By Helen Robinson | CSMNG Contributing Writer
World Password Day isn’t until May, but you can get a headstart and avoid disaster by ditching “123456,” “qwerty123” or — yes — “password” as your password.
If you’re leaning on “sunshine,” that’s also in 2018’s Top 10 Worst Passwords, and hackers probably have your number. (Coloradans: Hackers also know “gobroncos” is a favorite in the Centennial State.)
No matter who you are, experts say it’s past time to start using a password manager, and close cybercriminals’ favorite security gap.
“Passwords is one of the things that we all can do better,” said Rodney Gullatte Jr., certified ethical hacker and founder of Firma IT Solutions. “I don’t think anyone’s perfect with passwords unless they have every single password in a password manager and they’re updating that on a quarterly basis.”
The Pew Research Center found just 12 percent of Americans have ever used password management software, and only 3 percent rely primarily on password managers to store their passwords.
In 2017, password security company Dashlane reported the average American has 200 accounts requiring a password, while LastPass put the number at 191. That’s expected to double within five years.
Four hundred passwords sounds daunting — but setting up a password manager does too. So here’s a step by step through the process with LastPass, rated one of 2019’s top password managers by CNet, Digital Trends, PCMag and Tom’s Guide.
The basics: With LastPass — and similar password managers — all you have to remember is your master password. LastPass remembers the rest.
LastPass works on all major platforms so you can switch between computer, laptop and smartphone. Syncing between devices is included with the free version — save a password once and it’s instantly ready on all your devices.
I signed up for the free version of LastPass, but you can also choose from Personal (Premium or Families) and Business Teams (for simple team sharing) or Business Enterprise (for IT level control).
Go to the LastPass downloads page (lastpass.com/create-account) and sign up. First, enter your email address — one you can easily access, because that’s where LastPass will send your verification email.
Next, create a strong master password. This is the password you’ll always use to access LastPass. It’s the key to your kingdom, so make it uncrackable — and unforgettable.
Despite what you’ve heard, the best passwords aren’t a long jumble of uppercase and lowercase, numbers and symbols. Cybersecurity experts — and LastPass — recommend a “passphrase.” That’s a sequence of random words and characters strung together to create a password — at least 20 to 30 characters. Use a combination of words and characters that only make sense to you, so it’ll be easy to remember but hard to guess. LastPass gives examples: mydogfido’sbirthdayisnovember19 or Yellowcatbaseball…newyork
Install the extension for your browser. It’s available for Chrome, Safari, Firefox, Opera and Explorer. When installation is complete, you’ll see a new icon in your toolbar.
If you don’t see the icon in your toolbar, you’ll need to enable the LastPass browser extension. For Chrome, click the Customize Toolbar icon > right-click the LastPass icon > Show in toolbar or drag and drop the LastPass icon into your toolbar.
Next, save your passwords in the LastPass vault. The easiest way (and the way I wish I’d found first) is to use the internet as usual, and save your passwords as you log in to each site. That way you don’t have to set aside time to think of the sites you need and the passwords you don’t remember.
When you log in to a site, click the LastPass icon by the password field and confirm that you want LastPass to save the password to your vault. Any time you return to that site, LastPass will fill in everything for you.
LastPass also helps with sites you haven’t used before by generating random passwords for you and storing them in your LastPass vault. When you’re creating a new account, just click the LastPass icon to use the “generate and fill” option to make a new password. You can even click “more options” to tailor things like length and which special characters to include (see more at youtu.be/_Hlen9eeWi4).
If you’ve previously relied on your browser’s password keychain or used another password manager, you can import all your login and password info straight into LastPass. Visit support.logmeininc.com/lastpass/help/import-passwords-from-other-sources-lp040003 for details.
Now it’s time to fix your weak passwords. Here’s where you’ll find out how bad your password habits are. The LastPass Security Challenge helps you identify weak passwords and those you’ve (unwisely) used on multiple sites. The Security Challenge helps you audit passwords and create stronger ones — with no double-ups.
In your browser toolbar, click the LastPass icon, then click Open My Vault in the dropdown menu. Click the Security Challenge tab. Click Show My Score and re-enter your master password.
LastPass will show your Security Score, your LastPass Standing and your Master Password Score. It will then guide you through four steps: Change Compromised Passwords; Change Weak Passwords; Change Reused Passwords; and Change Old Passwords. Click on each section to expand it and see which passwords LastPass recommends you change.
For many sites, LastPass can automatically change your password. Click the Auto-Change button and LastPass will create a new (long, randomized) password for that site and save it for future visits.
The LastPass icon in your browser will also alert you to password issues as you visit sites. When you see a red alert number over the icon, click to find out what should be fixed. An example: “LastPass has detected that you have used the password for this login on other sites, too. We recommend going to your account settings for this site, and creating a new password.”
LastPass can securely store your credit card information and address for fast checkout in online stores. To set up: Click the LastPass icon in your browser. Select Form Fills > Add Form Fills. Enter the information you want to store. It’s encrypted along with your passwords and other data.
You can add multifactor authentication to your LastPass account so that your master password alone isn’t enough to log in and access your LastPass vault. To set up:
Click the LastPass icon in your browser and select Open My Vault. Click Account Settings. Click the Multifactor Authentication tab. Click the pen icon next to your preferred authenticator and set the “Enabled” drop-down menu to Yes. Follow the directions.
So that you can access LastPass from your mobile devices, download the app for iOS, Android or Windows phone.
I haven’t dug into LastPass’ other features — yet — but there are options to share passwords with other people, grant emergency access to your account, and securely store digital records and notes (think insurance cards, Wi-Fi passwords, memberships).