Strong Passwords With LastPass

Major password leaks are unfortunately becoming all too common. Each time a new batch of passwords becomes public knowledge, security experts pipe up with recommendations on how to protect yourself online. Their advice typically boils down to two things:

1. Don’t share passwords
2. Make your passwords as tough to crack as possible (i.e. long and random)

Though great in theory, this advice is pretty hard to follow. After all, how many long strings of random characters could you actually remember? Most people can’t remember more than a small handful, hardly enough to cover even a portion of their online accounts.

Well the good news is that there are tools to help. I personally use and highly recommend LastPass. LastPass remembers all your passwords and makes them available to you anywhere you need them.

First, Get LastPass (and Secure It Too)

You can download LastPass as a plugin for pretty much any browser you’re likely to use (I’ve used it on Chrome, Firefox, and IE). The free account covers a lot of ground and is probably all you’ll ever need. In case you need more features (things like mobile access), there’s a $12/year premium version available as well.

Turn on Two-Factor Authentication

LastPass is reasonably secure out of the box, but it can be made even more so through two-factor authentication. The basic idea behind two-factor is this: in order to be properly authenticated, you have to provide more than one thing unique to you. That thing could be “something you know” (like a password), “something you have” (like a security token), and/or “something you are” (like a finger print).

In addition to your password, the free version of LastPass uses a grid of characters generated specifically for your account to uniquely authenticate you:

Once you generate the grid, LastPass will start prompting you to enter a series of characters from it in addition to your password:

So, even if someone manages to crack your password, they still won’t be able to log into your account. By the way, you can configure trusted computers (like your home desktop) to not require this additional check.

Next, Generate As Many Strong Passwords As You Need

After setting up LastPass, it’s time to change every password you’ve got. The idea here is to create the strongest password allowed by whatever site you need it for.

Note that the length and complexity of passwords allowed by various sites varies pretty drastically, so be sure to check the limits allowed by the site (it’s usually described somewhere near the “Enter new password” text box).

For example, Wells Fargo allows passwords of up to 14 characters, with at least one letter, one number (but no more than nine), and special characters (!@#$%^&*+=-_{}[]\|?/.><,~`). That’s decent, but Capital One allows passwords more than twice as long, up to 32 characters (the most I’ve seen so far).

Whatever the limitations you need to abide by, LastPass makes it easy to create a strong password with its Password Generator tool. You can specify how long you want the password to be, what kinds of characters it can contain, and even whether it has to be pronounceable:

So, generate as many passwords as you need and have LastPass remember all of them. Pretty helpful, right?

Final Thought

Securing passwords is just one of many steps you can take to protect yourself online. For example, you can turn on two-step authentication for Google accounts, thereby making your precious Gmail content more secure.

The important thing to realize that nothing is 100% secure. No matter what steps you take, you may end up hacked. Therefore, your goals should be to:

1. Not be the low-hanging fruit (don’t use “password” as your password)
2. Minimize collateral damage (even if one account gets hacked, others are still protected)

Good luck!

You may also like:

• Using OAuth to Protect Internal REST API

• LastPass
• security

Did you love / hate / were unmoved by this post?
Then show your support / disgust / indifference by following me on Twitter!