You’re ready to Update Your Passwords This Weekend, but you want to take it a step further. You’re tired of trying to remember your passwords. You’re not happy with the password-protected spreadsheet of password hints you’ve been using for a decade. You agree that it’s a bad idea to use the same username and password all over the internet. You have some business accounts that need password sharing and management. You think your college kid has been giving out your Netflix password, as evidenced by the fact that it was being used in the maximum number of locations last night.
Whatever your reasoning, it’s time to start using a password manager.
My password manager of choice is LastPass. It’s secure, convenient, works across various platforms, allows sharing, and will even create secure passwords for you.
Compare Password Managers
If you’re interested in looking at your options, check out the last section of this Lifehacker article: “Which one should I use?”. Below is an image from the article that briefly covers the top password managers, including their features, security algorithms, and cost:
Every time I suggest a password manager to friends, family, colleagues, or clients, I hear the same concerns:
- I don’t like the idea of having a list of my passwords stored together.
- I don’t want to give someone all of my passwords.
- What if my master password gets hacked? All my accounts will be vulnerable.
- What if someone overseas hacks me?
There are several issues that LastPass has completely addressed:
- Strong encryption – LastPass uses AES 256-bit encryption with routinely-increased PBKDF2 iterations.
- Local-only decryption – All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. That means that if LastPass servers are accessed by super-hackers, they will NEVER be able to unencrypt your data because your data on LastPass’s servers is all encrypted by you locally.
- Multi-factor authentication – By adding a second login step, you’re providing additional protection to your account – and the information you’ve stored in it. You can use this Premium feature ($12/year) to use many forms of extra authentication, including Google, Yubikey, a thumb drive, fingerprint access, and more. Read more about your options in the LastPass Manual.
- Localized security options – You control local settings to log off when the browser is closed, log off after a specific idle time, require a password reprompt, or to clear the clipboard after it is used.
- Global security options – You control global settings to automatically log off of the web after a specific idle time, automatically log off of bookmarklets, prompt you for a master password for specific accounts or activities, kill other sessions when you log in, and send you emails when your password changes.
- Additional options – LastPass also provides additional features for further layers of authentication to protect against keyloggers and other security threats, including keeping an account history, creating one-time passwords, and providing a virtual keyboard.
- LastPass Portable -For users of Windows, Mac, and Linux (Firefox Portable-only), this version of LastPass that is compatible with FireFox Portable (Firefox 2.0+) and Chrome Portable (Chrome 4+, Windows and Linux only) can be installed on your USB thumb drive. If you frequently use public or untrusted computers, the Portable option is an ideal way to securely access your LastPass Vault.
If you want to learn the ins and outs of LastPass, I strongly recommend you check out their User Manual. It will have the most up-to-date information, including great tutorial videos. This article is not meant to replace the product manual. It’s written to give you a head start using LastPass.
Just Tell Me What To Do
You believe me when I tell you LastPass is awesome. You just want to use it and learn what to do quickly. Not a problem.
#1 – Create a password
Create a GREAT master password. This is the key to your castle. Make it a good one. And make SURE you won’t forget it. You cannot recover your LastPass password if you forget it. You should write it down and store it with your Life Papers in a safe and secure location, like a safe or safe-deposit box. That way if anything ever happens to you, and your loved ones need to access your accounts, that information is available to them. But that’s a different story.
I suggest that you do use a password that has meaning to you, but not one that’s so complicated that you can’t remember it. For example, my daughter is one of six grandchildren. Their names, from oldest to youngest are: Luke, Kendra, Sarah, Kayla, Katie, and TJ. They all live in Kentucky. An example password would be:
Ky = the state. 6 = the number of: gc = grandchildren. L = Luke, n = Kendra, since there are 3 kids whose names start with a K. S = Sarah. y = Kayla. t = Katie. & = the use of a symbol at the end of the list. Tj = TJ, just to keep people guessing. Seriously, nobody would EVER guess that password. There are 13 characters containing uppercase letters, lowercase letters, a number, and a symbol. Now THAT’s a password.
Password Advice from LastPass
Alternately, you might like password advice from LastPass:
We strongly encourage you to choose your own master password, but if you’re finding that difficult, here’s a list of randomly generated passwords to draw some inspiration from. This page and the below password suggestions are delivered securely (https), are not cached, and are not kept by LastPass. You may want to consider using the local password generator.
