It’s time we talked about your password problem

A password for your bank. A password for Facebook. A password for your Gmail account, your Twitter account, your Yelp account… It’s likely that you’ve got too many passwords to keep track of. And if you *are* trying to keep track of them, then you’re doing it wrong. If you’re using the same password for more than one site, you’re really doing it wrong.

You Need a Password Manager

Password managers keep track of your many passwords, encrypt them, and secure them with a single master password. That way you only have to keep track of a single password to access all of your others. A password manager will integrate with your web browser and automatically fill in your login credentials as-needed. Most password managers will also have an app that’ll run on your phone to help you access your saved passwords on-the-go.

I use LastPass

I’ve been using LastPass as my password manager since 2011. I’ve been very satisfied with it. I pay $1/month to have a “premium” account, which is what you need if you want to access LastPass from a mobile device. I have one long password (pass phrase) that I remember that will let me log in to LastPass to retrieve all of my other passwords.

Pick a Pass Phrase

For a password manager to work, you need one good secure password. It needs to be cryptographically strong. That means that you need to come up with something that’s easy for you to remember, but hard for a computer to guess. I find that it’s easiest to pick a sentence or a song lyric and replace some of the letters with punctuation. Easy options are substituting a 3 for an E or a 5 for an S. But the more creative you get, the stronger your pass phrase. You might end up with something like: sc0tt%5pa55w0rdLo0k5w3ird

Let LastPass Generate New Passwords

People are notoriously bad at picking strong passwords. Once you’ve got LastPass set up, let it pick your passwords for you. Let LastPass generate passwords like jsT%43iaUf&eJvS!YNkq. There’s no reason it should be something you can remember. And if you feel weird about not knowing your password, most sites will have an “I forgot my password” link to allow you to reset it.

But is it safe?

This is the question that I get asked the most when I start talking about password managers. What happens if LastPass gets hacked? LastPass (and their like) are security-focused companies. The chances of them being hacked are low. There are password managers that allow you to store your passwords locally on your own machine if that’s a concern for you. LastPass even includes a tool to automate selecting new, strong passwords for the sites you frequent. If you ever have a concern, it’s very easy to generate new, long, random passwords.

Something that’ll greatly increase your security is multi-factor authentication. I’ll cover this in a separate post, but, in a nutshell, this method requires more than one method to prove your identity. You may, for instance, have a fingerprint scanner on your laptop. If you’re using multi-factor authentication secured by your fingerprint, someone would have to know your password *and* have your fingerprint.