Lastpass for Work Computer
May 24, 2017 6:21 AM Subscribe
Just wondering if I should use LastPass on my work computer.
I have a laptop that only I use (and have access to) as I am a remote worker. This is the third laptop that I have been using since working with my company, so I often have to send it back and they send me an upgraded one. I use LastPass (as a Chrome extension) on my personal laptop and personal desktop at home. I don't require to access a lot of the sites that I need passwords for at work that often, but I do on occasion. I am just wondering if using the Chrome extension on my work laptop will be advisable? Meaning, once I have to return this one, can i simply uninstall the Chrome extension and no one using my computer after me will have access to my passwords, etc? Sorry, I am still fairly new to LastPass and how it works.
I have a laptop that only I use (and have access to) as I am a remote worker. This is the third laptop that I have been using since working with my company, so I often have to send it back and they send me an upgraded one. I use LastPass (as a Chrome extension) on my personal laptop and personal desktop at home. I don't require to access a lot of the sites that I need passwords for at work that often, but I do on occasion. I am just wondering if using the Chrome extension on my work laptop will be advisable? Meaning, once I have to return this one, can i simply uninstall the Chrome extension and no one using my computer after me will have access to my passwords, etc? Sorry, I am still fairly new to LastPass and how it works.
LastPass' vault is locally encrypted on your computer, so unless they're willing to throw supercomputers at it and your master password is secure and they don't use keyloggers on work computers, they won't be able to crack it if you're logged out etc. If you'd like to be even more secure for when you are 'cleaning' this computer when you stop using this laptop, you can:
1. Delete your local cache on your work computer and verify that it's gone
2. On your personal computer, change your LastPass password
3. Check to make sure you're signed out on your work computer (the password change should have ended all sessions). Do not sign back in on the work computer.
4. Uninstall LastPass on your work computer.
5. At this point, anything short of data recovery efforts + the aforementioned supercomputers will fail.
posted by flibbertigibbet at 6:36 AM on May 24, 2017 [4 favorites]
1. Delete your local cache on your work computer and verify that it's gone
2. On your personal computer, change your LastPass password
3. Check to make sure you're signed out on your work computer (the password change should have ended all sessions). Do not sign back in on the work computer.
4. Uninstall LastPass on your work computer.
5. At this point, anything short of data recovery efforts + the aforementioned supercomputers will fail.
posted by flibbertigibbet at 6:36 AM on May 24, 2017 [4 favorites]
And for context: I know my company doesn't use keyloggers, so my plan for this situation is to simply uninstall LastPass + change the password on my home computer.
posted by flibbertigibbet at 6:38 AM on May 24, 2017
posted by flibbertigibbet at 6:38 AM on May 24, 2017
My company doesn't allow me to install the chrome extension, however they are more than happy for me to use the bookmarklet. It's read only meaning that you cannot add new sites using it (so just to fill out existing ones) and can be easily revoked from another computer.
If you do decide to go with the extension then uninstalling it before you hand back the laptop would be enough to prevent someone else from using it.
posted by mr_silver at 6:44 AM on May 24, 2017
If you do decide to go with the extension then uninstalling it before you hand back the laptop would be enough to prevent someone else from using it.
posted by mr_silver at 6:44 AM on May 24, 2017
If you don't control the OS (that is, if you cannot reformat the laptop and install your own fresh copy of Windows or MacOS or Linux or whatnot) then you're subject to the theoretical threat of employer monitoring or keylogging or a number of other ways they could get your LastPass login.
So it comes down to the basics: do you trust your employer, and their IT department?
If it's rare use and you cannot remember passwords, use LastPass on your phone or your own device and manually look them up when needed. Or use, like, a paper notebook. Like e-voting vs paper, the old way is probably the only truly safe one.
posted by rokusan at 6:58 AM on May 24, 2017 [1 favorite]
So it comes down to the basics: do you trust your employer, and their IT department?
If it's rare use and you cannot remember passwords, use LastPass on your phone or your own device and manually look them up when needed. Or use, like, a paper notebook. Like e-voting vs paper, the old way is probably the only truly safe one.
posted by rokusan at 6:58 AM on May 24, 2017 [1 favorite]
If this is a work computer IT policy will probably dictate if you are allowed to use LastPass. Even though LastPass is generally considered secure you are still storing company credentials (along with personal credentials) with a third party with which your organization likely does not have any type of formal business agreement with.
posted by jmsta at 6:58 AM on May 24, 2017 [2 favorites]
posted by jmsta at 6:58 AM on May 24, 2017 [2 favorites]
If you turn on multifactor authentication, somebody who knows the password won't be able to login to LastPass unless they also have your second device you use to authenticate. If you check the "Trust this computer for 30 days" option when you authenticate, they'll be able to login with your password only unless you go remove the work laptop from the Trusted Devices list through the LastPass vault. You might also want to disable offline access in the Account Settings/Multifactor Options/edit screen then.
posted by mattamatic at 8:37 AM on May 24, 2017
posted by mattamatic at 8:37 AM on May 24, 2017
If you use a yubikey you can do 2fa and not have vault access unless they have the password and your fob.
posted by winna at 8:59 AM on May 24, 2017
posted by winna at 8:59 AM on May 24, 2017
An alternative to Chrome that works very well is Firefox for this purpose. Our Corporate IT will not allow Chrome on work computers, having settled on IE as their choice for all our work apps. Firefox installs cleanly, and the LastPass extension works great on it. All of this is sanctioned by our IT as acceptable.
I could but don't install LP on Explorer. This allows me to keep work and personal a bit separate. Our corporate apps are a bit shakey, so two browsers allows me to have a clean setup in IE for work with no extras which might cause problems.
posted by bonehead at 9:55 AM on May 24, 2017
I could but don't install LP on Explorer. This allows me to keep work and personal a bit separate. Our corporate apps are a bit shakey, so two browsers allows me to have a clean setup in IE for work with no extras which might cause problems.
posted by bonehead at 9:55 AM on May 24, 2017
Use Lastpass Pocket instead. It installs on a USB stick and doesn't leave any secret data on the host PC.
posted by aramaic at 10:24 AM on May 24, 2017 [1 favorite]
posted by aramaic at 10:24 AM on May 24, 2017 [1 favorite]
What about using LastPass on your phone instead of on the work computer? It costs $12 per year, but it is well worth it.
posted by soelo at 1:32 PM on May 24, 2017 [1 favorite]
posted by soelo at 1:32 PM on May 24, 2017 [1 favorite]
« Older Help identify this Greek spoken word performance I... | New Hampshire: the next level Newer »
This thread is closed to new comments.
If you're worried about it, you can configure LastPass to prompt for your master password every time you try to fill a password.
posted by gregr at 6:35 AM on May 24, 2017 [2 favorites]