012: Passwords and Lastpass

Hi and welcome to The Tech Doctor Network, Episode 12 all about passwords and my favorite password keeper LastPass.

Working in IT, I probably spend more of my day dealing with passwords than anything else. It’s not unusual for me to have to reset the passwords of five to fifteen users each and every day (mostly students)

The reality of the world today is that for the time being, we’re going
to need passwords or passphrases or passcodes or whatever you choose to
call them. In this episode, I’m going to give you a couple of ideas for creating strong, memorable, passwords and introduce you to a system that will mean you’re mostly free from passwords completely.

But before we go there, let’s ask the question: why do we need passwords at all? Put simply, computer systems need a way to identify who we are and until we come up with a better, cheaper way to do it, usernames and passwords are likely here to stay. The first concept I want you to
consider is the idea of passphrases.

A passphrase is a group of four to five words often with a few numbers and
symbols to make the complexity scales happy. Here’s a simple example:

“Welcome 2 the jungle.”

Yes, it’s the title of a wonderful Guns and Roses songs from my
youth, no it’s never been my password on any site. Other than the fact that I just posted it here in this video, it would make a pretty good password. It’s a total of 22 characters long, contains upper and lowercase letters and a number and the symbol: the full stop at the end.

According to Kaspersky’s password website, it could be cracked in 1966
centuries on a home PC. I think that’s secure enough for me.

You could use a favourite poem, song or nursery rhyme. It could even be the names of your first four goldfish.

If you’re stuck somewhere that forces you to change your password frequently, you could incorporate the month or season you change the password into the passphrase itself. The possibilities are endless and the couple of extra seconds you spend typing a longer password will be more than made up for by the time and humiliation saved not having to go to
the IT guy for a password reset.

The second concept is that of layers of password security. Many people will tell you not to reuse the same password on multiple sites and while it’s good
advice, without a password manager it’s simply not feasible for most people. It’s quite likely that at some point in time some of the sites into which you put your username and password will be compromised and those passwords will be shared on the internet. See Episode #019. Therefore people will be able to use those credentials on other sites which is not what we want.

Rather than use unique passwords, I prefer to think in layers of security.
The bottom level is websites that I really don’t care about, where there is
no personal information or financial connection at all. Forums, news sites,
reminders, that sort of thing, often get the same or similar passwords and a low care factor.

Up the list are those sites that hold personal information or act as a password gateway for other sites. Not only is there some personal information there but my Facebook login is also my login for a variety of other sites, although admittedly, most of them are bottom tier sites.

Second tier from the top is sites that include banking, credit cards or government identity. These need to be super secure and unique.

The top of the chain for me holds two passwords: the one for my email and the one for LastPass. Why email you say? Well, most of the other passwords can be reset via my email account, so if someone has access to that, they have access to change almost every password I have.

The last one is LastPass, my password management software. LastPass is my password brain. It remembers all my passwords for me so that I don’t have to. To be fair, I do remember many of the important passwords I need day to day, but for everything else there’s LastPass.

Looking in my LastPass console, it holds passwords for 1535 sites.
each of those sites may hold between one and twenty different accounts.

But how does it work, I hear you ask? LastPass is a web service and browser extension. I’ll cover more about Chrome extensions in another episode soon, but basically, it plugs into Chrome it helps you to get things done.

In this case, it offers to generate truly random passwords for you and then
remember your passwords when you change them. Anytime I go to a site that I have a saved password for, LastPass will either automatically log me in, fill my username and password for me, or if there are many it will sit patiently up in the chrome toolbar waiting for me to activate it and call down all of my saved accounts for that site.

When it sees that I’m signing in to a new site, it offers to remember that site’s username and password for me, as well as giving me a way to generate totally random, really secure but totally immemorable passwords programmatically.

I invite you to give it a try using the link above or the one in the show notes
below. Full disclosure: I’m a LastPass premium user and if you use that link
and sign up for a premium account I’ll get a free month and you’ll get a free
month. Thanks for that.

It’s worth noting before we go any further, that being logged into your Google account and using Chrome will actually do a decent portion of these tasks of remembering passwords but it’s not quite as flexible.

Before I finish I want to share with you a final concept that is gaining traction. 2-factor authentication or 2fa as it’s known. Two-factor authentication is also called universal second factor and it’s
an addition to passwords and possibly a replacement for them that uses something that you have.

You may be familiar with the concept of a text message used to reset a password if you’ve forgotten it. This relies on what is called a second
factor. The first factor is something you know: your username and password, the second factor is something you have: in
the case of a text message your mobile phone. It may also be the fingerprint
reader or facial recognition on your smartphone. These systems add a second layer of security if used properly and are worth considering. LastPass has several that works well with them.

Ok, I hope that was useful. At The Tech Doctor Network, our goal is to help you feel comfortable with your computer. We’re here to guide you each step of the way so you can be comfortable with your technology and make the best use of it.

We release new videos every weekend and we’d love you to subscribe. If you have a question or a comment please pop it in the comments below. I’m here to help you.

Thank you so much for watching.
Have a great day!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.