For many years I resisted trying a password manager for the countless passwords I needed to use, for work and personal use. I didn’t see the need for one when I was able to memorise most of the passwords I used. My banking passwords were always unique, and the same for similarly sensitive services. Some that were too complex or too infrequently used I had stored in a secure location I could reference when needed. For the rest, I had a subset of common passwords for similar purposes.
It all changed for me a few years ago when I took the plunge and gave LastPass a try. To begin with, I tried it with only a couple of websites. Over time I added more and more website and application passwords. Now I don’t know how I ever managed without it.
1. Strong Passwords
You are not alone if your passwords are based on words or names that are memorable. Sure, you may add a five on the end, add a dollar sign, and capitalise a letter or two, but if you are using words your password may not be so secure.
If you are particularly crafty you may have a password that looks rather cryptic, like pa5sw0rd! or n04cc35$, but passwords using character replacements is a well-known technique and not much better than using the word itself.
Instead, a password should be as random as possible and have no meaning. Something like sh9JkI9ZK803 won’t be able to be guessed or used with a password dictionary.
LastPass has a password generation feature, so creating a complex and meaningless password isn’t a chore. The password above was created with LastPass, which has options to include uppercase and lowercase characters, numbers, and symbols, and change the length of the password.
2. Unique Passwords
Every password needs to be different. It makes it easy to remember if you have a password for social media, another for email, etc, but unless every password is unique then a data breach at one website could expose you across many places at once.
Hackers will often take usernames and passwords they have found and try them on other websites to break into your other accounts. They do this because it often works. It is a reality that many people use the same password for many websites, and the username is even more likely to be the same email address.
These days you need to take the approach that it is not if a site is hacked or the security is compromised somehow, it is when and how the breach is handled. There is no guarantee your information security will never be compromised.
The best defence is unique passwords for every user account you use. In the event of one of your passwords are discovered and shared with the global hacking community (yes, this happens), it is no use for any other website you use the same username with.
3. Remember One Password
There is only one password you need to remember – the one for LastPass. There is no way I can remember unique passwords across dozens of websites, especially those that I use infrequently.
It may be easier if you have a theme to change the password for each website. If a hacker discovers your Facebook password is MyFacebookPassword123, then trying MyTwitterPassword456 is a good start to access another account.
With LastPass you don’t have to remember random and meaningless passwords, you only need to log in to LastPass.
4. Know Where You Have Accounts
Do you know how many websites and login accounts you have and use? If someone asked me how many login accounts I have I would have said more than 20 and maybe up to 50 login accounts.
Just about everything needs a login account of some sort. I can order my children’s school lunch online, check my points balance with Woolworths and Coles, top up my toll pass for the car or Go Card for public transport, the list goes on and on. And then there are online shopping sites that require an account to be created to make a purchase.
Can you remember every website you have created? LastPass currently has 141 accounts saved for me. I’m certain there are other websites I have created at some point that I haven’t used LastPass with, some I won’t ever use again let alone remember which ones they are.
By using LastPass, a record of websites where you have a login account with are kept in one place. You know where your information is kept and where to go to clean up or remove old accounts.
5. Not Just For Website Logins
LastPass can be used for more than website logins. Automatically entering the login information is handy in itself as it saves typing it in. The Form Fills feature has information ready to fill in when needed, whether it is details for name and address or credit card, having the information filled in for you is a time saver. And an option to require the password to be entered again ensures information isn’t auto-filled by accident.
The secure notes feature is for any information you want to keep in LastPass. It may be information for accessing a server, your tax file numbers, or the pin for your infrequently used bank card. Whatever you want to keep a record of but not openly available to prying eyes, LastPass secure notes is a safer place than a text file on the desktop or a paper note in the top draw.
6. LastPass is Free
LastPass is free to use for the most part, certainly for everything mentioned above. LastPass Business and Premium subscriptions add additional features for sharing items, additional multi-factor authentication options, and emergency access.
Emergency access is an interesting feature where you can nominate one or more people you trust to have emergency access to your LastPass account. You can set a delay from a few hours to 30 days from when they request access until they are given access, during which time you can decline their request.
Prices are in US dollars, so you need to do the appropriate conversions, but the numbers are fairly small to what you typically see for a subscription service. Premium is $2/month paid annually, and a Family subscription offers better value at only $4/month paid annually for up to 6 users. Family subscriptions have shared folders for common accounts and still have individual private passwords.
There are also Business and Enterprise plans with more advanced user management features and reporting.
For many, the free version of LastPass will be sufficient.
Summary
Strong passwords are more secure than simple easy to remember passwords and having unique passwords for every login account ensures that when one account has been compromised the others remain safe.
Having complex passwords with a random and meaningless set of characters and numbers ensure they can’t be guessed, however, complex passwords can be hard to remember at best and impossible when you have dozens or more.
Password managers like LastPass provide a way to have complex and unique passwords without having to remember or write them down.