LastPass email login vs recovery
I recently started using a password manager, specifically LastPass. I have understood how the app works internally to store, encrypt and give me access to my passwords. My question that does not feel intuitive is what is the best policy to create a login for the app.
Of course I need to use an email account to create the LastPass account. My concern is that is if I use LastPass to store my login credentials for that email account, then forgetting my master password means that I have no access to my email. And no access to my email equals no way to recover my LastPass account. On the other hand, if I keep my email login independent, then my LastPass account is as safe as my email password.
Should my email and LastPass accounts have 2 different strong passwords, the same password, or let LastPass create a login for my email? The first choice makes it harder to remember two different complex passwords. The other two choices have obvious drawbacks in case you need password recovery.
security passwords password-management
add a comment |
I recently started using a password manager, specifically LastPass. I have understood how the app works internally to store, encrypt and give me access to my passwords. My question that does not feel intuitive is what is the best policy to create a login for the app.
Of course I need to use an email account to create the LastPass account. My concern is that is if I use LastPass to store my login credentials for that email account, then forgetting my master password means that I have no access to my email. And no access to my email equals no way to recover my LastPass account. On the other hand, if I keep my email login independent, then my LastPass account is as safe as my email password.
Should my email and LastPass accounts have 2 different strong passwords, the same password, or let LastPass create a login for my email? The first choice makes it harder to remember two different complex passwords. The other two choices have obvious drawbacks in case you need password recovery.
security passwords password-management
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03
add a comment |
I recently started using a password manager, specifically LastPass. I have understood how the app works internally to store, encrypt and give me access to my passwords. My question that does not feel intuitive is what is the best policy to create a login for the app.
Of course I need to use an email account to create the LastPass account. My concern is that is if I use LastPass to store my login credentials for that email account, then forgetting my master password means that I have no access to my email. And no access to my email equals no way to recover my LastPass account. On the other hand, if I keep my email login independent, then my LastPass account is as safe as my email password.
Should my email and LastPass accounts have 2 different strong passwords, the same password, or let LastPass create a login for my email? The first choice makes it harder to remember two different complex passwords. The other two choices have obvious drawbacks in case you need password recovery.
security passwords password-management
I recently started using a password manager, specifically LastPass. I have understood how the app works internally to store, encrypt and give me access to my passwords. My question that does not feel intuitive is what is the best policy to create a login for the app.
Of course I need to use an email account to create the LastPass account. My concern is that is if I use LastPass to store my login credentials for that email account, then forgetting my master password means that I have no access to my email. And no access to my email equals no way to recover my LastPass account. On the other hand, if I keep my email login independent, then my LastPass account is as safe as my email password.
Should my email and LastPass accounts have 2 different strong passwords, the same password, or let LastPass create a login for my email? The first choice makes it harder to remember two different complex passwords. The other two choices have obvious drawbacks in case you need password recovery.
security passwords password-management
security passwords password-management
edited Dec 13 at 11:14
asked Dec 8 at 19:22
Savvas
117
117
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03
add a comment |
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03
add a comment |
2 Answers
2
active
oldest
votes
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account.
Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass.
It is still a good idea to keep the password somewhere safe and to define a good
hint (which is absolutely not identical to the password).
If LastPass is hacked, which did happen in the past, then only your hint is
compromised.
The data LastPass keeps for you is encrypted and without your password it is
unusable to anyone who hacks the LastPass website and gets it.
I am very much against the reusing of passwords, so would not advise
reusing the same password for LastPass as for your email.
An attacker would only need to crack one password to achieve access
to multiple accounts of yours.
LastPass offers the option of generating the password per site.
This I also don't like, since these passwords are long and without
meaning, so are impossible to remember. This means that you may only
access your email using LastPass, and need to install it on every
device where you want to consult your email.
You can easily create memorable passwords for websites by embedding
parts of their names in a sentence that is easy to remember.
For example, "++this is my password for supersuser of the com domain!!"
is easy to remember but impossible to crack mechanically.
LastPass then will make login easier, but will not be essential
or irreplaceable.
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
add a comment |
LastPass only Stores your passwords, it isn't the only way to login, even if you use a password generator. You can still manually enter your password into GMail or Outlook without LastPass.
I would use my main email and still store it in LastPass, then write down my email/Master password down and lock it away in a safe.
Edit: I just realized that harrymc pretty much answered the question before me.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381947%2flastpass-email-login-vs-recovery%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account.
Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass.
It is still a good idea to keep the password somewhere safe and to define a good
hint (which is absolutely not identical to the password).
If LastPass is hacked, which did happen in the past, then only your hint is
compromised.
The data LastPass keeps for you is encrypted and without your password it is
unusable to anyone who hacks the LastPass website and gets it.
I am very much against the reusing of passwords, so would not advise
reusing the same password for LastPass as for your email.
An attacker would only need to crack one password to achieve access
to multiple accounts of yours.
LastPass offers the option of generating the password per site.
This I also don't like, since these passwords are long and without
meaning, so are impossible to remember. This means that you may only
access your email using LastPass, and need to install it on every
device where you want to consult your email.
You can easily create memorable passwords for websites by embedding
parts of their names in a sentence that is easy to remember.
For example, "++this is my password for supersuser of the com domain!!"
is easy to remember but impossible to crack mechanically.
