This week in the Organized Life Series you will be getting your Email, Contacts, Passwords, and Bookmarks organized. These topics are related, but best discussed on separate pages. Click here or at the bottom of each of the four pages to access the other parts of the series.
For Passwords, we are going to discuss using LastPass and for Bookmarks we are going to discuss using Xmarks. I’m pointing this out here because if you want to purchase Premium services for either of these accounts you can save a little by bundling them. LastPass is $12 a year. Xmarks is $12 a year. Purchasing them together is $20 a year. The Premium service removes the ads and provides mobile apps.
LastPass, or some other password management software of your choosing, is a handy tool for keeping track of your passwords in a secure manner. It also fills forms and can save your credit card or banking information. I STRONGLY recommend you use a system like LastPass.
#1 – The Importance of a Good Password System
We’ll discuss the importance of having a good password system by talking about what a bad system can cause.
- Use the same password for everything. That seems simple enough. If you use the same username (mylongname1974KY) and the same password (KidDogCatKid1994), anyone gaining access to one account can access them all. Face it, if you were a hacker and got usernames and passwords from a message board, you’d take those usernames and try them at Amazon, Paypal, Mint, and anything with money attached. Although Mint won’t allow them to move any money, they can figure out what bank you use and try the username/password combo there. This is a HUGE security risk.
- Write the passwords down. This is extremely insecure in the event you are ever robbed. This is also the #1 way identity thieves get your information. And in case you aren’t aware of this, most identity thefts occur by a friend or family member that has access to your home. This is also a HUGE security risk.
- Record them in a spreadsheet. This has the same problems as the 2 above. People that have access to your computer can get access to all your usernames and passwords.
- Use an easy password. Do not use the following passwords:
- Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
- The last 4 digits of your social security number.
- 123 or 1234 or 123456.
- Your city, or college, football team name.
- Date of birth – yours, your partner’s or your child’s.
#2 – Create a Good Password Design
The best way to create a password is to know one basic concept. If a hacker is trying to crack your password they will first try a brute force search of proper names and dictionary words. They will try those with replacing letters with numbers and they will try adding numbers to the front and back. So don’t do any of that. There are tons of ideas to create a secure password, and I’m going to discuss my 3 favorites.
- Use a site like LastPass for all your passwords and let it create a secure password for you. However, this is a serious PAIN when you need to enter those passwords in a mobile app where LastPass doesn’t have access. You have to be a paid premium member, open the LastPass app, and copy/paste. This is the most secure password, however. You won’t be able to remember it.
- Create a Phrase like “Amazon Prime Sells 2 me” and make a password from that like “AmzPrmsells2me”. Again, this could get complicated to remember your phrase for every site you use. Remember, don’t use the same password all over or if your Hallmark account gets hacked, the hacker can post on your message boards.
- Create a basic structure. Pick a random thing like board games. This will be one root. Another root will be the site you are accessing. You will then add a number and a symbol. Like so: Root1 = Trouble. Root2 = Google Site. Keep in mind that most websites have password requirements and your password should contain at least 8 characters, at least one capital and lowercase letter, at least one number, and symbol. Some sites require a symbol, some prohibit it. So a good password structure would be “Trb@1Ggl”. If the site prohibits a symbol you could use “Trb21Ggl”. Then, for sites that require you to change the password 6 times a year, (thanks, work!) you can just increment or decrement the number.
#3 – Install LastPass
Go to the LastPass website and download the software to your computer. There’s a nice wizard that will walk you through the install. If you have any passwords saved in your computer or browser, LastPass will give you the option to include those and even to delete them. I recommend you do that. Storing your passwords in your browser is not very secure.
After the import is complete, pull out your previous password system. If your system was basic – use the same password for every website, then go visit your most-visited sites and let LastPass grab your passwords as you enter them. If you have a spreadsheet, start going down the list. However you used your old system, start visiting those websites and let LastPass grab your passwords.
For websites that need extra protection such as your banking sites or sites that have your credit card information like Paypal or Amazon, add an extra layer of protection. When you save the password, require a password reprompt. That means that when you visit that site EVEN IF YOU’RE LOGGED INTO LASTPASS, in order for LastPass to fill the saved password into the site, you’ll have to enter your LastPass Master Password again.
#4 – Use LastPass to Audit and Update your Passwords
LastPass offers a great feature that will audit your passwords, tell you what you’re doing well and what you’re not doing well. To take the security challenge, click the LastPass button in your browser, then click on Tools > Security Check. (Or just go here.) Click the Start the Challenge button to get started. LastPass will then scan all your saved passwords. It doesn’t take long. When it’s complete, you’ll see a report detailing all your analyzed sites, sorted by duplicate passwords.
Further down the page you will see the Analyzed Sites table. This table will show you groups of sites that use the same password, how secure that password is, and more. Click the Show All Passwords link on the top right of the Analyzed Sites table.
Sites with duplicate passwords are grouped together. You can click through LastPass to go to those sites and update the password. One of LastPass’ built-in features detects password change forms. In other words, if you log into a web site and change your password, it notices a field asking for your current password, but also asking for another password. LastPass can do one of two things: It can help you generate a secure password, using rules and defaults of your choice (recommended—just click on LastPass, then select Tools > Generate Secure Password), or it can simply watch you type in your new password. Either way, once you update your password, LastPass will offer to update it in the LastPass database.
One thing that LastPass does well is to teach you about your passwords. This audit is wonderful for that. It shows you your password strength and if you use the same password too many places.
Other Great LastPass Features
Sometimes you find it necessary to share a password with someone. Whether you are sharing your Netflix password with your kids, sharing a web password with other administrators (think sports team), or sharing an article that requires a subscription to view, you need to share your username and password. Rather than sharing it over email, you can easily and safely share the password through LastPass. You can even make sure the person never sees the password when they use it. There’s a great article on How to Securely Share a Password with Someone Using LastPass on Lifehacker.
You can also greatly increase the security of LastPass by using a Yubikey or thumb drive authentication. LastPass has a neat video on How to Use LastPass Sesame.
To read more about the free and premium features of LastPass, see the LastPass Features Page.