If you have ever had to change a large number of passwords at one time, then you can appreciate using a password manager like LastPass or 1Password. Of course you should already be working with unique passwords for your various accounts, but it is hard to generate unique passwords that you can remember when you have to change them. You might do fine with creating an initial set of passwords, but once that password scheme is compromised, then you will need to come up with a new scheme or abandon it altogether.
After I had a phone stolen about a year ago I started using LastPass to generate and store passwords for me. There are several good solutions out there. My choice of LastPass was basically because I had heard quite a bit about it and therefore started my research with them. When I found it fit all my needs, I decided to commit my passwords to them. You should do your own research on password managers to find one that works for you, but to help you get started I have listed a few at the bottom of this article.
Password Management Options
There are different ways that you can create and manage your passwords. Some are viable options while others are really awful (like keeping your passwords on a sticky note under your keyboard). To give you an idea of the scope of options, here are a few different ways you can manage passwords.
Write Them Down
While we have always been told to never write down our passwords, it isn’t the worst thing you can do (unless your passwords live on the aforementioned sticky notes under the keyboard). Some people keep a list of passwords in an encrypted document on their hard drive. If you have a few passwords that are really complicated that you need to keep on hand, carrying them in your wallet on a piece of paper is an option that is as secure as you keep your credit cards. That all depends on how careful you are about your credit cards.
If you use a keyboard pattern that can be built by starting on one key and progressively working through the keyboard, then you can write down your account name and the key that the password starts on. It would be easy to build your password just by knowing the starting point of the pattern. Of course, that would mean that if you revealed your pattern to anyone, then they would know all your passwords just by seeing your list.
Browser Password Management
Modern browsers offer to store your passwords for you. This is convenient when you are sitting at your own computer. You can have an unlimited number of unique passwords that you don’t have to remember, but it leaves you unable to log into anything if you are away from your own machine. That is, unless you use the feature like Chrome and Firefox have where you log into an account and your information is synched across browser sessions. Just don’t forget to log out if you are using a computer that is not your own machine.
This sounds like a good option until you realize that if your machine gets stolen then the bad guys have access to all your passwords. You should have a strong login password that keeps them from easily getting access to your data and other passwords as a first line of defense. If the bad guys do get in, or if you leave your computer logged in all the time, then it is a trivial matter to find the file where all your passwords are stored and make a quick copy. This is true for two of the most popular browsers, Chrome and Firefox. If you are still using IE, I have to question why you even care about password security since the browser has been terribly insecure in so many other areas in the past.
The password management system that I want to emphasize in this article though is to use a password manager like LastPass. This has been my personal choice of software for this task, but there are several other options you may want to consider. See the list at the bottom of the article to help you get started.
Password Management Software
As mentioned, I use LastPass, but many of these same features are available in most password management software packages.
Strong Master Password
Whichever password manager you decide to use, it should be locked down with a strong master password or passphrase. A passphrase is generally considered any password that is longer than 20 characters. Use a good strong password with letters, numbers and symbols (that are not standard English words) as part of your master password.
This password is used to encrypt and decrypt the password file that resides on your computer. All of your passwords are only as safe as your master password is strong.
While it is a little inconvenient, make sure your password manager requires you to enter your master password each time you reboot your computer or restart your browser. This ensures that if someone steals your computer and is able to log in, they will have to know your master password before they can start harvesting your other passwords.
LastPass (and other password managers) will generate random passwords for you. You can set the length and complexity of these passwords. Of course you are also able to manually type in any password that you want to use. This allows you to continue to use passwords that you have memorized, but store them in the management software.*
Password managers usually work in conjunction with your browser of choice. With LastPass, when I need to create a new login, I simply right-click on the password field at the website where I am creating a new login name and password and tell the software to generate a random password for me. I don’t have to memorize it since the software will do it for me.
Password Entry Without Using a Keyboard
Another great feature of password management software is that they let you enter a password without typing anything. This is especially helpful when you are at a location that may be using keyboard logging software to harvest passwords. By safely logging into your password manager, you can copy and paste passwords, or even use a single mouse click to enter your information.
Choose a password manager that integrates with the browser you most often use. Many will work with multiple browsers. This gives you all the convenience of using the in-browser password manager with the security of the password management software.
*Manual Password Creation
There may be times when you don’t want to have a password that is impossible to memorize. For example, in places where you often need to type a password on a mobile device or someone else’s computer, but you don’t want to log into your password manager account to do so is a good time to have a more easily memorized password. I do this for places that I visit often from computers that don’t belong to me. In those cases I use my password building strategy and tricks to thwart keyboard loggers.
There are various features that set one password manager apart from the others, but the above features should be part of any that you choose. Again, do the research to find which one works best for your needs.
Various Password Management Solutions
Have you already decided on which password manager you like? I invite you to write a comment below on why you made the choice you did. Or, if you would like to write an extensive argument for why you should not use a password manager, then I invite you to contact me about writing a guest post offering a differing opinion for the MissionaryGeek readers. I would also be interested in any in depth write up on why one solution is better than another.