Let’s talks security: LastPass finally becomes useful in redesigned new app for Windows Phone

LastPass: When you have been on the internet for as long as we have and have as many passwords stored as we do, apps like LastPass get filed under “necessity” for immediate installation. The app has been on Windows Phone for some time but it was always kind of “meh”. That’s our technical lingo for saying it was missing features.

Luckily for us, the app has been bumped to version 1.9 and with a slight redesign and some added new features the app has become very useful for those who have amassed a tome of passwords over the years.

For those of you who aren’t familiar, LastPass (www.lastpass.com (opens in new tab)) is a service that acts as a password vault for your PC, Mac, Windows Phone…basically every platform out there today. You can use one master password which will allow you to login to the app and you can see everything.

On the PC, LastPass integrates with your browser (they support all of them) and you can have it auto-fill your login information for sites, making the experience “hands free” whenever a username/password screen pops up. Likewise, it can auto-fill your personal and credit card information.

We also dig the ability to use a YubiKey (opens in new tab) (multifactor authentication) on our PCs which adds another level of security. Basically on any of our devices, you need a literal USB key that generates a random, one time password sequence to unlock the app. That means even if our master password is compromised, you still can’t access our vault. Plus you kind of feel like a badass when using it (cue techno music).

(YubiKey recently made an NFC enabled tool (opens in new tab) that will work with Windows Phone. Our hunch is LastPass will eventually allow this to work with their app to bring multifactor authentication to your phone. Holla!).

Back to LastPass mobile, the Windows Phone app would sync to your account and pull down your passwords and sites. So far, that seems fairly obvious for such an app. Likewise, you could have it launch IE embedded within the app and go to your respective sites and auto-login.

The stupid thing that was missing was you couldn’t actually see your password…ever. So for instance we needed my Fandango password the other night when trying to use their mobile app on my phone, but alas, LastPass was useless as all it showed was ************** with no way to peek behind the mask. [Edit: According to comments this feature was there, just really hard to find.]

Thankfully, version 1.9 of the app fixes that and now you can hold down any site and “Copy password”, allowing you to easily transition between sites or even apps on your Windows Phone. Likewise you can launch the site, edit, copy username or even pin that site to your Start screen. In other words, the app is what it always should have been.

You do need to be careful though as the app can stay open in the background, meaning anyone could have your master list should you leave your phone. For that, we suggest you always back out of the app or use the Logoff command. You can optionally leave the app signed in, but that’s one heck of a security hole if you ask us. (Another option is to set a PIN, which will allow you use a more temporary password each time the screen locks. This also works if you have it auto-save your password).

LastPass for Windows Phone is technically free but you do need the Premium account to use it, which costs a reasonable $12 a year (opens in new tab). If you don’t need it on mobile, you can of course use the service for nothing. The app though is suppose to have a 14-day free trial to try it out with your LastPass account.

You can pick up LastPass here in the Windows Phone Store. 

QR: LastPass

Daniel Rubino

Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been here covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, Microsoft Surface, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics and ran the projectors at movie theaters, which has done absolutely nothing for his career.

