Maintaining secure passwords with LastPass

Hacked accounts. It’s either happened to you, or someone you know, or at the very least, you read about it happening to a celebrity in the news. Nasty business. Embarrassing at the very least. Potentially financially devastating. The number one cause, of course, is people using bad passwords. Ones that are easy to guess.

What are the worst passwords? A recent story on gizmodo.com lists the most popular passwords used in 2012. Unlike high school, being popular in this case is not good. The top seven passwords used are:

1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein

Monkey?

Add to this list, personal info type passwords: your birthday, your kid’s birthday, your pet’s name .. anything anyone can learn about you with a quick glance at your Facebook page or a fast Google search.

Same goes for any password that’s a real word. If it’s in the dictionary, don’t use it. A simple hacker program can play “pitch ’till you win” with dictionary passwords in rapid fire succession until it breaks through. And, trust me, it will.

Okay, so what makes a good password? Basically, anything that’s complete gibberish: a combination of lowercase letters, uppercase letters, numbers, and (on systems that can handle it) punctuation or special characters. hU8t%ee#sF3 … now that’s a good password (please don’t copy and use that as a password).

Trouble is, passwords like that are very hard to remember – especially when you have 50, 100, or more of them. Bank accounts. Social media accounts. Shopping sites. These days, they just pile up. Everywhere you have a personalized account should have its own individual secure password. And keeping a cheat sheet by your computer isn’t a good idea either, for obvious reasons.

Enter LastPass.

Part software, part service, LastPass allows you to maintain a library of ultra-secure passwords without you having to remember them all. You just need to remember one password*, your LastPass password (and yes, make it a good one). In addition to maintaining the library, LastPass will also automatically log into your accounts when you access them, even help you fill out forms – once you unlock your LastPass access, saving you a ton of keystrokes.

How much does all this security and convenience cost? For desktop computers, it’s free. If you want to use it on your mobile device (just about all of them), or want to use some more advanced features, it’ll cost you a whopping $12.00/yr.

*Okay, you really need to know two passwords. The first being your user account password on your computer. Oh wait, add the one for your mobile device too. The point is, you need to remember way fewer passwords.

LastPass: The Software Part

lastpass_loginLastPass software consists of a browser plug-in. There are ones for Safari, Chrome, Firefox, and Opera for Mac and Windows operating systems, plus Internet Explorer on Windows. Chrome, Firefox, and Opera are also supported on Linux systems. There are also ones for the iPhone, iPad, Android, Dolphin, Blackberry, Firefox Mobile, Windows phone, and a slew of others.

Let’s just keep things on the Desktop for now. The easiest thing is go to LastPass.com select your operating system, then download and run the “Universal Installer”. This will add the plug-in for all your browsers at once. Next time you launch your browser, you may (or may not) be asked to verify installing the plug-in.

lastpass_iconWhen installed, you’ll see what looks to be a faded asterisk in your browser toolbar (exact location may vary). Click it, and you’ll be presented with the LastPass login screen.

If you already have an account, enter your eMail address and password. If not, click create account and go through the steps.

lastpass_generateOnce you have step up the account, you can import your accounts/passwords from your browser, start making the rounds to your websites, and start exchanging your simple passwords to very secure ones.

Click the LastPass button in your browser again, and you’ll see the Generate button. Click that, and you’ll see the options for generating and replacing a new password.

Rather than go through the whole tutorial .. you can check the LastPass online docs. But to get you excited, here’s a brief video:

Note: In Safari, the LastPass icon will turn dark grey, not red.

LastPass: The Service Part

Once you have your list in place, you can sync it between all your other devices. “But wait,” you say. “If LastPass itself gets hacked, won’t that put me at risk?” That’s the real beauty of this, all the info in encrypted/decrypted locally (on your device). If bad guys get to LastPass (highly unlikely, they’ve got a supremely fortified virtual bunker there .. but for the sake of argument), at most they’ll get a bunch of garbage files.

LastPass also offers security diagnostics, telling you how secure you are, whether you are carrying duplicate passwords, even if your account eMail addresses have been involved in any known security breaches.

If you spring the twelve bucks for the Premium Service, in addition to using LastPass on your mobile devices, you receive other goodies, including the ability to use a USB Flash Drive as a multifactor authorization key.

LastPass is one of those tools that once you begin using it, you wonder what took you so long to get started. You no longer have reason to put your security at risk.