It’s not a secret that there are plenty of threats out there in Internet-land; if you remember in the Watch Your Links post, the bad people out there are going to increasingly great lengths in attempts to get us to divulge passwords. Truth be told, in addition to just paying a little closer attention to how we use Internet-based resources, the best protection against fraud and identity theft on the Internet is to use a good password.
We’ve all heard the recommendations – but they’re worth repeating here:
- Use something only you will know, but not easily guessable (meaning your kids’ names are a bad choice)
- Mix in upper and lower case letters
- Use numbers and special characters (such as !, & or @) wherever possible
- Don’t use the same password everywhere (this is very important)
That last one is a really big deal – using the same username and password combination for everything from Facebook to online banking/credit card management inadvertently creates a single point of failure and a massive exposure. Once it’s breached, the thief has the keys to the kingdom. Literally.
This is where the reality fairy pays me a visit and says “there’s no way people are going to do this, even though they know they should.” And the fairy would be (mostly) right – which is why there are tools to help us do the right thing, and they’re called Password Managers.
Password Managers are add-on solutions that keep a list of the sites we use, and record the username and password required to authenticate when it’s needed. Usually there’s a master username and password required to open up “the password vault”, but once that’s been opened, the tool will auto-fill the information when it’s requested. Many of you will say “doesn’t this also create a potential single point of failure and exposure?” The answer is technically yes – which is why the password to the vault must be extremely complex and difficult to crack.
There are a number of tools out there – some are free, some are included with your browser and some are paid/subscription services. Some examples include:
- Password Safe (Free app, Windows only)
- 1Password (Paid app, Mac OS X only)
- RoboForm (Paid app, Windows only)
- Firefox Password Manager (Free, built into the browser, cross-platform but Firefox only)
- Chrome Password Manager (Free, built into the browser, cross-platform but Chrome only)
My preference is LastPass – and here’s why:
- It’s cross-platform: I run it on Windows, Mac OS X and Linux
- It’s also cross-browser: it installs as a plug-in to Firefox, Chrome, Internet Explorer and Safari
- It permits organization of sites into folders, for easier bulk management.
- It will generate secure passwords for you, if you want it to.
For me, it doesn’t matter which machine I use or which browser on whatever machine I’m on, my vault is accessible and integrated into the browser. I can’t begin to describe how much time and effort this saves me. This doesn’t even include the time saved by another LastPass product called Xmarks – another huge time-saver and must have.
Here’s the best part - it’s free. But if you’re smart and want to be like me (and who wouldn’t), shell out the whole $12/year to be a Premium user to get the real value:
- There’s an app for your smartphone/tablet that allows you to access your LastPass Vault – and I use it often.
- You get Priority Support. You shouldn’t need it, but it’s there.
- There are no ads – to me, no ads alone is worth $12/year.
I am of the firm belief that in life, you get what you pay for. LastPass is worth every bit of my annual subscription costs. Being a subscriber also provides the company (in some small way) a revenue model that helps sustain the product. I like it, I don’t want it to go away, so I’ll give them some money. Everyone wins.
(DISCLOSURE: I have been a paid LastPass subscriber for some time, and I endorse it because I like it and use it – not because I got a free offer in exchange for a product plug.)
So if you’re worried about keeping your passwords straight, no need to worry. There are solutions to make your life easier.
Be safe out there.
We at BTD also recommend reading (or viewing) these links, as they provide some additional ways to secure yourself.
- Social Identity in Three Layers (via @idonotes)
- Tips for Creating a Strong Password (from Microsoft)
- The Ultimate Guide for Creating Strong Passwords (from TheGeekStuff.com)
About the Author
Q: does LastPass work outside of browser environments? For example, i use some apps that require passwords directly, i.e. not a website. I use keepass because it autotypes my pwds anywhere, based on current window title, and has no browser plugins (not needed).
Unfortunately, LastPass is a browser tool – they’re all plug-ins to the respective platforms (although if it could extend to the OS, that would be immensely helpful). I did not know about KeePass – so of course I’m interested (although it looks to be a Windows-only solution). For Mac OS X users, Keychain (found in Utilities) offers some interesting extensibility but not to any browsers. I’ll keep my eyes open for other password managers, to see what else is out there. Thanks for the post!
KeePass does have a iPhone/iPad version that mostly works, but is “kludgy” in my opinion. There is also an Android version that I’ve used, but I don’t use regularly. KeePass is really slick when you have a regular keyboard in front of you, not so much when it is just glass/touchscreen. Unsure about any Mac version at this time. I’m interested in LastPass and may look at it again.
I got a note from the LastPass folks this morning – and they do have a non-browser solution called LastPass for Applications. You need to be a LassPass Premium user, but it looks like there’s an answer (at least for Windows users). I’ll download it and take it for a spin – or if you do, Dale, please post back any feedback or comments!