification developed by Google, which can be used with LastPass. With this, in addition to the password, you have to enter a further code, which you receive by call, SMS or app on a previously registered cell phone, and which is only valid for a short time.

tl;dr

If you want to bring order into the password chaos you should have a look at the LastPass.com Enterprise Edition, you can learn how it works here.

coeno

< Previous article
Next article >
UX Power Days or Lean UX - what's the better approach?
The importance of aesthetics for UX - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
Is dependability the determining factor? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
How perspicuous does a VOD provider have to be? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
Who inspires the most trust? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
Who's the most novel? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
New web design for a new product
Measuring and analyzing products using quantitative tests
The complexity of simplicity, part 2
The complexity of simplicity, part 1
Enterprise UX - what helps the user, benefits the company
We too have a need for optimization - retrospectives for better cooperation
Internationalize Your Website
My internship semester at coeno
No value without benefit: What a good UX and a strong value proposition have in common
Website Builder - An attempt to break the magic triangle
Conception of a chatbot - a field report
Contract from Dubai: We conceive and design a video-on-demand app for children
Service apps - quick help for self-help
Voice assistants conquer the world
Concepted and designed with coeno: MySports for the Swiss Quickline
The usability of text - and how we can improve it
Good UX on chatbots - with these 12 tips it works!
Tips for the design of VR interfaces
VOD Everywhere - the name says it all
Innovation has method(s) with us
Innovation and Ideation Workshop: Interdisciplinarity rocks!
"I want to talk to your chatbot!"
Our team is growing: We are happy about two new colleagues
BMW i3 – digital #New territory?
Think Big, Reduce Later – why Mobile First does not always have to be first choice
Animations – Sketching, AfterEffects or CoreAnimator?
What does Sustainable UX actually mean?
Crazy error messages and how to avoid them
Backstage insights: How we visually reinvented ourselves
What is the green in the sauce?
TV-compatible content first!
Our vision and how we have developed it
My Facebook is not your Facebook - about simulated reality in its infancy
Why UX designers need a feel for their customers' business
"My" or "your" user interface?
UX is definitely there?!
Do we UX experts have to save the world?
Through Lisbon with UX glasses
Review of the UXLx conference in Lisbon
UX Design: research and try out
On-demand services benefit from attractively advertised content
Customer surveys are important. Does that also apply to us?
Cooperative Communication - Just another communication seminar or esoteric nonsense?
Why meetings so often go wrong and how we can prevent it
The Best Interface Is No Interface – A book recommendation
Giving the right feedback - constructive and goal-oriented
An interview with Maximiliane Wagner about the methodical procedure to generate creativity
Trends and UX challenges for 2016
About the "design" of wireframes
Successful World Usability Day in Munich
The fear of the user
Start the concept where the user also starts
Measure emotions: 10 metrics to track UX ROI
"With Sky, the user is the center of attention on every device!"
"Dickes B" - or: Why authenticity is somehow boring
Tips for UX Researchers
Why UX experts do large companies good
Update of the DB Navigator App: Many good things, but still not commuter friendly
Guest at Microsoft in Redmond
UX Camp Europe 2015 (Berlin)
UI principles for a smart home application
The way to a smart home
Product, People, Platform – UX London 2015
With Rapid Contextual Design to structured requirements
10 Theses on User Experience in the Smart Home
Read Kafka! Four ways to the aha-moment
Innovating with Rapid Contextual Design - a field report
How periscopes can change journalism
Interfaces out of control?
Material Design - What is behind the design trend 2015
Contemporary design for the Internet of Things?
Design Thinking - an experiment
Beyond UX: What makes OTT Services successful
Has the classic TV program guide had its day?
Violations of the dialogue principles using Axure as an example
Dialogue principles in their application: The Expert Evaluation
Human Machine Interfaces for washing machine, climatic cabinet & Co.
Dialogue principles of efficiency - rules for a usable product
The death of the EPG Grid on the TV
UX Trends 2015: Slippy versus Sticky
How do you make the user happy?
Adobe Photoshop as UI design tool, problems and alternatives
What is usability?
Form trouble? There is another way!
The many facets of Faceted Search
What users want
Everybody has everyday experiences - Development of user interfaces with the support of basic sensory experiences
Same, same - but different. How similar do apps on different platforms really have to be?
"I hate forms!"
IA Conference 2014 - Second day and conclusion
10 rules that make every UX successful and good - or not
IA Conference 2014 - Workshop on idea generation and first day
The age of the "Real Time Web"
Ice App - The experiment or does user involvement lead to better results?

Latest Posts

Lean UX oder UX Power Days - was ist besser?
Read more
Who inspires the most trust? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
Read more
How perspicuous does a VOD provider have to be? - A quantitative comparison of the user experience of Netflix, Amazon Prime Video and Disney+
Read more

Newsletter

Stay up to date!

With the newsletter, which is published 4 times a year, you will receive the latest news from our agency every 3 months. We will not use your e-mail address for any other purposes and you can easily unsubscribe from the newsletter at any time via a link in the mail footer.

Thank you! Your submission has been received!
Oh! Something didn't work. Please try again.

coeno GmbH

Kolosseumstr. 1a
80469 Munich

Show on Google Maps
+49 (0)89 856 389 810
sayhello@coeno.com
Navigation
Home
Services
Case Studies
Our Team
Blog
Contact
Terms of use
Imprint
Data protection
Follow us

We regularly share our knowledge and experience in implementing digital projects, systems and services. If you want to know more about UX, follow us on LinkedIn, Instagram or Facebook.

coeno Instagramcoeno Facebookcoeno LinkedIn
coeno Newsletter

We inform our subscribers in our ad-free newsletter a maximum of 4 times a year about the latest events, exciting projects and interesting information about UX and our agency.

Subscribe now