You Need a Password Manager

shutterstock_50897122_resultYou Need a Password Manager! Are you worried about hackers stealing info from banks, credit card companies, retailers and even government? Your online identity being stolen? You’re not alone!  Everybody is grappling with the problem of keeping safe, and it seems like every day you read about another data compromise. If it’s not Target or Home Depot, it’s J.P. Morgan or Dropbox. My advice is to just take it for granted that everybody you deal with has been compromised, and take steps to protect yourself as best you can. Read our Digital Life’s Security Checklist for what you can do to protect your self.

One important topic is managing the online account passwords you use. If you’re like most people, you have one or a few passwords that you use across all the websites and online services you use. It’s past time to change that. The way you deal with online accounts – everything from your email account to online shopping or banking has become too risky. But using complex and unique passwords all across the internet is simply impossible for us ‘normal’ people to do. So here’s where a good password manager comes in.

What it is: A password manager is a computer program or app that works alongside your computer, tablet or smartphone use to help you create good unique passwords for websites, and keeps track of every one (e.g., your unique login credentials for every website and online service you use) for you. Your password manager provides the login details to you when you need it, so you don’t have to remember it yourself.

There are lots of password managers available, and more coming online every day – it’s a burgeoning industry. But there are plenty of shoddy products out there, and it’s hard to tell which are good and which are not worth using. We’ve tried and experienced a number of password managers and like two in particular, 1Password and  LastPass. Both of these are great products and which one you choose depends on your own personal habits and preference. Here’s some info to help you make a decision:

1password-logo1Password from agilebits.com offers a bundled cost of $70 US that covers one user on both Mac & Windows, $50 US for one user for Mac or Windows (family pack pricing available). There is an app for Android and iOS, but not for Blackberry or Windows Phone. The tablet/smartphone app is free but has a $10 US in-app purchase to unlock ‘Pro’ features, which you may be able to do without. It’s the more expensive of the two (keeping it up-to-date is just as important as doing so with your computer security suite). It does not have 2-factor authentication, which we consider an important security step everyone should take. The program interface works a little better than LastPass, so it might be easier to use, especially for folks new to computing. It uses your Dropbox or iCloud Drive to store and sync your password ‘vault’ across all your computers and devices, if you don’t do this your functionality will be more limited.

lastpass-logoLastPass is a lot less expensive, costing $12 US per year for the Premium version (which you definitely want), or free if you don’t use a smartphone or tablet. There’s a free app for Android, iOS, Blackberry and Windows Phone, but unless you pay the $12/year it won’t really help you. Up to 5 family members can share your vault’s family folder, and you can use it on as many different computers and devices as you want (even Linux!). LastPass includes 2-factor authentication to protect your password ‘vault’. We found the program interface just a little more cumbersome to use, and it takes a little getting used to. Your ‘vault’ is stored and encrypted at the LastPass website, but there’s always a local copy of it on your device or computer in case you don’t have internet connectivity. Unlike 1Password, there is no program installed for your Mac or Windows PC, it works only as a web browser plug-in (for all the major web browsers including Internet Explorer, Safari, Google Chrome, Mozilla Firefox and Opera).

Features common to both of these programs:

  • requires you to only memorize one master password (to access your security vault)
  • Well integrated with the Apple’s TouchID
  • Setup and use is straightforward and easy, importing existing saved login credentials from your web browser.
  • Lets you create good passwords on the fly as you visit websites.
  • Has a menubar you can add to your web browser (but it’s not needed to use)
  • Will store more than just login credentials, can store just about anything you want (credit card info, software license information, PINs, secure notes, etc.).

shutterstock_127739675_resultIf you’re concerned about trusting your digital life to a password manager, then let me tell you firstly, that your digital life is truly protected only by the efforts you take to protect it. I’m sure you’ve read about famous people’s online accounts getting hacked, but that is primarily because they didn’t secure those accounts with long, strong and unique passwords. And nobody can create and memorize a bunch of passwords that are long enough (13+ characters), strong enough (uses both upper and lower case letters, numbers, and other type-able special characters), and unique (every single online login has a password that’s used nowhere else). Frankly, there’s no way a human can do that without help – and a password manager is really the only help you can get.

