How many password do you use? I bet not many – usually users have 2-3 different passwords for different levels of security. For most important things there is one password, for less important stuff there is another password and for all the others some simple one. In theory it works, but only in theory. There are few problems:
Some sites have specific requirements for passwords – capital letters, numbers etc, which enforces use to use custom password (which we are gonna forget in few weeks)
If we try to follow minimum password security guidelines we are gonna change passwords from time to time. It is absolutely not possible to change all the instances of old passwords on all the sites we are registered on. And believe me – sometimes we revisit these sites and have to guess the old password which is really annoying
How to increase your online security then? How to make sure that by cracking one password someone won’t get access to all sites used by you and won’t be able to steal your identity? Solution to this problem is to use password manager – there’s lot of them on the market and all modern browsers offer this functionality. Unfortunately most implementations is very simple and can be cracked easily, so using them is asking for troubles, and troubles in password world can lead to REAL PROBLEMS with REAL MONEY involved. Don’t forget about it.
In 2009 I found great password manager which I use till today – it’s called LastPass and is fully packed with very useful features. It’s completely free too, unless you need some very advanced options (I don’t use them), which makes it very interesting option for freeware fans. If you are using some other password manager right now, don’t worry – LastPass can import lots of different password databases, including all browsers, Roboform and eWallet.
How to use LastPass?
LastPass is a browser plugin and to get access to your password database you will need to enter password. Don’t worry, it happens only once when you start your browser. So you need to remember just one password. All the sensitive data is encrypted with your password (using AES-256), so only you can get access to it. One copy is stored on LastPass servers (in encrypted form), but the password used to encrypt it is never stored or send anywhere – it is used only when you enter it. Another set of data is stored on local computer, so you can use it even if LastPass servers are down (which never happened to me).
Using LastPass you can store not only passwords – you can also store notes and share data secure way instead of sending login details via email. If you share computer with another person, you can use different identities to store data. If you are after really strong passwords, LastPass can generate some for you automatically, it can also audit and score you stored password – so you know what you should improve. LastPass has very clean, handy and easy to use interface – there is substantial number of options, but nothing really complicated. It’s really easy to store few sets of passwords for single site and select them on login screen. If key loggers haunt you in your dreams, you can use on screen keyboard to enter the data.
LastPass can be used via plugin for your favourite internet browser or via LastPass page – you log in there and after selecting one of the stored sites system tries to log you into it. Useful thing if you don’t want to install the plugin.
For the people who use Internet Cafes a lot, LastPass has another useful feature: one time passwords. How does it work? You can request set of one time passwords on the LastPass site – you print them and store in your wallet. Let’s say you want to access your paypal from the airport’s cafe: on the LastPass site you choose to log in using one time password, system asks you for the first password, you login, select your paypal site and bang: you are logged in. This way you bypassed most techniques intercepting keystrokes and taking screenshots. Clever, isn’t it? Even better – if you try to login on phishing site, LastPass will warn you about it!
Of course all systems like LastPass should be treated with caution – so don’t store your full bank details there (you can store just logins, which helps because they are usually hard to remember). Recently lots of banks request the electronic keys for logging in, which makes LastPass even more secure. I personally use it since 2009 and find very handy, elegant and secure system – I recommend you try it yourself.