Password Advice

Password Advice: a reader asks…

I read your advice on basic computer protection, thanks! Can you tell me a little more about managing my passwords?

Sure! If you are very limited in the number of online places you go, then you can get away with writing down passwords. For most of us, we need the help of a password manager. That’s because the current cardinal rules for passwords are:

1. Long passwords. Forget about password complexity, just make your password as many characters as you can. At this point in time, over 20 characters is quite prudent.
2. Random & Unique passwords. Forget about creating a master password and varying it slightly for each different online destination. Also forget about using words in English (or any other language). At this point in time, every single online entity should have their own password, not used anywhere else. Each password should be made up of random characters. That’s it.

If you have even more than a half-dozen passwords, this can become very unwieldy. Hence you need a password manager. This is software that installs on your computer, as an extension in your web browser, and as an app on your smartphone. It helps you create those long and random passwords, remembering them for you. All you have to do is remember the master password to your password manager so you can unlock it and have it retrieve the other passwords from a secure storage place online.

This is what LastPass does for you. When you open an account with LastPass, you create a master password (this is your “last password” that you have to remember). Make this one as long as you can, at least 20 characters. When you install the LastPass functionality on your computer, you are really adding a web browser extension that links to your LastPass vault – the secure place that holds all your other passwords. If you have a smartphone/tablet, you can also install the LastPass app. You can install this functionality on as many computers as you have, as long as they use the same account they remain synchronized.

The advantage of the web browser extension is that it works while you surf, and will supply the correct password for each account when you go to a login screen. If it’s your personal computer, you can let LastPass remember the master password. For your iPhone, you can use touchID or FaceID to make sure that only you can unlock the LastPass vault.

You should also setup 2-factor authentication for LastPass, to keep anyone from accessing your vault from their own computer, even if they have your master password. 2-factor authentication means that anytime a new computer or device tries to access your LastPass vault, the person logging in must provide the master password and a code that’s either texted to you, or obtained from a secure app or device. Smartphones should use something like Google Authenticator (or LastPass’s own authentication app), or an approved device like an RSA SecurID or Yubikey.

LastPass has a utility to let you import all the passwords you previously saved with your web browser’s built-in utility. It will also make sure that utility is cleaned out, so your passwords are kept in only one place. Like all tools, you should take the time to learn how to use it properly, and LastPass has lots of video tutorials to help you quickly get up to speed. Visit https://lastpass.com/support_screencasts.php and watch all of the videos.

If you choose a different password manager, be sure to familiarize yourself with how it works and use it properly.

---

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via (send to @PosiTek), (send to Support@PosiTek.net), using any credit card (no Paypal account required), using Zelle, Apple Pay or Google Pay, or by mailing a check or cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page