Wednesday, May 22, 2013

For Veteran LastPass Users - Update Your Password Iterations Value!

I'm going to assume you're using LastPass to manage all of your passwords. For us VMware nerds, it's perfect for keeping track of the various vSphere Web Client logins we accumulate over time. You are using separate credentials for each site, right?

I've been a user and fan of LastPass for years. So long in fact, that I've apparently been overlooking a few settings that LastPass has introduced lately. Specifically, I've neglected to update my Password Iterations value.

Here's what it looks like for us old timers:

You'll notice right away that the red text is floating the suggestion to you to raise the iterations used to create your master encryption key. If you're into light cryptology, click the More link to learn about how LastPass uses SHA-256 and PBKDF2. Otherwise, simply update the field above to 5000 and click the Increase Iterations button. You'll need to re-enter your password to start the key generation process.

It will only take a few seconds for this process to complete. When it's done, you will need to login to LastPass again. This is because your encryption key has been re-created, so your current session is no longer valid.

If you're using Firefox, here's what you'll see:

Just login again (your password hasn't changed as a result of this process), and you're done!

It's important to keep in mind that, when you're an early adopter, it's easy to miss out on new features or capabilities that are introduced but are not retroactively applied to your account.