In this digital world, you need a username and password for everything. With the recent breaches that have been in the news lately, a common recommendation to protect yourself is to use unique and strong passwords for your sites. But if you're like us, you have a zillion sites that you have usernames and passwords for. How do you keep track of it all? Get yourself a password manager.
Password managers come in various shapes and forms, but the long and short of it is this: They are there to store your passwords in an encrypted form, protected by one master (and hopefully hard to guess) password (some of them support two factor authentication). They will also help you generate and use random passwords on a site so that if that site is hacked, you won't have to change your passwords everywhere, just on that one site.
As you can imagine, here at Weston, we deal with a lot of passwords every day and we take protection of those password pretty seriously. We have an encrypted database of passwords that requires multiple unique usernames and passwords to access, and is only accessible when logged into our network. When a client no longer uses our services, we obliterate those passwords out entirely as well. We are also implementing two-step verification on many of our tools, locking things down further.
But what if you're looking for something for just your personal use? Asking around the office, everybody has their own way of doing things. We have some folks who are keepass (or the keepassx port). Some folks in our office are 1Password users. Some are LastPass users. Some of the folks have their own convoluted system that they start to describe it and it makes my head hurt. Some folks use the method described in this XKCD comic.
I won't go into the pros and cons of each system, as there are loads of good reviews and discussions that compare the systems. For example:
They're all good systems when setup right, and using any of them is better than nothing. Any anything is better than letting Internet Explorer or Firefox save your passwords, which are easily visible with a simple utility for Internet Explorer or Firefox.
I personally am a LastPass user, and my biggest reason for choosing it? It passed the Wife Test.
My wife is a lovely woman (celebrating 15 years of marriage this month). But she wants her technology to Just Work and gets annoyed when it doesn't. At the same time, I also want our technology and our digital life to be as fully protected as possible. From a technical standpoint, LastPass has browser plugins for all the major web browsers (including mobile browsers), supports two factor authentication, is accessible anywhere (which some consider a con, but I consider a pro), uses ridiculously strong encryption and has a load of other lockdown features.
But for me, the clincher was that it just works and it hasn't annoyed my wife. She logs in once with our really long (but easy for us) password, and she's good to go for her session.
Is it perfect? No. Unlike many of the tools, it costs some money for some of the features ($12/year) and recent interfaces changes have irked some users (they haven't bothered me, but I can see how they would). And yes, the thought of having our usernames and passwords in the cloud scares me a bit, but LastPass has always been open and honest about how their security works and it makes a lot of sense to me.
But it works for us, and I sleep a bit better knowing that when a site gets compromised that I don't have to worry about anything other than that particular site's password.
If you're interested, you can get a free 30-day trial of the premium version of LastPass by signing up here (full disclosure: I'll also get a free month added onto my Premium subscription).