In this article, we are going to discuss an essential tool in your quest for online privacy: the Password Manager
NO. A password manager is not reserved for a special category of geeks, IT gurus or similar outcasts. It is designed to be used by everyone and it should be used by everyone. And if you don’t believe me, try it!
The password manager that I am going to highlight in this article is LastPass. LastPass has basically transformed my whole vision of online privacy by simply using it. It is extremely rare to find a piece of software that basically educates you as you use it, but it was my case with LastPass.
If you are not yet convinced about the importance of a password manager, try something simple.
Visit the site: https://haveibeenpwned.com/, input your email address and look at the results.
Have you been pwned? What does that mean?
The website haveibeenpwned.com allows Internet users to verify whether their personal data has been exposed to security breaches.
Security breaches happen every day on the Internet. Cyber-criminals are constantly attacking online services in an attempt to infiltrate and steal their user database. They are not only looking for credit card number as people commonly think. They are also looking for any data that may be related to your personal life such as health records, bank account details, tax ID, passport scan. Everything can be sold on the dark web.
If you have used the same email address for years, you have certainly been “pwned” and
haveibeenpwned.com will give you a frightening list of databases that contain your email address.
Now what to do next? The most common thing to do would be to look up the date of the breach and if you haven’t changed your password for a while, to go to this specific site and manually change your password.
But it is too late!
Your password has been exposed! This means that potentially hackers are already trying to login to other websites or services leveraging the very same password.
Hopefully, you are a very careful person and you don’t use the same password anywhere.
Do you remember all the sites where you left a password?
If you admit using from time to time the same password, how would you deal with this data breach?
How many passwords do you need to reset to be on the safe side? Probably too many.
Tomorrow, a new data breach will pop-up and you will have to change all your passwords again. This is endless.
Here comes LastPass
I have tried many password manager tools in the past: Dashlane, Roboform, KeePass… And the least I can say is that I have never been impressed by the user experience. UX for a password manager is quite tricky as a good piece of software will have to pop up at the right time on your browser or application to suggest a password. That is definitely something complex to achieve and LastPass truly is the best password manager in this area.
When you first create your LastPass account, you will have to create a master password. The master password is the key that encrypts your Vault. Be careful it is absolutely impossible to recover this password. So make sure you remember it.
A few best practices when it comes to password management:
The post-it on the screen
We always make fun of Larry from accounting, you know who I am talking about?
Yes, you know, the bald fat guy that sticks his password on his computer screen.
But is it really a bad idea? Is Larry actually the smartest guy in the room?
If you are in an office environment, it is probably not a good idea to let your password on display.
But in the comfort of your home, there is a low level of risk that anyone would steal a password from your desk drawer. It can happen yes. But between having a complex password stored on a piece of paper in your desk drawer or having a dummy password on the top of your head, I would definitely choose the post-it.
What is the probability that someone will break into your home? What is the probability that this person will be interested by this password more than your jewelry?
On the other hand, what is the probability that someone will try to break into your online account? 100%. It has already happened and it will happen again. Hackers are brute-forcing accounts on the Internet ALL THE TIME.
My personal tips for a great password
If you are an English native, no luck. Cyber-criminals usually leverage password dictionaries which are basically databases of the most popular passwords. Therefore, your password should not be a word that you can find in a dictionary. And forget as well leet speak too common these days.
Password databases usually list popular keywords and all their deviations.
Example: Hello, He11o, Hello123, Hello2019
The best way to choose a password is to go for a language which is not widely spoken all over the world. It is even better if it is not your own language. An experienced hacker will first find out your native language before attacking your account with the relevant dictionary.
Better than a minor language, pick a word in a minor language which does not use the Latin alphabet.
Why? Because these words once written in the Latin alphabet are usually subject to variation of spelling that make the use of a dictionary nearly impossible.
Finally decorate your words with capital letters, special characters and one or two numbers and you should get a very strong password!
Coming back to LastPass, you have now created your account and LastPass will now suck up all your existing passwords from your browser and applications.
All your passwords will be stored in LastPass Vault. LastPass encrypts this Vault before it goes to the server using 256-bit AES encryption. Since the Vault is already encrypted before it leaves your computer and reaches the LastPass server, not even LastPass staff can have access to your sensitive data!
Then, get ready for an instant upgrade of your online privacy hygiene.
LastPass Security Challenge
Are you excited?
Open your vault and click on Security Challenge. Re-enter your master password for security purposes.
Wait for a while and tada!
The security challenge gives you your security score. If you use LastPass for the first time, I bet it is terrible.
This assessment is performed by analyzing your password database and flag:
- Old passwords
- Duplicate passwords
- Well-known security breaches
- Weak passwords
When you look at the list, it can be overwhelming but don’t give up. It is always better to update it once with Lastpass than to do this change blindly at every data breach.
So take one step at a time, set a reasonable target of five passwords updated per day and you will soon see the end of your misery. Forever.
LastPass also offers a very useful feature called “auto change password” that allows you to change the password on a website in one click. It does not work on every platform but the most popular online platforms are supported such as Facebook, Google, PayPal, Linkedin and it works pretty well.
LastPass is available as an extension for Chrome, Firefox and Microsoft Edge. You can also download LastPass Windows 10 app from the store even though I hardly see the use of it. LastPass is also available for Android and iPhone.
LastPass Premium Vs Free
LastPass runs on a freemium model which means you can use it for free without any time limitation.
A few useful features are only available on the premium version ($3 per month) such as:
- 1GB encrypted file storage
- Priority Customer Support
- Extra security with Premium two-factor authentication
- Desktop application logins
- Desktop fingerprint identification
- Ad-free vault
- Emergency Access which gives you the possibility to open your Vault to some selected members of your family or friends in case of emergency or crisis
LastPass Family allows you to share your license ($4 per month) with 5 other members of your family and share passwords securely across them.
LastPass is also an awesome product for business and teams that are concerned by password management.
If you wish to protect your online privacy, you need to look seriously at the complexity and diversity of your passwords. It is stupid to have a dumb password but it is not a smart idea either to have a very complex password spread all over the Internet.
Like me once, you may not yet see the importance of having a strong password manager but give a try to Lastpass, run the security challenge and unveil the risks you are currently running online.
LastPass will not prevent one of your passwords from being stolen by cyber-criminals. But if you go through a security challenge and continue to use LastPass on a regular basis, you will reduce the risk of having the same password spread across multiple platforms. Mitigating the breach will therefore be easy and straightforward. In a nutshell, LastPass gives you confidence and peace of mind. You are one step further in your quest for a complete online privacy.