How many passwords do you have? 20? 80? 200? 300? If you have a unique password for each account, as you should, that number climbs quickly. How can a person possibly create and manage that many passwords? Even if you find a way to handle passwords at home or work, what do you do when you’re away from those places?
Fortunately, there are password managers that answer these questions. I’ve been using the LastPass password manager for years, and I highly recommend it. Let me give you a few tips for creating and managing strong passwords with
- Password Threats
- LastPass Review: How to Increase Your Security
- LastPass Premium vs Free Version
- What You Should Do
Passwords are still extremely common, despite some progress towards replacing passwords with biometrics and other authentication methods.
1. Short Passwords
When people think they need to remember all their passwords, they create short passwords that are easier to remember. The shorter a password, the easier and faster it is to crack using password-cracking software. That’s because the fewer the characters in the password, the fewer combinations the software needs to try.
2. Simple Passwords
Another thing people do when they think they need to remember all their passwords is to use passwords that are made up of common words you’d find in a dictionary (such as monkey), or memorable letter or number sequences (such as 123456 or qwerty). Such simple passwords are easy to crack using password-cracking software, which looks for common words and sequences.
3. Duplicate Passwords
Another thing people do when they think they need to remember all their passwords is to reuse the same password(s) across multiple accounts. According to Marc Goodman in Future Crimes, 75% of people use the same password for multiple websites, and 30% use the same login info for all their online activities.
- Amazon Kindle Edition
- Goodman, Marc (Author)
- English (Publication Language)
- 563 Pages - 02/24/2015 (Publication Date) - Anchor (Publisher)
Think of the physical keys you use. What if you used the same key for your house, car, safe, workplace, etc.? If you lost that key, and someone found it, they would immediately be able to access not just one property but several, or all. The same principle applies to passwords, which are digital keys. If you use the same password for multiple accounts, and someone gets that password, then they immediately have the ability to access many of your accounts.
4. Insecurely Storing Passwords
When people decide that they shouldn’t use the same password for everything, they realize they’re going to need to record their multiple passwords. I’ve seen people use Post-It notes on their monitors, a text file on their computer, a Google Doc, a draft email, and other methods that aren’t secure. These containers have few barriers to prevent people from finding the passwords they contain.
5. Not Changing Passwords After Breaches
No matter how careful you are about your personal cybersecurity, it’s inevitable that organizations will suffer data breaches, and your passwords will be leaked. We hope that every organization is encrypting and otherwise protecting passwords, but sadly, that’s not true. And even when passwords are encrypted, there’s always the chance that they can be decrypted.
If you don’t change your password for an account after a breach affects that account, it’s only a matter of time before someone uses your password to access your account. This is especially dangerous if you use that same password for multiple accounts because hackers will try using that password all over the Internet.
6. Insecurely Sharing Passwords
Although it’s always best to have your own credentials for an account, sometimes that’s not an option, and you need to share an account. For example, most of the websites for my utility companies don’t let me create multiple users, so I need to share those accounts with my wife. If you send passwords through email or another insecure messaging system, you run the risk of those passwords falling into the wrong hands.
7. Entering Passwords into Phishing Sites
A phishing site is a website that’s designed to look like a legitimate site so that you feel comfortable logging into it. For example, you receive an email or text with a link to your bank’s website. You click the link, recognize the bank’s website, and log in. However, you didn’t realize that it was a phishing email or text, and a phishing website. Now you’ve given up your username and password.
LastPass Review: How to Increase Your Security
Fortunately, there’s one tool that can greatly alleviate all these problems! It’s called a password manager. There are many options. I’ve been using LastPass for years, and I highly recommend it.
Lastpass uses military-grade encryption (256-bit AES) and has a zero-knowledge policy which means they’ll never have access or view your passwords. It also has two-factor authentication options (2FA) for improved security as well as biometric logins.
Other password manager options:
Keeper is a top-rated password manager for protecting you, your family, and your business from password-related data breaches and cybersecurity threats.
1Password remembers all your passwords, so you can easily log in to sites with a single click.
Dashlane fills all your passwords, payments, and personal details wherever you need them, across the web, on any device.
I’ll show you how to
Here’s a brief overview of how
- LastPass nor anyone else who were to gain access to your vault would be able to get your passwords out of it.
There’s a lot more to know about
1. Longer Passwords
You can use
LastPass’ Security Challenge analyzes your passwords and tells you which ones are weak. It can even automatically change some of them for you.
2. More Complex Passwords
LastPass’ password generator has Advanced Options that allow you to select the classes of characters used in your passwords. Those are uppercase letters, lowercase letters, numbers, and symbols (sometimes called special characters). I recommend checking the box for all 4 classes. If an account says you’ve used a disallowed character, just replace that character with one that is allowed.
3. Unique Passwords
This is where
LastPass’ Security Challenge analyzes your passwords and tells you which ones are duplicates.
4. Securely Storing Passwords
As I mentioned earlier,
We’ve implemented AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even fromLastPass
LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass.
To open your vault, you must enter your master password. You also have the option to add two-factor authentication and make things much secure, so if you have that set up, you may have to get past that as well.
You can manually log out of the
You can set individual passwords (and notes) to prompt for your master password again, even if you’re already logged in. I recommend doing this for sensitive accounts (financial, medical, etc.).
LastPass will require you to authenticate yourself with another factor.
5. Breach Alerts
LastPass automatically informs you when your email address has been exposed in a data breach, and which breach it was. That way, you know which password you should change.
6. Securely Sharing Passwords
LastPass users. You can even share the password without allowing the recipient to see the password. That way, they can use the password to log in, but they’re not able to learn what the password is. You can even unshare passwords when the time comes.
7. Doesn’t Autofill Phishing Websites
LastPass won’t show any matching passwords. When this happens, stop and carefully study the site to see if this is a phishing attempt.
This is when the dark web monitoring feature of
LastPass Premium vs Free Version
LastPass Free will be limited to one decide type only.
|Unlimited password storage||Unlimited password storage|
|Good for 1 device type||Good for unlimited device types|
|Save and autofill passwords, multi-factor authentication||Save and autofill passwords, multi-factor authentication|
|No backup solution||Comes with 1GB file storage|
|No security dashboard||With security dashboard and password scores|
|No dark web monitoring||Comes with dark web monitoring to be alerted if your information is compromised|
|No emergency access||Provides emergency access to your most important information|
What You Should Do
- Research about password managers. I recommend LastPass, and it will probably work well for you, but it wouldn’t hurt for you to research the alternatives.
- Sign up for a password manager, which could be free or paid.
LastPassPremium is great for those who want to get the most out of their password manager.
- Install the password manager on any device where you’ll need it. Most password managers will work on PCs, Macs, and mobile devices.
- Configure the password manager’s settings for the maximum level of security and privacy to keep your login credentials safe and secure. We recommend using the two-factor authentication feature.
- Move all your passwords into your password manager, then destroy any insecure copies of those passwords.