Following the attack, hubby and I got serious about our online security. We both bought annual licenses to LastPass, a personal password manager and changed all of the passwords on our accounts. We don't even know most of them (any of them?) because they are highly encrypted and each one is different. So how do we log into all of our accounts? That's where LastPass comes in.
How Does a Password Manager Work?
Basically, it acts like a passport into all of your accounts:- You log into the password manager either from a mobile app or a browser plugin.
- Then you visit sites to which you have logins, like Facebook, Gmail or even your banking site.
- The password manager recognizes that there is a login function on the page and asks you if you want to log it.
- You have the option of logging it as-is if you want to keep your current password, or changing your password.
- If you change your password, you can manually enter the new one or have the password manager generate one with varying levels of encryption.
- The password manager stores the password and login information, and can automatically retrieve it for you the next time you go to log into the site.
From that point on, if you're logged into the password manager, it will detect the site via its URL (or app if you're on a mobile device) and either prompt you with a suggested password or pre-fill the login for you (depending on your settings). No more remembering passwords!
But How is That Any More Secure?
Aha. Good question. Password managers are only secure if you act securely. That is, if you either set it to have a timeout or an auto-logout. If you leave your password manager logged in at all times, then anyone who comes across your computer or your device will have access to all of your logins regardless how complicated you've made them.
The magic behind the password manager security is to make sure that you have a complicated password for your password manager and that you always log out of it. For example, my settings are such that:
- If I close my browser on my home computer, I am logged out of the browser plugin and have to log in manually.
- On my phone and tablet, LastPass does not launch automatically. I have to log in each time I want to use it.
- At work, I don't use LastPass on my computer. I'm just paranoid that way.
The other way to be secure is to use 2-factor authentication for your password manager. That ensures that you need to enter a secure code (from a grid that you need to print or store outside of the app) if you are accessing the app or site from an unknown location. In the event that your computer or phone is ever stolen, you can change your password manager access using the extra authentication. Also, if the password management platform ever gets hacked, they will automatically require two factor authentication on the accounts that had previously activated this feature. For the most part, these platforms are much more secure than the average site, since their job is security. But if you don't have it on, you aren't protected. It's a necessary added level of security.
So how does a password manager save any time?
It just does. It saves me SO. MUCH. TIME. Because I only have to remember ONE password! Sure it's a couple of clicks to log into something but honestly, after being hacked, what's a couple of clicks?
More benefits
Here are more reasons why I love having a password manager:
- I have weird and wonderfully complicated passwords for absolutely everything.
- There is no duplication of passwords across any of my apps. (Which is secure in itself!)
- If I find out that a platform has had a security breach, I can use LastPass to generate a new password in seconds. And I don't have to remember what it is.
- No more scraps of paper with passwords written on them, inaccessible when really needed.
- In my case, the LastPass app is simple and clean, and you can make a favourites list for those sites you access the most.
- The browser plugin (at least the one for LastPass) is easy to use and unobtrusive. (A little asterix in the login fields appears when it is prompting you with the account info.)
- It's possible to sync and share logins with family members, especially important for things like banking or even estate planning (morbid but true: everyone knows someone who had a family member pass away and no means to access or even shut down their accounts after their passing).
- Oh, and they are cheap. My premium LastPass account is costing me $1 a month.
Now that I've been using a password manager for several months, I wouldn't even consider going back to managing my own passwords independently. I personally chose LastPass but there are a bunch of others on the market. The key is to pick one and use it. I just can't stress it enough.