1.0 Background of Encryption Tools
Encryption is a protection method
that uses an internet-based algorithm key to obscure data from any unverified
viewers. Encryption tools change the data during transfer so that individuals
who see the data afterward can't understand or access it without the key. Once
the data arrives at an intended destination, you can also use tools to decode
messages so they're readable again.
For the encryption tool “LastPass”, it
used to secure an account begins the moment it’s created. When a user creates
their master password, it’s used to generate a unique encryption key, even when
enabling passwordless login. The master password and the encryption key are
never sent to or shared with LastPass.
1.1 Installation and demo manual
Get LastPass for free at the official website https://www.lastpass.com/
Try
import password to LastPass.
Select
google chrome icon to see how to import password.
Check
the steps for importing password file.
From
chrome browser, go to settings > autofill > password manager.
Click
on export password.
A password csv file will be downloaded.
Upload
the csv file to LastPass website.
Successfully imported password.
- Confidentiality
LastPass’s user are protected through LastPass’ zero-knowledge security model. Zero-knowledge means that no one has access to user decrypted Master Password, vault, or vault data except the account owner. To ensure that only authorized access is granted to user vault, we use industry-standard mechanisms, such as AES-256 encryption and PBKDF2 hashing plus salting, to keep user Master Password safe. This is an industry standard that all password managers should adhere to.
- Integrity
LastPass using different security product architecture to protect user data, which is private master password, end-point encryption, 256-bit AES encryption and PBKDF2-SHA256 for brute-force attacks. Private master password means LastPass does not send or store the master password and cannot access user account. End-point encryption is devised to allow only the user to decrypt and access their vault. Encryption happens exclusively at the device level, rather than on LastPass’ servers. Sensitive data is encrypted before being synced to LastPass for safe storage. Next, 256-bit AES encryption is an algorithm which widely accepted as impenetrable, it’s the same encryption type utilized by banks and the military. Last, PBKDF2-SHA256 for brute-force attacks PBKDF2 strengthens the master password and encryption key against largescale, brute-force attacks by increasing the amount of time it takes to make even one guess for a password. LastPass uses SHA-256 and performs 100,100 rounds of PBKDF2 to create the encryption key, before creating the user’s login hash. By slowing down brute force attacks, PBDKF2 makes it difficult to try cracking even just one master password.
- Availability
LastPass is a free encryption tool for every user. It is also supported
on Windows, Mac, Linux, and mobile platforms so all of the user’s data is
stored in a centralized place and is accessible from anywhere, anytime. User
can get the LastPass by add into browser extensions, desktop, and mobile
application.
- Authentication
LastPass’ multifactor authentication solves remote user authentication in a simple, user-friendly way which including passwordless login. Safely allow employees to access their work from anywhere while improving compliance regulations by adding MFA(Multifactor Authentication) to access points, including Password Vaults, Single Sign-on (SSO) Cloud Apps, VPNs, Workstations, Identity Providers, and LDAP/RADIUS On-Premises.
- Access Control
LastPass can access control from anywhere. Users can enable passwordless
login to the LastPass vault via the LastPass Authenticator App. With LastPass
Authenticator, user will receive a push notification on their phone. Tapping
“Accept” completes the authentication process, and LastPass grants access to user’s
vault. Alternatively, user can type in the 6-digit code generated on the
LastPass Authenticator app to finish authenticating.
Comments
Post a Comment