A few customers have recently asked my thoughts on Password Managers. As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords. But as I was getting asked about them more and more I decided to trial one so I could offer a better opinion. The one I decided to trial was called 'LastPass'. It came highly recommended from a couple of my Web Developer friends who now use it for every website that requires some form of login!
In addition to the recommendation I did some research on the program to give me a little more confidence and understanding – I suggest reading a few reviews prior to jumping into anything.
What is a Password Manager?
A password manager is a program that helps a user to better manage and organise their passwords for online accounts. Most Password managers store your passwords and then encrypts them. The programs then require the user to enter a Master Password to decrypt them before they can be access.
What is the benefit of having a Password Manager?:
If you’re anything like me you will have lots of online logins, then over time this can become difficult to manage. I found myself trying multiple login credentials on sites before finding the one that works, eventually getting there but sometimes I would have to do a password reset.
Using a Password Manager takes away this problem. All you have to do is remember the one password and the program does the rest.
Getting Starter - The Master Password:
The first thing that a Password Manager will ask you to do is to create a ‘Master Password’. This is the password that you will use to access the program and the access your ‘Password Vault’ (where your passwords are kept). Because this is the password that allows you to access your other online accounts I would highly suggest making this as Complex as possible. The password needs to be completely unique and not used anywhere else – I can’t stress this enough. Make sure that you remember this password. If you forget it you will not be able to access your account.
Master Password tips:
- Make the password as long as possible. At least 12 Characters long would be a good goal.
- The password should contain Lower and Upper case letters
- The password should contain Numbers (0-9)
- The password should contain Special Characters - e.g. £ * ( ) $
- The password must be Unique
I started using the program for some of sites that I don’t really care about – Mostly online games and a couple of forums etc. I found it was easy to add the sites to the ‘Password Vault’ and it replicated to all of my other devices (PC/Mobile/Laptop) where LastPass was installed. One great feature is that when you’re logged into LastPass and visit a site that you’ve saved it will auto-complete the login fields for you – Saves time which is great and stops the ‘which password is this’ problem.
Boosting my online security with The ‘Security Challenge:
LastPass has a built-in ‘Security Challenge’ which ranks you based on the type of usernames and passwords that you’ve used on the stored online sites. My rating was pretty low. This didn’t surprise me much as the sites I’d stored were of little importance so wasn’t using any of my secure passwords. What did surprise me is that it gave me an option to visit the site and change the password to something randomly generated and more secure.
I visited a couple of my ‘weak’ sites and let the program generate a new random/secure password which boosted my security rating and technically made me safer online. The password was then saved into the password vault and again updated to all of my other machines that had the program on.
An example of one of the automatically generated passwords is: !dDOoDgLs8Jp
Why Random passwords are such a good thing:
A lot of the people that I speak with tend to have one or two passwords for everything that they use online. The reason that this is a problem is because if an attacker gained access to one of your accounts then they could potentially use the information to get into any of your other online accounts.
Say you register on a website to play an online game. You register with your normal email address and password. One week later the website is hacked and your username and password are in the hands of a hacker. I can almost guarantee that these people will try your username and password on other well-known sites to see if they can get in… They will try accessing your facebook, email, twitter etc. I know this because if I was a hacker, I would do the same.
There are literally hundreds of cases where people’s lives have been ruined because they’ve used the same password everywhere. The random password generator solves this problem. With the random password, if my details where leaked that could try accessing any of my accounts but because all the passwords are different they will fail.
After the trial:
Since trying LastPass I’ve added most of my online accounts into it and I’m now using it on all of my devices. I’ve updated my passwords on various sites to improve the security and I’m happy that everything can be managed from one place. The program also allows me to create various sub folders in the Password Vault so that I can easily find any details I may need in the future. Another nice feature is that if I want to I can share my login details with other LastPass users which gets around the sending passwords via email problem.
Other Password Managers:
There are plenty of other Password Managers to choose from. As I said previously, I used LastPass because it came recommended and I was happy with the features that it offered. I would advise you to have a look at the others on the market before making a decision on using one. The features on most of the Password Managers are very similar but some do offer more than others. For example, one feature that I would like to see on LastPass is fingerprint authentication for the mobile devices, this is something that others offer.