I admit it – for many years I’ve been lazy and reckless with my online passwords. I don’t think I’m alone. But I have changed my ways. I am starting to use password manager software to take better control of my online accounts access.
Like many people I know, I had a scheme for assigning variations on the same password when creating an account at a site. Afterward when I went to login, I’d just try my typical username and password, and if that didn’t work I’d try my 2nd password variation, and so on. I thought I was pretty organized by having all my sites with “accounts” in a separate browser bookmark list, with little hints for how to signon, right in the bookmark list. By this summer, my bookmark list of sites with online accounts was about 50 deep.
I have no excuse. I was aware this password and organization scheme was not good online security practice. A security breach at any one of the websites I sign on to could result in malicious access to a large number of my online accounts, potentially causing me digital chaos both at work and at home. Also, it was becoming difficult to lookup account information from different devices – iphone, ipad, laptops and desktops at work and home. And what if my laptop with my sites/hints list was stolen? The problem just seemed too daunting to fix. But with a few free days this summer I finally made the leap and committed that I would:
1. find all my online accounts
2. assign a unique, secure password to each online account (check out some password creation tips here)
3. organize the login information in a secure, easily retrievable way
Password managers
Half a day’s research (including my trusty pln) led me to realize that I probably needed to use password management software. I looked into a number of software titles including 1Password, Lastpass, mSecure, Kaspersky, and Roboform to name a few. I learned that one of the main things to decide is whether you want to store your password information locally or in someone’s cloud. Of course there are pros and cons for both: cloud based allows for easier access across devices, while local storage may provide better personal control over password data. Then if you choose cloud based password storage, you have to decide if you want your data kept with a generic service like dropbox, or on a Password Manager company’s site.
I ended up choosing Lastpass over 1Password, for the following reasons:
- Web based in-house password storage for easy access anytime, anywhere
- Support across many platforms, specifically for me Windows, Mac, iOS and Android
- Rich feature set and positive reviews from both professional critics and everyday users
- Cost – Lastpass is free for desktops/laptops, $12 yearly for “Premium” upgrade to include iOS and Android. 1Password would have been around $70.
- Proven record. They’ve been around since 2008 and are well established.
The result
It took 3 full tedious days to find and organize all my online accounts using Lastpass. I also used each site’s “change password” area to assign a unique and fully secure password. I now have all my account information fully centralized and accessable from any device, and in Windows from Firefox, Chrome or Explorer. When I go to a site I have to sign on to, I sign onto Lastpass with my master password, and all my login information for the site is filled in for me. After extensive searching through my digital life, I have exactly 100 passwords in my master list, and they are all unique, secure, and impossible to guess. And I don’t know any of them off the top of my head (except a couple key ones).
It’s not perfect
This will be a journey. I’m relieved that all my accounts now have unique, unguessable passwords. But I’m totally dependent on my password manager to find my passwords for me, or allow me to look them up. This could be a challenge, especially at work where I often need quick access to account information when teaching. It will be interesting to see if the software is “manageable” or will frustrate me excessively. That is my biggest fear – not knowing my passwords for instant access. But I’m ready to let that go. I’ve also let go of the worries over web based password storage by a private company. Honestly, I think they will do a better job of keeping it secure than I’ve managed.
I’ll let you know how it goes !
Education & Technology 