Getting Started with LastPass Families

Getting your password security in order should start at home.  LastPass is just one of the well regarded password management systems available for this purpose. LastPass Families makes LastPass available for up to 6 family members with a single subscription.  The following guide provides some useful pointers to getting started with LastPass Families.

What Is LastPass?

Allows up to 6 family members to share one subscription for around $72/year (or free for some business subscription users).

• Save and manage passwords, credit card and bank account details an secure notes.
• Each family member has their own password vault, not visible to other members.
• Can also setup and share Folders with selected family members to share items.
• Each family member can link their personal LastPass vault to their LastPass work account (if they have one) so you can search both work and personal from the same screen.

LastPass Families is not a substitute for company/work password management, but can be used for your work passwords that are not shared with other staff (ie that use your personal work email address).

Setting Up LastPass Families

1. Goto https://www.lastpass.com/
2. Select Personal…Families, click the Buy Now button and sign up.
3. Use your personal home email address. Use an address which is not likely to change over time. Make sure you have MFA turned on for your personal email account.
4. You will be a family administrator.
5. During signup, you are creating a Master Password for your personal LastPass account. This password cannot be recovered and resetting the master password is not simple. Use a 3 or 4 word phrase with a number/s to make it easy to remember. Longer is better. Eg.  99BlackChickensEatDucks

Once You’ve Logged In To LastPass

Add A Few Passwords as a Test

The standard view when you log into LastPass is your vault view, where you can use and add/change/delete passwords and other items.

1. Click the big + at the bottom of the screen, then click Add Item.
2. Select the item type from the list of options, try password.
3. Add details for a website you login to regularly, ignore the Folder field for now.
4. You will see the new item added to your personal vault (nobody else will be able to see it), hover over the item and click Launch to try it.
5. You need to add the LastPass web browser extension (see below) to make LastPass really useful.

Add Family Members

1. Click Manage Family from the left menu pane.
2. Click Add Family Member and complete the details. Use personal email addresses that are unlikely to change over time.
3. Make each person a “Member” by default, select “Family Manager “if you want another person to help with adding/removing family members from the subscription (they can’t access member’s passwords).
4. Each person added will receive an email invitation and they will need to complete the setup of their own account (see below).

Personal and Shared Folders

There are two types of folders – personal folders and shared folders. It’s better to add family members before setting up shared folders.

Every item you add to LastPass is added to your personal vault, unless assigned to a shared folder. You can create folders to help you categorise items. Each item can be assigned to one folder, or no folder in which case it appears at the top of your vault.

Folders you create are only visible to you unless you specifically designate them as shared and select which family members to make the folder (and its contents) available to.

To create a folder:

1. Click the red + at the bottom of the vault page and select Add New Folder.
2. This creates a personal folder, family members cannot see personal folders.

To share the folder after it is created:

1. Hover over the folder name and right click, then select Share from the popup menu.
2. You can decide what to name the shared folder and decide who can access the folder (Administrator level means they can add/edit/delete items).
3. Once a folder is shared it cannot be deleted or renamed from the vault view, use the Sharing Center menu option to edit shared folders.

Sharing Center

Use the Sharing Center menu option from the left pane to rename, delete and stop sharing shared folders.

Setting Up Your Account

For Invited Family Members

1. Click the invitation linked emailed to you and create your personal LastPass account.
2. During the setup, you are creating a Master Password for your personal LastPass account, this password cannot be recovered and resetting the master password is not simple. Use a 3 or 4 word phrase with a number/s to make it easy to remember. Longer is better. Eg. 99BlackChickensEatDucks

Once You’re Logged Into Your Personal LastPass Account

Any passwords and other items you add are created in your vault. Other family members cannot see your items unless you select a shared Folder for the item.

Complete the following steps to make your account secure and get the most from LastPass.

Step 1: Setup LastPass Dark Web Monitoring

LastPass will alert you if any of the websites you use is breached, possibly exposing your username and password for that site to hackers.

