I have a confession to make, I only recently started using a Password Manager. I don’t really know why I had taken so long to start using one, I think because I thought it would be difficult and I thought my passwords were obscure enough that they were not really readable or attributable to me. But that is not enough as seen by the recent feature added to Troy Hunt’s Have I Been Pwnd? site. The new feature allows you to search 306 million passwords that have been compromised. Luckily none of my old passwords have been compromised but it was enough to get me thinking.
I have been following Troy Hunt’s blog for some time now and he writes a lot about good password use and password managers. Click Here to see all the blog posts by Troy on Password use. So from reading Troy Hunt’s posts and now seeing the vast amount of data for passwords that were out there, I finally decided to give a Password Manager ago.
I am a huge fan of being able to switch between my mobile phone and my computer using Google Chrome is great as it syncs across devices to allow this to happen. So naturally I wanted a password manager that did this for me as well. LastPass offered this feature and its Premium features (mostly sync) are cheap and only cost $12. I must say I am happy with my choice.
After choosing my password manager I was off to my various internet accounts to start the process of changing all my passwords (and enabling two factor authentication while I was at it!). LastPass was fantastic, when I got to the screen to change my password, I simply clicked the little LastPass icon in the password field and LastPass’s browser plugin would present me with a completely randomised password. I can configure the password to my liking including length, characters and values and then its done. The password is entered into the screen and saved to my LastPass account. That easy!
Logging in is the exact same way, some times I do not need even need to enter in my username, LastPass detects the website and automatically enters the username and password. This seems to be much easier than before I even had a password manager.
On my mobile device the process is a bit different, but just as easy. I open up LastPass (I can log in with my fingerprint if enabled on your phone) I find the account I want and copy the password. I go to the app or website I am logging in to and simply paste my password.
Do I know my passwords? Not at all, but as Troy Hunt says, the only secure password is the one you can’t remember. Where having a password manager really earns its money is in the event of a data breach. Say you have signed up to be notified of a breach via Have I Been Pwnd? and you get an email informing you that LinkedIn has had a compromise and you should change your password. If you were re-using the same old password time and time again, you may just decide to increment the number in your password. The is not secure and hell, you may even forget the new number in your password and need to reset it again anyway. However, if you are using a password manager this process is extremely easy! You simply just generate a brand new random password and save it. Done, quickly and securely.
So if you haven’t taken the plunge to use a Password Manager yet do it! Trust me you will not regret it.