I’m trying to make sure that I use long passwords that are different for each of my accounts like you have suggested, but keeping track of all of my passwords is a pain. Besides using the “remember my password” option at each site, what would you suggest?
This question was answered on January 28, 2014. Much of the information contained herein may have changed since posting.
The ongoing challenge of balancing security with ease of use continues to get more complex with each new online account you sign up for and too many of us gravitate to the ease of use side.
Using the same password for all of your online accounts makes it easy for you but is extremely unsecure because a single breach can expose all your accounts.
Most of us have been trained to create complex passwords using capital letters, special characters and numbers which tend to be secure but really hard to remember.
As a quick primer on the basics of online security, creating long passwords of 15 characters or more for each account and turning on 2-factor authentication when it’s available are essential steps for protecting yourself these days.
The answer to the question “How can I remember all of those complicated passwords” is you can’t unless you have an extraordinary memory.
The best way to have a complex but different password for each online account is use one of the many password management tools on the market so you only need to remember one complex password.
Most of the powerful options are pay services, but one called LastPass offers a pretty comprehensive system for free.
LastPass is a browser-based password management system that‘s both powerful and pretty easy to use and it’s compatible with Windows, Mac and Linux computers.
Once you install the primary program and created an account with LastPass, an add-on is installed in all of your browsers so it’s easy to use the system.
As you log into your various accounts, LastPass will ask you if you want to save it to your vault for future use.
Once it’s been saved in your secured vault, you can simply click the link to open a browser window that will take you to your desired site and login for you from any computer or device that has Internet access.
This means a slight adjustment to your online behavior as the vault essentially becomes your starting point for all your online accounts (setting the LastPass sign in screen as your start page helps).
To be clear, LastPass is an encrypted cloud-based service, which means that all your passwords are stored on their servers and they did have a data breach back in 2011.
The breach was limited and the small amount of data that was stolen was fully encrypted, meaning that whoever ended up with the information would have had to spend an enormous amount of time to actually make use of it.
As a result of the breach, LastPass incorporated many new layers of security that I’m personally comfortable with enough to trust them with my passwords, but you have to make that decision for yourself.
One downside to LastPass: if you want to use it on an iPhone or Android smartphone, you’ll have to pay $12 per year as the browser on the phones won’t work (iPad and Microsoft Surface RT apps are free).
There are a number of additional features such as password generators, form fillers, a virtual on-screen keyboard to thwart hidden ‘key loggers’ and support for installing it on a USB drive if you use a lot of public computers that are untrustworthy.
About the author
Ken Colburn of Data Doctors on January 28, 2014