As well as being an advocate for plain English, I am also passionate about promoting personal security online. It is something we all have to take responsibility for and something everyone who uses the internet needs to get to grips with. Today I’m talking about passwords and password managers.
Passwords have been used in security for thousands of years. Even in this enlightened digital age, this ancient practice is still the default way to protect online accounts. If you’re lucky, those passwords are supplemented with two-factor authentication. If you’re not so lucky, your password is all the protection you have. That makes having a good password essential.
Most of us are guilty of one of these:
- Using weak or easy to guess passwords.
- Reusing passwords on multiple websites.
- Leaving the password set as default.
Each of these compromises the effectiveness of your password, and therefore your account security. That needs to change.
How password managers keep you safe
A password manager is usually a browser or mobile app that monitors logins online. It can automatically log you into certain websites, generate strong passwords, alert you when you have used a password somewhere else and help you with the hundreds of logins the average internet use has to contend with.
If you’re worried that storing all your passwords in one place is also a vulnerability, don’t be. Yes, in theory, placing all your passwords into a web app seems insecure. But newer password managers use 256-bit encryption and have built a business around keeping your data secure.
While nothing is impervious to hacking, using a password manager to generate genuinely tough passwords is many times more secure that what you’re doing now.
For example, can you think of a difficult password of 24 characters that you will remember instantly? Could you think of ten or a hundred of them? Recall each with complete reliability? If not then you could benefit from a password manager.
There are a few password managers around. They include LastPass, Dashlane, Roboform, Keeper and KeePass among others. Each works slightly differently but as I use LastPass, I’ll describe that. It isn’t the only password manager and I am not being paid to recommend it. LastPass is simply the password manager I have used for many years and can comfortably recommend.
LastPass has a free and a premium version. The free version offers a lot of features you’re going to use while the premium offers some more. If you don’t mind paying $3 per month or $36 a year, the premium is a good investment. If you don’t, the free version is still fully featured.
In fact, I would say the free version is probably the most fully featured of any password manager save KeePass as that is open source. LastPass always scores higher in reviews though.
With the free version of LastPass, you can:
- Use a browser addon to handle all your web logins.
- Sync all your passwords across devices where LastPass is installed.
- Generate super-strong passwords up to 64 characters long.
- Customise the length and complexity of any password you use
- Instantly log into websites with a single click.
The premium version adds 1GB of encrypted storage, more advanced two-factor authentication options and some extra features for the desktop app.
Setting up LastPass
You can download LastPass individually for every browser on your computer or download the universal binary that will install on all browsers except Edge. If you use Edge you will need to use the Microsoft Store. The app works on Windows, Mac, Android and iOS and is compatible with most browsers.
There is a desktop app but it isn’t very good. That’s a shame considering how polished the browser app is but no great loss.
You will need to register for an account and set up a master password. From this moment on, it will be the last new password you will ever have to think of. Make it a good one and make it as complex as you can while still being able to remember it.
Once set up, you can import passwords from Excel or have LastPass scan for saved passwords in your browser. It will collect all those it finds and store them in your Vault. It will usually add a useful logo for the website so you can quickly identify what site is what in the list.
Those passwords you haven’t saved in your browser will be collected as you use them. As you log into a site you will see a browser popup asking you if you want LastPass to save the password. Say yes and next time you land on the site, you will see the LastPass icon to automatically log you in.
LastPass Security Challenge
Once you have been using LastPass for a while, it might be worth using the built-in Security Challenge. This reviews all of your logins and passwords and gives them a score depending on how secure they are. The app will also check known hacks to see if you have a login for a recently hacked website and warn you about any weak or potentially insecure passwords.
It is worth doing once in a while to make sure you are using unique passwords for every login. LastPass will even offer to change all weak passwords for you with a single click.
Passwords and password management
LastPass is one of many password managers but is one of the best, if not the best in my opinion. The free version is genuinely useful and not just a method to get you to upgrade to premium. It’s a fully-featured password manager that has some genuine quality of life features built in.
If you have trouble remembering passwords, coming up with strong ones or generally managing the dozens of logins the average web user has, a password manager can help. Once set up, you will only ever need to remember a single password, the master password for the manager. Everything else can be taken care of by the app!