Thursday, November 11, 2010

One Password To Rule Them All

About a month ago, Elizabeth and I had our email and Facebook accounts hacked.   A little sleuthing traced it to a Russian group who likely were trying to use our accounts to run a scam, and had gotten our accounts either through a hacked router or through GMail’s normal password reset feature.  We’d been using the same few passwords everywhere (a cardinal sin in online security), and finally got bit.  I caught it pretty quickly, and was able to change our passwords before anything bad happened, but the hassle that ensued, changing all of our passwords for all of our online services had both of us about ready to give up the internet and head for the hills.   As tempting as that was, I decided to look into some alternatives to better manage our personal online security.  I had the following requirements:

  • It had to be secure.  Fort Knox secure.  I was mad at these hackers, and didn’t want it to happen again.
  • The Wife Acceptance Factor (WAF) had to be high.  Poor Elizabeth spent hours resetting passwords and was pretty frazzled.  A solution that was not user-friendly was not going to work.
  • I wanted it to work on my PC, Elizabeth’s Mac, our iPhones, and my iPad.  They all needed to sync up like magic.

After evaluating KeePass, and a few others I landed on LastPass.  For $1 a month, it does everything we could want, on every device, and syncs up seamlessly.  It works by storing all of your passwords in one file that is encrypted using the same algorithms as the military.  You have to remember a single password to get to your other passwords, but this single password can be long, easy to remember, and hard to guess.  The decryption only happens on your devices, so you never actually share your passwords with LastPass.   Once logged in to LastPass, you can see your passwords, but you don’t really have to, because it also supports automatically logging in to websites. The idea is that by only having to remember one password and making it easy to use,  you can afford to change your passwords frequently, use more secure passwords, and not use the same one everywhere. 

If all of this sounds complicated, it’s really not.  In the end, LastPass makes passwords and other sensitive data more secure AND easier to use.  If you’re at all worried about the security of your online accounts, go watch their video, then download and install the free version (only pay if you need to sync between multiple devices).  It’ll step you through the process and soon you’ll wonder how you lived without it.

No comments: