Using a Password Manager

Whether you’re reusing passwords (a definite security risk) or trying to keep track of a multitude of passwords (a definite sanity risk), a password manager is a great help.

I finally reached the tipping point with passwords a few months ago. I had been using an encrypted file to keep track of passwords, but it just became untenable with multiple devices. I also wasn’t happy with the lack of complexity of the passwords I was using.

After some research I settled on LastPass, a free utility that is web based with apps available for iOS and Android OS. Once I came up with one super-strong password (the “last pass” I’ll have to remember), I set it up to generate random passwords for some sites, and left other (less important) sites as they were.

Things I love about LastPass

  • It’s really easy to have it remember and retrieve passwords when I’m using a computer browser.
  • My passwords are (securely) accessible from any device I use.
  • The security level is highly customizable.
  • I can designate certain passwords to be shared with other LastPass users–my family for instance, can use their own LastPass account to access my Verizon password, so they can log into our shared family plan. This feature requires one person (me, in this case) to buy the premium service, which costs me $12 per year.

Things that I don’t love about LastPass

  • It’s a bit cumbersome on my phone. While the new version provides its own browser that will automatically invoke LastPass when needed, that doesn’t help with apps that require passwords. Getting to my LastPass passwords from an app on my phone requires launching the LastPass app, copying the password, pasting it into the password field, and then going back and clearing out the clipboard so the password can’t be pasted in again.
  • The base settings for LastPass aren’t as secure as I’d like (it stays logged in too long, for instance), so I spent some time tweaking them to my liking.

Choosing a Password Manager
When you’re choosing a password manager you should consider several factors:

  • It should use at least AES 256 encryption.
  • It should be able to generate random, secure passwords for you.
  • It should work on all the devices you use to access secure sites–your smart phone, tablet, and computer–and any browser.
  • Two-step authentication is a security feature that makes it more difficult for someone to break into your password vault.
  • If you need to share passwords with friends or family, can it do that without compromising passwords that are just for you?
  • A helpful rundown of password managers can be found at http://www.pcmag.com/article2/0,2817,2407168,00.asp.