Please remember that LastPass never knows what your LastPass master password is – you are the only person who knows it. If you lose or forget your LastPass.com master password, we can not recover it for you. So, it is critical that you never forget your LastPass master password.
LastPass provides a list of password suggestions HERE.
To make the password suggestions easier to remember, they also indicate how you might pronounce each password.
#2 – Sign up
Sit down with your laptop or desktop computer, go to LastPass.com and sign up with your excellent master password.
If you’re interested in using multi-factor authentication or using the mobile apps, go ahead and sign up for a Premium account.
#3 – Install LastPass
For now, just download LastPass and do the installation on your computer. You can set up your other devices later. Go ahead and install the plugins for all of the browsers that you use.
#4 – Gather your passwords
Somewhere, you have a list of the websites, usernames, and passwords (or password hints) that you access. Gather that information and get ready to start logging into websites.
#5 – Plan your structure
The following are the important fields that you need consider:
- Name – this is the name you will see.
secure.urlth.commight be the default name based on the URL, but give it a useful name. In this example, clinique.com was sufficient.
- Group – I suggest that you create and use groups. Useful groups can include: Financial, Personal, Kids, Work,
<business name>, Devices, and maybe a shared folder for the family.
- Favorite – There is a favorites “group” in LastPass by default. Sites can be in one of your groups PLUS in the favorites folder. I suggest using favorites for items you need to reference regularly, like when your mobile apps require you to log in every time they update.
- Password – The eye icon next to the password field means you can view the password in the box. The history link provides you with a history of the passwords that you have used for the specified site.
- Notes – This is a good place to put additional login information like PINs or notes about the account.
- Require Password Reprompt – I suggest that you select this check box for additional security on any important sites.
#6 – Enter your passwords
This could potentially be the time-consuming part. Follow the steps in the example below:
- Make sure that you’re logged in to LastPass in your browser. Look for this symbol:
- Go to your website. In this case, I’m adding my favorite makeup site: clinique.com.
- Using your password list, log in to the site.
- As soon as you see the blue bar at the top of the page, click on Save Site:
- The Edit Site Information dialog box (or tab) will open to allow you to double-check the password and edit any settings you like – like adding the site to a group.
- OPTIONAL (but recommended): While still logged in, go to your account page and reset your password. See additional instructions below.
#7 – Reset your passwords
Since you will log in to each of your online accounts, it’s a good time to update your passwords, particularly to increase your security. The most secure passwords you can use are those created by LastPass.
- While logged into the site, go to your account page and locate the option to reset your password. You will see a small icon in the password box:
- Click the icon that looks like this in the first box. This icon is used to generate a new password and will open the Generate dialog box:
- You can choose how your password is generated. This is useful when some sites require a password of exact length, with special characters, or without special characters. This happens often. Once you have your desired settings, click the red refresh button to generate a password you like, then click Use Password, and you will see a second dialog box:
- The password fields are filled with your new password, and the new dialog box is waiting for you to verify that you want to use the password so that it can replace your old password in LastPass. Click Yes, Use for this Site.
- On the website, save the new password change and you will see a LastPass bar appear at the top of the page – this is confirmation that everything went well:
- You can log out of the site and move on to your next site.
You might be thinking that adding all of those passwords was a pain and maybe using LastPass isn’t worth your trouble. It’s easier to use than you think.
- Go to your website and click the Log In button.
- Depening on your LastPass settings, your username and password might be auto-filled or you might see the Lastpass logo with a number in the fields:
- In this case, click on the logo and you’ll see some options. You can click on your username or click on the wrench to the right to see the other options:
- Then log in. It’s that easy.
As a programmer, I can tell you that some things are out of LastPass’s control. Depending on how the web developer coded the website, the fields might not work correctly.
To add a new website when LastPass doesn’t automatically detect your first login:
The iOS operating system does not play well with LastPass. To use LastPass on your iOS device:
- In Chrome (or Safari for the uninformed), go to the login page for your site.
- Open the LastPass app and search for the website for which you need the credentials.
- Copy your username.
- Double-tap the home button to go to your browser, and paste your username.
- Double-tap the home button to go back to the LastPass app.
- Copy your password.
- Double-tap the home button to go to your browser, and paste your password.