1. Click Security Dashboard from the let pane menu.
2. Click Start monitoring to turn on Dark Web Monitoring.

Step 2: Setup LastPass Emergency Access

Give someone you trust access to your password vault for emergencies.

1. Click Emergency Access from the let pane menu.
2. Click the big + at the bottom of the screen, then add one or more people you trust.

Step 3: Setup LastPass MFA

You should always use multi-factor authentication (MFA) to login to LastPass. You do not need to do this every time you use LastPass, just whenever you need to login. Even if an attacker discovered your master password they still cannot access your vault if you have MFA turned on.

1. Click Account Settings from the left menu pane.
2. Click the Multifactor Options tab on the popup window.
3. Enable the MFA option that suits you, Google Authenticator is the most commonly used.
4. Complete the MFA enrolment process. It’s a bit painful but necessary.

Step 4: Setup LastPass SMS Account Recovery

This is your “get out of jail” option if you forget your master password. Importantly, there are a couple of requirements to make this work, read the article below for details.

1. Click Account Settings from the left menu pane.
2. Click the General tab on the popup window.
3. Add a mobile number under SMS Account Recovery.
4. Read the following article. SMS account recovery will not work until a web browser has been setup as per this article.

Step 5: Install the LastPass Mobile App

Access your vault from your mobile or tablet to login to apps or sites using credentials stored in your LastPass vault. From the app store on your device, install the LastPasss Password Manager app and login.

Step 6: Add the LastPass Browser Extension to Chrome/Edge/Firefox

This is the most useful feature of LastPass. It will auto-fill the username and password fields for sites that have been added to your LastPass vault. This allows you to use long, unique, generated passwords for every app/site you use.

1. In your browser, got add Extensions (different for each browser) and select LastPass: Free Password Manager.
2. Make sure the extension is enabled, then you will be prompted to login to LastPass when you click on the LastPass icon in the list of extensions in your browser. If the icon is black you are not logged in, red is logged in and yellow is logged in but with a warning (click the icon twice to turn it red).
3. Click the LastPass extension icon to see the menu.
4. Spend a few minutes to understand what each menu option does, its well worth the effort.
5. See this article for tips.

Best Practices

This is the important part to make your digital life secure.

Let LastPass Generate Your Passwords

Since LastPass will automatically fill in your username and password when logging in, you can use long complex passwords, and most importantly you never need to reuse the same password (a common way people’s accounts are hacked).

When signing up to new apps and sites, use the Generate Secure Password option from the LastPass browser extension menu (also available in the LastPass mobile app). Create long passwords (24+ characters is best) with letters, numbers and symbols.

Inventory of All Your Passwords

Spend a couple of hours and go through every account you have for anything and add the details to LastPass. You will end up with your entire digital life in one place, making it much easier to manage. You can even add credit card and bank account details and many other types of items.

Reset Reused and Weak Passwords

Now everything is in LastPass, click the Security Dashboard menu option from the left pane and check your security score. LastPass will list all items with reused and/or weak passwords. This is your chance to go through each one and reset the password to a LastPass generated password.

Multi-Factor Authentication for Everything

You need to assume every one of your accounts will get hacked at some stage. Complex passwords are essential but don’t help if you get phished or protect you from a key logger virus.

Turn on MFA for every site containing sensitive data. This should include bank accounts, your Google account, Twitter, facebook etc

Google Authenticator is the most commonly used authenticator for MFA but there are other options as well. Many accounts offer SMS MFA or email MFA.

When setting up MFA for each account you will often be given the option to generate one-time recovery codes. If so, generate the codes then copy and paste them into the item in LastPass under Notes. You can use these codes to access the account in the event you lose your phone and can’t access your MFA authenticator.

LastPass Help

There is a Help menu item on the left pane menu of your LastPass vault. There is a lot of good content if you need extra help.