Password managers are not perfect, but most information security experts recommend using them because they do the important job of helping us avoid reusing passwords. I’m looking at you 123456! Data breaches happen regularly; it’s a matter of when not if the next one will occur. And, unless you are Rain Man, you probably can’t remember enough unique, strong passwords to use a different one for each site. Password managers also make it easier to change a password if you’re concerned it’s been compromised and allow you to share passwords securely. Even with all those benefits, it took last year’s Equifax data breach for me to start using a password manager!
There are numerous password managers from which to choose. A July 12, 2018 PC magazine posts lists and compares more than 10 different options: https://www.pcmag.com/article2/0,2817,2407168,00.asp. I chose the free version of LastPass. While nothing is foolproof, LastPass has protections in place on master passwords to make cracking the underlying passwords incredibly difficult. But, you have to do your part and use strong passwords; simple passwords or ones reused from other sites could still be vulnerable.
The set-up instructions from LastPass are pretty simple:
- Get the LastPass browser extension. Note that you’ll need this extension on any computer you regularly use: personal laptop, work PC, etc.
- Make a strong master password. It could be a song lyric like “Sweethomealabamawheretheskiesaresoblue” or a favorite quote “GodisourrefugeandstrengthPsalm461”, but it should not be easy to guess or contain your email address.
I would add step 2a: a 2-factor authentication for additional protection of your account. When you turn on this setting, you will enter your master password as well as confirm the log-in through another method, such as the LastPass Authenticator app. Go to account settings and select multifactor options. I chose LastPass authenticator, but there are other options as well. Click “action” and then select the pencil icon to activate multifactor options and follow the steps from there.
- Explore your LastPass vault where you can add sites and save login information.
Bless my heart, but I needed some more details on step 3! Here’s what else I wish I knew:
- 3a. Decide whether you want to start using LastPass on your computer or on your mobile device. You will eventually need to use both desktop and mobile versions, but “eat the elephant 1 bite at a time” and start with just one. I started with the desktop version so that’s what the following directions assume you will do as well.
- 3b. Once your LastPass account is created, go to a website you use frequently that requires a password, like your bank. Log in to the site like normal and you should see a pop-up message on your browser that says something “let LastPass save your username/ password for this site?” Select yes and the bank website will be added to your Last Pass vault. When you want to log in to your bank account again, you can go to your Last Pass vault, select the bank’s website and click “launch.” Last Pass will then fill in your username and password for you. If your bank requires an additional security question, like your first pet’s name do not let LastPass save it because LastPass will then save over your password. Instead, you can enter the security questions and answers in the notes section of the bank account on your LastPass vault.
- 3c. Add websites to your Last Pass vault first without changing passwords for each individual web site. This recommendation is based on the experience of getting locked out of accounts when I tried to add websites and change passwords simultaneously! Remember, “one bite at a time!
- 3d. After several websites are entered in your vault and you are experienced at using LastPass to login to those accounts, then pick one site to update and change the password to a more complex one. Now is when you will answer “yes” to LastPass’s question: “you’ve used this password on multiple sites. Do you want to change it?” For example, if you are updating your Amazon password, LastPass will open your Amazon.com account and you will go to “your account,” then navigate to “login & security,” and select “edit” by password. Then go to your LastPass extension in your browser and select “generate secure password” and LastPass will enter it in as the new password.
- 3e. Because you updated the password, you will be logged out of the Amazon app on your phone or tablet. To get back in, you will now need to download the LastPass app and enter your master password. Then find Amazon in your vault and copy the password to your Amazon app to regain access.
As you use LastPass more often, here are 2 more tips that may be helpful:
- How to share a password: Perhaps you live in an alternate universe and you have a teen who has completed all homework, household chores, and cooked supper for the family so you want to reward this alien being with access to Netflix. You would open the LastPass vault and go to the sharing center. Click on “share an item” and enter your teen’s email address (which is rarely checked because teens text rather than email). Then select the item to share from the drop-down list of passwords.
- How to set up emergency access: You may want to allow your spouse or trusted friend, but probably not your teen, to get in your LastPass vault in a crisis. While logged in to LastPass, go to emergency access and enter the email address of the person you are granting access. Then select a waiting period- from immediately to 30 days.
I hope this information will encourage you to use a password manager and help your set-up go smoothly. Go and use simple passwords no more!
Bridgeworth, LLC is a registered investment adviser and is not affiliated with LastPass.
“The following suggestion of LastPass should not be construed as promissory from Bridgeworth LLC as to its safety/security. Please do your research and read site Terms of Service and Security Statements. We live in a dangerous world and encourage clients to take digital security very seriously”.
2-850953.1118