A client asked me the other day, what I use as my password manager. I think this is an important topic to discuss, as everyone has their password stolen/compromised at some point. Lets first take a look at why you would want a password manager.
Why Passwords Suck
There are a bunch of reasons, so lets look at some of them:
- Remembering Them:You have a (or several) email passwords, bank passwords, work passwords, car insurance web site passwords, facebook, etc. Keeping track of all these passwords is just impossible.
- Writing the password down means someone could find where you have written it down and steal your password. Plus that means if you’re not at that location, you can’t use that password. You could use Perfect Paper Passwords, but thats for another topic.
- Complexity: In order to have a good password, you have to add complexity. Upper, Lower, Length, Special Characters… The list goes on and on. The more complexity, in general, the harder it is to remember the password. Most of the time, people will start their password with a capital letter, and add either a number, a special character, or both to the end. Then, as the password is forced to be changed, the easiest change happens: shift the last character (or two) up one. Password1 becomes Password2.
- Password Re-use: Almost everyone is guilty of using the same password for multiple logins. When you have TONS of passwords to remember, it is just easiest to remember one and use it for all the logins. The problem with this is if one of your passwords gets compromised, all of them are toast.
How To Solve The Password Problem
I love LastPass because it has taken the overly complex job of password management, and made it extremely simple. So, how does it work?
A LastPass account has a Master Password which protects all of your passwords. This is the only password you will ever have to remember. This password should be complex and long. It isn’t a bad idea to take the most complex password you use now, and just do that password twice. That way you can remember it, and it is long/complex.
LastPass is extremely flexible, you can get your passwords from their website (if your using a public computer, or a friend’s computer), from your mobile phone, or from a web browser plugin. This means it is almost impossible to find yourself in a situation where you are unable to get your passwords.
Lastpass has a tool which can generate secure passwords for you. You can specify the length, and a few (simple) complexity rules. This helps it adapt to different complexity requirements that you may face.
Web browser integration is one of the key parts that makes a password manager really shine. Once LastPass is installed, (and integrated into the browser) you simply go about your day. LastPass will notice you logging in to a website, and ask if you want to store the credentials into LastPass. Once you do this, the next time you go to the same site, you can simply click the ‘AutoFill’ button, and LastPass will take care of the rest. You never have to remember the password again!
When the time comes to change your password, LastPass will pop up and ask you if you want it to create your new password for you. This will help you make more complex passwords, as well as stop reusing the same ones over and over again.
There is also an option to prevent LastPass from AutoFilling credentials, unless the LastPass Master Password is entered. This is good for logins such as bank accounts. This will prevent someone from walking by an unlocked computer and trying to get your data.
A quick video by the LastPass authors can explain a little more
Or you can watch an expert discuss LastPass and how great it is: Security Now 256