  • So no autofill, which is obviously an IE problem as MS will never allow add ons and will always keep IE super basic. :/
  • It autofills within the app. It uses IE embedded and autofilled my Facebook info.
  • Ill have to try it again then.
  • Ok, its not too bad but it'd be much better if you could do it within IE itself. Not the devs fault though since they don't have that access.
  • Safari on iOS doesn't allow this kind of access either. It would be amazing it did have access in IE, or even access to other Apps.
  • Where are data stored? On my SkyDrive or on other service..?
  • It's their own service, not SkyDrive. You can read about their security here: https://lastpass.com/whylastpass_technology.php
  • Thank The Lord almighty. Only need to get WhatsApp fixed and I can ditch my iPhone. 
  • I've always been able to view/copy usernames and passwords, although it's much more straightforward in the new version. In the older version, you'd have to click "Edit" then hit the elipses at the bottom to bring up the options.
  • For the life of me I swear you are lying as I did everything I could to find 'em, lol but I'll take your word on it ;)
  • You get a pass, since you gave a heads up on the YubiKey NEO. :)
  • He's right...hitting edit allowed you to do this previously.
  • Yea, same here. I could always do this. I like the new interface!
  • But even the old version allowed this by clicking the edit option and then the menu bar gave acces to the password. Does look nicer though.
  • I just use OneNote for storing my passwords. But still cool app. Any reason I'm not seeing where this would be more useful then creating "passwords" on OneNote?
  • Sure, OneNote doesn't integrate with your webbrowser on your PC. This will (can, it's optional) autofill and autologin you into a site which saves a LOT of time, especially if you have a lot of different passwords. The ability to have this integrate with every single browser and run on any OS is a pretty awesome feat and is great if you do online shopping but don't want to store things insecurely.
  • Oh thanks, ya that is a pretty sweet feature! Dang might have to get it.
  • I used to store confidential information in OneNote too but I'm too concerned that if ever my computer is hacked, they will have the keys to my kingdom.
  • Test
  • Press and hold to get the copy password option has been there for months.
  • I can confirm this too - I've been using it for months this way. Admittedly, the new version automatically pops up the menu when you click on an item, which makes it much more obvious - but press-and-hold has been there for months.
    Perhaps an update of the title would be in order, given that it has always been useful and you just failed to spot the feature? :P
  • I *did* update the story to reflect that about 15 mins after it was posted. It's still more useful now that it's be redesigned.
  • More *obviously* useful :)
  • Is this safe to use on a computer that is infected with malware and viruses?
  • BTW the password feature was hidden in the previous version. Having said that, this is a welcome update.
    Also for folks who dont want to use a usb key can use Google Authenticator (which is available from 3rd party on the WP8 store) and use 2-factor authenticator. I use it on my Lumia 920 in conjunction with last pass and can vouch that it works just fine.
    You can use yubi key or GA but not both (which is expected).
  • Seems like a prime site for hacking to me. You hear about lots of supposedly safe sites and accounts being hacked, so one that holds all your passwords? Call me what you like but I'll give this baby a miss lol.
  • Steve Gibson looked into them and approved. http://www.grc.com/sn/sn-256.htm
  • Search for "Even the iPad" on the Security Now podcast transcript that peeder linked to and you can jump right to the heart of the matter.
    After hearing that podcast two years ago I immediately signed up for LastPass.
  • +1. No way. You've got to be out of your mind to use a service like this.
  • I beg to differ.  I've been using this service for 5+ years.  It's top-notch, it allows me to have super strong passwords for all sites/accounts that I use without the need to remember or write them all down.  I simply have to remember one super strong password.  You can't beat it for $12/year, its an awesome service.
  • I'm not commenting on its features or price, but the fact that you are entrusting strangers with your credentials for the sake of convenience. I guess I'm just not that trusting.
  • I agree. I was really disappointed when I read it stored passwords on the server.
  • Password management was a glaring hole when I ditched Android for WP8. I had been using Moxier Wallet for years, but it turns out that Windows Phone is about the only platform they don't support. After MUCH searching and testing, I finally landed on StrongBox for password management between my Lumia 810 and my Mac. Needs some polish on the interface, but the functionality was exactly what I was looking for. So far, the dev seems to be responsive so I'm hoping that we'll see some interface improvements soon (it's not horrible, just needs some tidying up). StrongBox also adds shared "boxes" so I can, for example, share passwords and other sensitive information with clients using a shared, encrypted store, or my wife and I can access each others boxes (just in case of emergency).
  • SkyWallet still has my vote, free service, & stores on my SkyDrive. Nice to see other apps improve though
  • I'm with you on SkyWallet, but the auto fill feature is pretty tempting.
  • Skywallet doesn't auto fill?  I use LastPass on the desktop but I agree, this is tempting.
  • +1
  • I've always used Password Manager for this purpose. Information is backed up to SkyDrive there and migrating was pretty easy from my Lumia 900 to 920 (unlike everything else off of the phone...Microsoft is probably the absolute worst when it comes to backing up and restoring data unfortunately).
  • I use the lastpass mobile website. :) Very friendly in my 900.
  • Show password and Copy password menu options where not that hard to find (still in same place in the update:open a one record, tap three dots for the menu). It did take an awful long set of taps to get there though, and the all-app-one-Pivot-control design was usability crap. This is a *very* big step in the right direction. I like it! As soon as I have a WP8 device with NFC and the LastPass app supports it, I will be trading in my current YubiKey for a YubiKey NEO in a heartbeat..
  • For those complaining about this service using data that is stored remotely; you really should read up on how encryption actually works before posting a judgment on something you haven't taken the time to fully understand.
    All password data is encrypted and decrypted locally before being sent or received between either client or the remote host. So even if the remote servers were hacked (and your data accessed) it would be next to worthless in it's remotely encrypted state.
    You can also enable 2 or 3 factor authentication if you really want to be safe.
    This service is top draw both for convenience and more importantly security.
  • +1
  • I love LastPass... but at the same time, it's ridiculous that WP8 doesn't have a save passwords option in IE10... ideally synced with Windows 8 / RT.
  • I wish iAccounts (iOS) would make it's way to WP.
  • So, is there one app that will sync user/password info both between Windows 8 on my phone as well as Windows on my tablet?
  • Yep, have used LastPass for years and last year they bought XMarks, which syncs browser bookmarks across all your browsers and devices. Also, LastPass has an Enterprise version that allows SingleSignOn (SSO) and AD integration, Mobile Device Management, etc. Very handy for companies that have single username/passwords that are shared between employees on certain websites and such.