LastPass then will make login easier, but will not be essential
or irreplaceable.
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
add a comment |
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account.
Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass.
It is still a good idea to keep the password somewhere safe and to define a good
hint (which is absolutely not identical to the password).
If LastPass is hacked, which did happen in the past, then only your hint is
compromised.
The data LastPass keeps for you is encrypted and without your password it is
unusable to anyone who hacks the LastPass website and gets it.
I am very much against the reusing of passwords, so would not advise
reusing the same password for LastPass as for your email.
An attacker would only need to crack one password to achieve access
to multiple accounts of yours.
LastPass offers the option of generating the password per site.
This I also don't like, since these passwords are long and without
meaning, so are impossible to remember. This means that you may only
access your email using LastPass, and need to install it on every
device where you want to consult your email.
You can easily create memorable passwords for websites by embedding
parts of their names in a sentence that is easy to remember.
For example, "++this is my password for supersuser of the com domain!!"
is easy to remember but impossible to crack mechanically.
LastPass then will make login easier, but will not be essential
or irreplaceable.
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
add a comment |
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account.
Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass.
It is still a good idea to keep the password somewhere safe and to define a good
hint (which is absolutely not identical to the password).
If LastPass is hacked, which did happen in the past, then only your hint is
compromised.
The data LastPass keeps for you is encrypted and without your password it is
unusable to anyone who hacks the LastPass website and gets it.
I am very much against the reusing of passwords, so would not advise
reusing the same password for LastPass as for your email.
An attacker would only need to crack one password to achieve access
to multiple accounts of yours.
LastPass offers the option of generating the password per site.
This I also don't like, since these passwords are long and without
meaning, so are impossible to remember. This means that you may only
access your email using LastPass, and need to install it on every
device where you want to consult your email.
You can easily create memorable passwords for websites by embedding
parts of their names in a sentence that is easy to remember.
For example, "++this is my password for supersuser of the com domain!!"
is easy to remember but impossible to crack mechanically.
LastPass then will make login easier, but will not be essential
or irreplaceable.
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account.
Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass.
It is still a good idea to keep the password somewhere safe and to define a good
hint (which is absolutely not identical to the password).
If LastPass is hacked, which did happen in the past, then only your hint is
compromised.
The data LastPass keeps for you is encrypted and without your password it is
unusable to anyone who hacks the LastPass website and gets it.
I am very much against the reusing of passwords, so would not advise
reusing the same password for LastPass as for your email.
An attacker would only need to crack one password to achieve access
to multiple accounts of yours.
LastPass offers the option of generating the password per site.
This I also don't like, since these passwords are long and without
meaning, so are impossible to remember. This means that you may only
access your email using LastPass, and need to install it on every
device where you want to consult your email.
You can easily create memorable passwords for websites by embedding
parts of their names in a sentence that is easy to remember.
For example, "++this is my password for supersuser of the com domain!!"
is easy to remember but impossible to crack mechanically.
LastPass then will make login easier, but will not be essential
or irreplaceable.
edited Dec 13 at 12:07
answered Dec 12 at 17:46
harrymc
253k12260563
253k12260563
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
add a comment |
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I have understood how LastPass encrypts my data and that I can actually type in manually the passwords it stores. The thing I'm looking an answer for is about which policy is considered better in terms of security and usability. Password managers have a catch phrase in the style of "one big password is enough". Should my email and LastPass accounts have the same password, 2 different strong passwords, or let LastPass create a login for my email? All three choices have obvious drawbacks in case you need password recovery.
– Savvas
Dec 13 at 11:10
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
I added some discussion of these options.
– harrymc
Dec 13 at 11:22
add a comment |
LastPass only Stores your passwords, it isn't the only way to login, even if you use a password generator. You can still manually enter your password into GMail or Outlook without LastPass.
I would use my main email and still store it in LastPass, then write down my email/Master password down and lock it away in a safe.
Edit: I just realized that harrymc pretty much answered the question before me.
add a comment |
LastPass only Stores your passwords, it isn't the only way to login, even if you use a password generator. You can still manually enter your password into GMail or Outlook without LastPass.
I would use my main email and still store it in LastPass, then write down my email/Master password down and lock it away in a safe.
Edit: I just realized that harrymc pretty much answered the question before me.
add a comment |
LastPass only Stores your passwords, it isn't the only way to login, even if you use a password generator. You can still manually enter your password into GMail or Outlook without LastPass.
I would use my main email and still store it in LastPass, then write down my email/Master password down and lock it away in a safe.
Edit: I just realized that harrymc pretty much answered the question before me.
LastPass only Stores your passwords, it isn't the only way to login, even if you use a password generator. You can still manually enter your password into GMail or Outlook without LastPass.
I would use my main email and still store it in LastPass, then write down my email/Master password down and lock it away in a safe.
Edit: I just realized that harrymc pretty much answered the question before me.
edited Dec 12 at 17:44
answered Dec 12 at 17:21
Pancakedinner
1975
1975
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381947%2flastpass-email-login-vs-recovery%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
LastPass only keeps the password to your email account and nothing prevents you from entering manually that password when logging to your email account. Forgetting the master password in effect denies you access to your LastPass database of form-fills & passwords, but does not block any of the services whose forms & passwords you have stored in LastPass. Or have I misunderstood your question?
– harrymc
Dec 11 at 13:03