It astonishes me how many people still use "123456" or "password" as passwords for important accounts. The annually published list of most popular passwords is disheartening. I really have no sympathy for people when their email address gets compromised and they send viruses to their friends--followed by an apology a day later. But the reason is obvious: we all have so many accounts, with so many services, how are we ever supposed to remember all the username/password combinations?
Most people have a handful of easy passwords they use for all their accounts. They don't always remember which password goes to which account, but after trying a few times, they usually get in. Other people use all the available hard disk space in their brains remembering dozens of passwords, attempting to keep them all unique. These people make frequent use of password recovery services. Other people write all their passwords down on paper, or in a file. But unless you are willing to take the security risk and carry this around with you, it is of little use.
Password managers like LastPass are the best solution I know of. It's called LastPass because your master password is the last password you will ever need to remember. I've been using it for years. I don't know, or need to know any of the passwords for my many accounts. They are all unique, long, random strings of characters. LastPass remembers them for me, and fills them in for me automatically. It's really genius.
LastPass runs as a browser plugin, or as a background service on your mobile device. You log in once (per session) using your master password, and then every website or app you visit which asks for credentials, LastPass automatically fills them in for you. Not only does this save tremendous amounts of time, but it saves precious swathes of brain space.
It is also far more secure than any other method of storing passwords. Your password database is encrypted with 256-bit, government level encryption, and all decryption only happens locally so that your unencrypted passwords are never, ever sent over the internet, even on "secure" connections. It is so secure, in fact, that if you forget your master password, not even the people at LastPass can recover your database for you. I store not only internet account passwords, but it's where I keep ALL my sensitive information like account numbers, social security numbers, etc.
Lot's of people I've spoken with are skeptical about using these types of services, but I don't understand why. It is so much more secure than relying on your own memory, or writing passwords down on paper. Making all your passwords unique and strong means that if someone hacks into one of your accounts, your others are still safe. And you never have to worry about being without LastPass because you can access your database from any internet-connected device if you need to.
I've been promoting this for a while now. If you are one of those people that uses the same password over and over, or that spends way too much brainpower remembering unique ones, take this opportunity to finally get your sh** together. Get organized. Get secure. It will save you time, brainpower, and protect you from potential disaster.
No comments :
Post a Comment