The Bill and Phil Show

Password Management

Post by Phillip Hampton on Feb 12, 2017

Cybersecurity is without a doubt the biggest burden of being an active user of gadgets and technology. Every e-mail account, bank account, employee benefits portal, travel site, shopping profile, smartphone, smart home device, and, yes, even some of our cookware and cleaning tools require a login ID and password. The default (and very dangerous) reaction to this deluge of portals and devices that require authentication, is to simply use the same user name and password combination that we use for all our accounts. And since we tend to be very forgetful and don’t wish to be inconvenienced, many of us use something immediately recallable for the golden key that unlocks the door to our personal data. Birthdates and spouses’ names are favorite password themes; and they are easily discoverable to rogue snoopers with a cursory internet search. Even more reckless are those who choose the least resistant path to online security with such “stellar” passwords as “password”, “12345”, or the default manufacturer’s password on consumer devices such as Wi-Fi routers, smart gadgets, etc.

 

You get the point. Cybersecurity is really important; but it can be a pain to enforce and so, in many cases, our defenses are neglected and weak. We feel your pain and hate being inconvenienced with having to keep track of complex passwords for dozens of accounts that we access on a near daily basis. So, the solution is, of course, more technology. No, really, there are software password managers that do indeed take the hard part out of maintaining complex access codes. They have been around for a while. But maybe if you have tried one of these programs in the past and found it clunky, incomplete, or just too burdensome to use; perhaps it’s time to take a fresh look. We did and were pleasantly surprised.

We resurrected LastPass (www.lastpass.com) which we had taken for a trial run several years ago. In the past, we used the free version; but this time we ponied up for the premium version, which set us back $12. Believe me, Bill spends more on coffee over the weekend than it cost to bolster our cybersecurity for an entire year.

The idea behind LastPass (and all password management programs) is to have one master login and password to the password manager and let the manager maintain all your individual account credentials. Therefore, it is imperative that the master password that you choose for this central vault is very strong. But, of course, as the software name suggests, this is the “last” password that you will need to remember. But LastPass goes a step further than just requiring entry of this master password. It also uses two-factor authentication which means an imposter would need both your master password and your smartphone to gain access to your password vault. There are even more stringent measures that you can employ via LastPass such as one-time password generator on a USB stick; but we were just fine with the built-in two-factor authentication.

We found it was very easy to set up access to secure portals within our LastPass vault. Essentially as you are logging in to a secure site, you can click the LastPass icon in the credentials box and the application asks if you would like to save the site and login credentials to your vault. We also like the way you can organize your various sites in the vault into custom folders (travel, e-mail, banking, cloud storage, etc.). So now when we want to login to our personal account on Southwest.com, for example, we simply go to LastPass and click the Southwest card in our vault and LastPass takes us to the site and logs in automatically. Yes, it is that easy. You can even specify folders where you share access to certain sites with other individuals (such as family members) but keep other sites private to yourself.

LastPass has a great feature called Security Challenge which will go through all your accounts, analyze the passwords, and give you a security score. If you find out, like we did, that some of your passwords are duplicative or are not sufficiently complex, LastPass will let you auto-generate a new complex password that is highly unlikely to be guessed by a hacker. This security review is highly recommended as it would make no sense to deploy a password manager to manage very weak passwords. So, we chose to let LastPass generate 16-character passwords for all the sites we kept in our vault.

But once you begin using a password manager and take advantage of the system-generated complex passwords, it is important that you can utilize the manager on all devices and that your site credentials automatically sync across all devices. LastPass does indeed have apps on Windows, iOS, and Android which allows you to use it across all platforms.

So, after adding a couple dozen sites into the LastPass vault and then accessing those sites from both our PC, tablet, and smartphone; we knew this was an incredible step forward for both our personal cybersecurity defense as well as convenience. While some may chafe at having to set up the password vault in the beginning and committing to use the password manager on all devices; once the initial setup is done, LastPass is a very convenient way to access all our secure content. We can’t believe we waited so long to commit.

We know it is a scary world out there with so much of our personal electronic data sitting behind numerous password-protected security gates. Rather than being lazy and putting out a welcome mat to cybercriminals; we choose to reinforce the defenses with a sound password strategy. LastPass helped us do that at a very low cost and just a little bit of commitment to begin using it. We sleep better knowing it’s in the vault.

Bill & Phil