WOT?
What’s the best way to manage and store all of my passwords?
SUMMARY
You need a password manager. Get LastPass. It will improve your security by providing you everything you need to make your password virtually hackproof.
WHY?
It seems that almost every day there’s a data breach. That’s because they occur more frequently than you’d think. (Click this link to search for “data breach” in today’s Google News.)
Most of the sites you visit on the Internet requires some sort of user credentials. It may be your email address or username, but you also need a password. It’s challenging to create really good, difficult to guess passwords that are unique. You need a good password to keep your data safe.
Here are a few techniques people use when creating passwords and what’s wrong with them. These people think they’re doing a fairly good job:
- My password is my son’s name. This is a terrible password. Anybody that knows you will probably know the name of your son and try that password first to see if it works. (I one time helped a co-worker log into her account because she forgot her password. I asked her a few questions. When I got to a question asking if she had any pets, she told me the name of her dog. Voila! We were in.
- My password is “pencil”. Any word that’s in the dictionary makes for a bad password and you could be subject to a dictionary attack, where words from the dictionary are used by another computer to hack away at your password.
- I have a good password which is so good I use it on every site I visit. It’s great to have a secure password, but using the same password over and over on different sites is a bad move. If anybody gets hold of your Gmail password, they may try the same password on Amazon or Citibank. It may work, it may not, but eventually they’ll find a site that works and you’ll suddenly find a lot of terrible movies in your Netflix queue.
- My password has upper/lower case, numbers and symbols. Oh, and it’s 5 digits long. Short passwords are a bad idea, even if they contain all of the things you need to make a great password.A seemingly great password may be t#9Kd, however it would take a computer less than a day to crack this password using a Brute-force attack as there are only 10 billion combinations. That seems like a high number for a person, but to a computer, it’s quite manageable. The computer would try every single password combination possible until it successfully figures out your password. Example: a, aa, ab, ac, ad, ae … zdm, zdn, zdo, zdp, zdq … etc. Eventually, it will work its way up to your password and break in.
We store phone numbers and addresses in a contact list, so why shouldn’t we write down our passwords and store them somewhere? That’s exactly what we need to do, however the “somewhere” is very important. Storing your password list in an easy to read document stored on your computer in a file named “passwords.txt” is not a good idea. What you really need is a password manager.
A password manager will eliminate all of your bad passwords, by generating, encrypting and storing really strong passwords. How about this for a Gmail password: eMP9Tfg8@gd*aWV7j$. Pretty great, huh? This password would take 129942951805 centuries to crack using today’s computing horsepower as the computer must try 8 Nonillion combinations. As an idea of how large this number is, a billion is 10^9 while a nonillion is 10^30. That’s a lot of combinations!
I have been using LastPass for years. LastPass provides a safe place for all of your passwords. You only need to remember one password. The password for LastPass. So make it a good one!
LastPass is accessible from your browser and has some really great features:
- Generate crazy-long, secure passwords
- No need to type your crazy-long passwords. LastPass will detect username and password fields and fill them in automatically.
- Passwords are stored in the cloud, meaning that you can access them from anywhere.
- For $1 a month, you can use LastPass on your smartphone. Totally worth it! The smartphone app also auto-fills form fields!
- Lots more.
But if LastPass has my password list, can’t somebody hack them and get it? LastPass doesn’t actually store your passwords in a readable format. The data is encrypted by your own PC, not LastPass. What this means is that LastPass never actually has any of your passwords. They only have an encrypted version, which must be decrypted with your LastPass password. All the encrypting and decrypting is done locally on your PC. LastPass only gets the data once it’s been encrypted.
With the recent new of the Heartbleed security bug, I really cracked down on my passwords and make them all extremely secure. Without LastPass, this wouldn’t have been possible for me. If you haven’t changed your passwords recently, give LastPass a try. It’s free for use on your PC.
There are other password managers out there but because I’ve been a user of LastPass for so long and because I’ve never had a single issue with it, there’s been no reason for me to look elsewhere. I am one happy customer.
LastPass