There has been a lot of press lately about websites getting hacked and the user databases getting stolen. Facebook, LinkedIn, Yahoo all come to mind as recent victims. You never know which website will be the one that has weak security and will lose your online identity to hackers. The safer way to deal with this problem is to use a different password for every website.
A lot of you have quit reading at this point, because even though this is an obvious safety measure, this is normally a LOT of work to do. Many people use the same password for all of their online user accounts. This presents a problem, because many websites don't do a good job of saving your password in a secure manner. Once your common password it known, it is a trivial thing for a hacker programmer to try that password across the internet to see what they can unlock with your account. What if the programmer at one of your trusted websites is the hacker? The safest websites actually never even store your passwords in their system. They do some sophisticated math on your computer and send an encrypted hash value to their backend and after adding a bit of other salt (random noise) to the value they change it up a little more before it is stored securely. Later on when you need to access that website, the math is done again on your side, the salt is added on their side, and this encrypted hash value is compared to what they have stored to see if you have access.
So, back to How Do I Easily Protect My Own Online Passwords?
The solution that works for me is found at www.lastpass.com
You create a secure login to LastPass and download the appropriate software to your computer, iPad, iPhone, Android Phone or whatever. This one Master password should really be secure. It will unlock everything else for you. I recommend a pass phrase of 16 or more characters. Steve Gibson from GRC.com says that the most important criteria for a strong password is the length of the password. Most passwords of 14 characters or less exist as precomputed values in hacker's tools because of the old way that Windows protected passwords. By utilizing LONG passwords, the hackers are forced to do brute force attacks, which take much longer. They would rather find someone else's easy password than waste time looking for yours.
Then you use LastPass to generate a new password for each of the websites that you go to. LastPass will store that new (or old) password for you, and as you use LastPass in your normal web browsing, you will slowly build up a list of your password protected websites within the LastPass Vault. Once LastPass knows about a website, it can automatically login for you. So you will start your day logging into LastPass, and the rest of the day you will simply click the bookmarks within LastPass to access all of your secure web content.
LastPass is FREE to use for personal use on your computer. At the very least, everyone should be using this version.
They also have upgrades that you can get to make it even more useful. Their Premium version is only $12 per year and it adds the ability to work on your other devices, iPhone, iPad, Blackberry, Android, Firefox Mobile, Windows Phones, and this list of devices continues to grow.
If you buy the Premium version, (this may also be available in the free version) you can also create secure NOTES. These notes can only be opened by you if you enter your long LastPass password into the Vault another time. For computer techs, this is the place where you would store additional information about your client's networks. This is nice for when you need to get that secure information while you are freezing, standing in the data center, away from your own computer. You can open this secure info on your phone to get that needed piece of info while you are fixing their critical server issue.
Another cool feature that they added recently is that LastPass can now gather up all of your remembered WiFi passwords from the device or computer that you have installed it on. Now you can find that password again the next time you need to join a network.
I have no affiliation with LastPass in any way, other than being a highly satisfied customer. If you research LastPass on the net, you might find some mention of a security breach about a year ago within LastPass. Actually, there is no evidence that stored data was ever compromised. What happened was that LastPass was monitoring their systems, and noticed some unusual activity. They did the Right Thing by notifying all of their customers that there might have been a leak. Then they brought in outside help to audit their systems and shore up their security safeguards. LastPass should NOT being getting any bad press about this event. They have always been concerned about saving data securely. They are constantly being reviewed and audited to ensure the safety of your data. After reviewing the incident and the details, I am confident in the integrity of the company and of their security measures. Steve Gibson the security expert from www.grc.com also has looked through their methodology, and finds no faults.
I have upgraded to LastPass Enterprise, because I can add additional users under the company master account. Also there is a windows based application that can be used to save passwords for Windows applications running on your computer, so that you can create secure passwords for those applications as well.
I have been using LastPass for a number of years now. What password manager do you use? What do you like or dislike about it?