Advertisement

Cloud-vault-image-from-shutterstockSecondly, that ‘vault’ of passwords is secured better than Fort Knox through insanely strong encryption that’s all dependent on that master password you create. So you simply have to create a very long and strong master password, and memorize that. It’s gonna take some work on your part, but it’s only one password to remember. There’s a great article about how to create a long and strong password that you can remember at https://positek.net/please-dont-use-an-easily-guessable-password/. Once you have that long password memorized, you can also instruct your computers, web browsers and mobile devices to remember it for you, to help you quickly use the password manager in day-to-day-use. Which means you need to make sure that your computers and mobile devices are protected themselves from unauthorized access. So make sure your smartphone and tablet have PIN or password protection. Make sure your computers’ user accounts are protected with a good login password, and dont’ let them get stolen, lost or compromized. If that happens, the first thing you’ll need to do is change the master password on your password manager program. If all this sounds too hard to do, then I respectfully suggest you reconsider what’s more valuable to you, your convenience or everything else in your life – your money, your credit rating, your online reputation, your personal property, just about everything you have, know and own is at risk of being stolen.

You might also be questioning trusting all your online identity info to one entity. After all, a single point of failure could be much more catastrophic than spreading out the risk among various online entities, right? We disagree – since normal people can’t handle memorizing hundreds of unique passwords, almost everyone re-uses passwords. We’ve even recommended folks use a limited set of passwords in the past. But our point is that this problem has grown to the point where we all have to adjust our behavior to fit the current situation. Password manager software is the best tool consumers can use today, and is a prudent and reasonable step you can take right now to protect your online identity.

So please get started using a password manager! And please give yourself enough time to get it installed and setup for your use. Don’t try to hurry through everything, but take the time to read through the instructions and familiarize yourself with how it all works. Both the 1Password and LastPass websites have tons of help, written to make it easy to understand and follow. For LastPass, here’s some to help you get started:

lastpass-logoThe first step is to take a few minutes to create a master password (tips on how here). Once you’ve got that, visit www.lastpass.com and install the web browser extension. You’ll also be creating an account with your email address for username and that new master password. Allow LastPass to import all the saved passwords from your web browser. If you have a smartphone or tablet, you should also install the LastPass app and log into your account. Before you start using these, take some time to go through the documentation and learn how to use LastPass – it’ll save you a ton of time and frustration later on.

Once you have your password manager installed and account created, you can start visiting websites that have a login screen. You don’t need to do this all at once, just when you next visit each website.

lastpasssavesiteThe first time you visit a website after you’ve installed LastPass, login like you usually do, and Lastpass will show a bar at the top asking you to save your login details. Go ahead and click “Save”. Then find the settings or preferences for that website and change the password. Use LastPass to generate a good password for you. Once you’ve saved that change on the website, LastPass will prompt you to update their record of the login details.

When you go to a new website and create an account, use LastPass to generate a password for that website and use it to create the account. Lastpass will remember the details for you.

gopremiumlastpassThat’s it! Now if you have a smartphone or tablet and you’ve installed the Lastpass app, you’ll want to go back to the www.LastPass.com and upgrade your free Lastpass account to a Premium. Just sign up and pay your $12 and your account will be upgraded so those features are available anywhere you use Lastpass.

lastpass2-factorLast step: If you have a smartphone, then by all means take the time to set up 2-factor Authentication. Lastpass supports several different types, probably the easiest to use is either simple text messaging (SMS) or the free Google Authenticator. Lastpass helps make this easy by giving you a QR code image you can scan with Google Authenticator to connect it with Lastpass. Get this QR Code from the Lastpass Settings:

  1. Open your Lastpass vault from your web browser
  2. Click Settings, and select Multifactor Options
  3. Click the “click here…” button to show the QR Code
  4. Point your smartphone’s camera at the QR Code with Google Authenticator running

For iPhones/iPads with TouchID, you can have the LastPass login use TouchID. If that’s not already setup when you installed LastPass, access the main menu by opening the LastPass app, tapping on the icon at the top-right (which slides everything left to reveal the main menu), tapping on Settings then Security, and sliding the “Use TouchID” slider to on.

1Password has its own setup routine, there’s a great screencast on that at https://youtu.be/DVr88W29QmM

This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:

Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek
(@PosiTek)

Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net
(Support@PosiTek.net)

Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required)
(using any credit card)

or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!

One Comment

  1. coimbatore architects

    It’s actually a cool and helpful piece of information. I am happy
    that you just shared this helpful info with us. Please stay us up to date like this.

    Thanks for sharing.

Leave a Comment

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

This site uses Akismet to reduce spam. Learn how your comment data is processed.