How do you create unbreakable passwords that you can easily recall when you need them? You use a password manager.
If you are like me, you have a plethora of passwords for the numerous websites and apps that you use. Keeping track of all these passwords in your brain, or in a secure document eventually becomes a very painful challenge. In response to this, more and more companies are starting to use biometrics, but for as long as we use passwords, the solution to our predicament is to use a reliable password manager.
On February 9, 2016, PC Magazine published a list of The Best Password Managers for 2016 and awarded Editor’s Choice to these three tools: LastPass, Dashlane, and Lamantine. LastPass has the most features, and it happens to be the tool I use.
To better understand the benefit of a password manager, such as LastPass, first, let’s cover a few password rules.
- Use a different password for each website or application. This is crucial, so that if someone gets to know the password to your Facebook account, he or she won’t be able to access your Twitter account, bank account or 401k account.
- Make passwords at least ten characters long (12+ to be safe).
- Avoid using passwords like:
- your log-in name
- any part of your full name
- words that can be found in a dictionary
- people names
- pet names
- place names
- birth dates and years
- address number and zip code
- social security number
- phone number
- numbers or letters in sequence (e.g., 5678, ABCD)
- letters in keyboard sequence (e.g., QWERTY)
- numbers in keypad sequence (e.g., 741 or 369)
- repeated letter or numbers (e.g., ccccc or 33333)
- Include in the password characters from at least three of the following four classes:
- Upper case letters (e.g., A, H, T, X)
- Lower case letters (e.g., a, h, t, x)
- Numbers (e.g., 1, 5, 2, 9)
- Special Characters (e.g., $, _, ^, /, @, !)
- Make it complex, so it would be hard to guess.
- When possible, the application or website you are accessing should keep a history for the last ten revisions of the password and prohibit their reuse.
- Change the password at least every 90 days.
- Change the password for a particular website or application as soon as you hear that the site, company or app has been compromised.
- Use two-factor authentication.
As you can imagine, it is very hard to follow these passwords rules without a handy tool. The easiest way to do this and to keep track of your passwords is to use a dependable password manager. Below are 18 benefits of using LastPass.
- Stores passwords in a secure vault.
- Uses AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
- Encrypts and decrypts data at the device level. The company does not have access to your confidential data.
- Saves passwords as you log in or register on a website.
- Saves unlimited logins for websites, such as Gmail, and quickly switch between them.
- Automatically fills your login credentials.
- Works on multiple platforms: web browsers, iPhone, Android, iPad, etc.
- Free on any one device. $12 per year for multiple devices.
- Generates random complex passwords.
- Users select the length and the character types to generate passwords.
- Automatically changes your passwords if you want.
- Stores secure notes for your confidential information.
- Stores profiles for credit card information and addresses so you can make online purchases with just a few clicks.
- Securely shares selected passwords with your spouse or other trusted people.
- Uses two-factor authentication.
- Allows offline access.
- Includes secure emergency access, so your spouse or other trusted people can get access to important accounts should something happen to you.
- Has individual and enterprise versions of the app.
By using LastPass Enterprise version, you can ensure that all the users in your organization can easily follow all the password rules listed above. For more information, you can go to LastPass or The Best Password Managers for 2016.
It is important to mention that LastPass was hacked in June 2015. After the discovery of the suspicious activity, LastPass quickly made an announcement and made the appropriate corrections. The company found that email addresses, password reminders, server per user salts (data added to passwords to make them harder to crack), and authentication hashes were all compromised. However, the company clarified that no accounts were compromised, and attackers could not gain access to encrypted user vault data (which contains the users’ passwords and other confidential data stored by LastPass). Thanks to robust encryptions methods used by the company, the compromised encrypted master passwords are too difficult to crack, as long as users created strong master passwords. As a precaution, the company recommended all users to change their master password.
Password managers are a juicy target for hackers. Therefore, LastPass is making every effort to protect its customers’ precious data. For instance, since January 2016, LastPass requires email confirmation for all logins from new devices.
I’ve been happily using LastPass for five years. It has given me peace of mind and has made me more productive. Are you already using a password manager? If so, which app are you using? Be sure to use a trusted app that has all the benefits listed above.