By: Donna Bryant, C&R Administration and IT Manager

Those pesky passwords.  The length, numbers, special characters, capital letters!  According to a survey conducted by DataInsider, 70% of respondents reported having more than 10 password-protected accounts online, with nearly 30% having “too many to count”. When asked if they reuse passwords for different accounts, only 11% of consumers said they used the same password across all of their accounts. So how do you remember all those different passwords? Better yet, where do you store them?

I may have the answer: LastPass.  I began testing LastPass in May, 2018 for work.  I was skeptical at first.  I would rather write down my passwords and keep them in a safe place.  The problem is, I found myself wasting a lot of time revisiting the safe place throughout the day.  Then I found myself wasting lot of time re-entering login credentials an untold number of times throughout the day (do you know how long my email address alone is?).

I can honestly say that LastPass has made my life easier.  Here’s how it works:  First, there are a few different levels of LastPass.  There’s a free version for individuals, a Family subscription for up to six members, a Teams subscription for 5 to 50 users, and an Enterprise version for 5+ users.  There are a few other family and business plans available not mentioned here.

LastPass works within your web browser.  You can use it with Internet Explorer, Chrome, Firefox and Edge on Windows, Mac, Linux and mobile operating systems.  You’ll have to download and install LastPass (or get the Chrome extension) to use it.  Then you’ll need to think of a Master Password for your vault, where all your passwords, notes, addresses, payment cards, and bank accounts will be stored.  This is the only password you’ll ever need to remember.  You can add passwords by letting LastPass save the site as you login, import sites from your email, import/upload from another password manager, etc.  I have only used a couple of these methods, and the one I use 99% of the time is letting LastPass save the site as I login.

Data that’s stored in the vault is encrypted, and the keys used to encrypt and decrypt that data are never sent to LastPass.  Therefore, LastPass is unable to reset your Master Password so be sure to create a hint, as well as provide other recovery options, such as enabling SMS account recovery.

I recently signed up for the Family plan for my husband, my mother and me.   I had a few reasons for signing up for a Family plan:

  • There are sites that my husband and I both need to access.  Why keep passwords on paper or some other format in two different locations?  What if one of us updates a common password?
  • My husband has online accounts that I wouldn’t know how to access should anything happen to him.
  • I pay the bills and handle all of the online accounts in our household.  If anything happens to me, my husband wouldn’t be able to step in and keep things running.
  • My mother is a widow and I’ll need to access her accounts to take care of her affairs should anything happen to her.
  • With a Family plan, I can share passwords with any/all of the members in my plan.

In the interest of full disclosure, my husband couldn’t remember his Master Password in LastPass and it was impossible to recover it.  We had to reset his account.  Be careful if you do this because it will permanently delete all of your stored encrypted data.  I would’ve been upset had he populated his vault, but it was still empty.

Here are a few other things I like about LastPass:

  • When you change a password LastPass asks if you want to update the password that’s stored in your vault.
  • If you have a difficult time creating a unique password, LastPass has a password generator that allows you to control the complexity of the password (you’ll be able to meet password requirements in a flash!).  Long passwords or passphrases with 14+ characters (can be all lowercase) are more secure than 8-character, upper/lowercase, number and special character passwords.
  • You have the ability to set up shared folders in the vault to share a site among members.  You can keep the password hidden.
  • Sharing a password on the fly is easy:  Click a button, enter an email address, check a box to allow the recipient to view the password, then send.  The recipient needs to be a LastPass user, too.

Finally, don’t forget to take the LastPass Security Challenge to find out how well you’re doing when it comes to practicing good password security.  It seems that security breaches are in the headlines regularly and we breathe a sigh of relief when we hear that payment information wasn’t stolen.  But what about our usernames and passwords?  Most people reuse usernames and passwords across multiple websites.  The bad guys know this so they’ll try those username and password combinations across well-known websites to hack into your accounts.  The LastPass security challenge alerts you to change reused passwords, as well as weak and old passwords.

While LastPass is designed to store website passwords, users can keep other types of passwords in a Note within LastPass.I hope you’ll give LastPass a try and find that it boosts your productivity while giving you peace of mind in a world where breaches are becoming too frequent.

If you prefer to keep track of your passwords, be sure to use these Best Practices for Password Security*:

  1. Update your passwords regularly, and immediately upon notification of an account compromise or account holder data breach
  2. Never reuse passwords, no matter what the account
  3. Passphrases (e.g. “Thecatjumpedoverthemoon”) are king when it comes to security and can be easier to remember than passwords
  4. Protect critical accounts with two or multi-factor authentication wherever possible

(*Source: DataInsider “Uncovering Password Habits: Are Users’ Password Security Habits Improving? 12/14/18)