The problem: In this online age, we have typically 26 accounts, but just 5 passwords of just 6 characters on average. 6 characters can be cracked in 3 seconds using computers.
Every online subscription needs a “login – password” combination, be it:
- paid news subscriptions, eg. globe and mail,
- purchasing, eg paypal, amazon, visa number and expiry, groupon
- communications, email, skype, facebook, social media
- bank accounts, utility accounts
As we age, remembering these logins and passwords becomes increasingly problematic. So we should manage them with a password manager, like LastPass. Last pass can store account usernames, passwords, and notes like answers to verification questions. You provide LastPass with an email address and a master password and LastPass stores passwords as you create or use them, in its database of encrypted passwords kept on its servers. Read the LastPass How It Works page for information on security and uses.
Creating a LastPass account is like creating most accounts, and can be created without first installing LastPass on your computer.
- Username is often your email account
- Passwords should be longer than 11 characters and as long as you can bear. As suggested by the SIG member, try using 3 or more longish words that only you can relate to each other. Do include CAPITALS and numbers. Never let any browser save this password.
- The hint box should be filled with something that you alone can figure out the password from.
For security reasons, LastPass will not email you a link to reset your master password. Store a copy in your safety deposit box. If the hint doesn’t help, you might use the One Time Password (OTP) that you can created on a trusted computer, though it lowers security to create OTPs. This allows you to change your Master Password if you’ve logged into LastPass previously on that computer, and is the only way to ‘reset your password’.
Use the pages at the LastPass helpdesk for complete instructions on using LastPass.
Using LastPass on public computers, like the clubhouse. LastPass has been installed on the club computers, but the LastPass extension has been disabled in the browser. This means you can browse to, and authenticate to, your password vault on the internet, enter passwords there, and copy passwords for pasting into web pages, but none of that will be done automatically. This is the safest way to use LastPass on a public computer. You can also use One Time Passwords to defeat key loggers. Remember to logoff LastPass at the end of your session, in each browser that you used. Of course, if you have to remember to do anything, security is near zero.
If you install LastPass on your own computer, follow the steps in Downloading and Installing
• Use the binary version of the plugin • Do not store your master password • Disable “Account recovery” • Do not use “Password reminder” • Activate 2-factor auth • Prompt for master password to make passwords visible • Add country restriction • Update/Randomize PBKDF2 iterations • Disallow TOR logins