“The Last Password You’ll Have to Remember!”

LastPass Logo

Amber Gott, Online Community Manager for LastPass.com joins Jim and Rich to talk about online password management and security. Online security has always been a hot topic, and it’s only going to be more so as time goes on. With that in mind, there’s never been a better time to look at how you’re handling your online presence, specifically the passwords you use for site logins, be it a gaming site or commerce such as Amazon.com.

Listen Mobile:

To start with, people are known for using the same password across multiple sites because it’s too hard remembering all the site/password combinations. Or they have a similar reason.  Quite often, they use very simple passwords that are easily guessable. Passwords such as ‘123456’ and ‘password’ are just plain horrible choices.  Dictionary-based passwords such as ‘smellycat’ are not much better.  They’re way too obvious and lack any level of complexity that would prevent someone from cracking them. So this presents a huge security hole, one that could cause a lot of heartache, not to mention significant financial loss. And yes, this stuff really happens. Every single day!

This is where LastPass comes in. LastPass is a secure password manager that integrates with your favorite web browser for the purpose of managing online sites and passwords. It stores those sites and passwords in an encrypted vault which you alone can access. All that’s required of you is to remember a single master password. And while you’re at it, you really ought to make it a complex password, one with at least 8-characters, though longer is always better. And it ought to contain at least one each of the following:

  • caps and lower-case alpha (A-a)
  • numbers (0-9)
  • special characters such as ` ~ ! @ # $ % ^ & * ( ) _ + ; : ’ ” \ / | < >

so you end up with something like this:

Z*&e#sDM6d9cQ

…because this password is the key to your online kingdom.  Oh, and you’d best not forget it because LastPass keeps no record of your password whatsoever. That’s right.  There is no ‘answer a secret question for a password reset’ workaround.  And this is by design.  Your master password stays with you. When you type it in, it’s concatenated with your username (email address), and then hashed with SHA to create an encryption key. This is the key used to encrypt/decrypt your vault locally, i.e., the process takes place right there on your computer.  Not online.  That means you never have to worry about someone at LastPass accessing your vault.  They wouldn’t, of course, but more than that, they can’t.  You alone hold the master password, and your key never leaves your computer.

And what about credit card numbers and shipping information? Do you dislike typing out all that stuff when making an online purchase?  LastPass has you covered there. Create a new Form Fill Profile to hold such personal information as name, address, gender, birthday, SSN, credit card number, bank account routing number, and any related notes you’d like, and LastPass safely stores this alongside your passwords in the vault.

LastPass offers free and paid subscription versions.  The subscription is dirt cheap at $12/year.  What do you gain?  Take a look at this comparison page, and you’ll see that phone/mobile apps are one additional feature. Yubikey support is another. Yubikey provides one of a number of ways to implement multi-factor authentication, something which provides an extra layer of security for logging into LastPass when you’re at less than ideal location such as a hotel, public library, or any open wi-fi.

Is it time to secure your online life?  You bet it is.  So head over to https://lastpass.com and get started by hitting the Download LastPass button and grabbing the installer.  Once you’re done with installation and setup, take the LastPass Security Challenge.  That’ll show you just where you stand with your own online password security, and what you can do to improve it.

You’re going to love the “…password manager that makes browsing easier and more secure.”

 

-Rich

 

Rich’s RPG is a podcast hosted by Jim Collison and Rich O’Neil in Google+ Hangout. We talk tech with like-minded folks, covering stuff that’s interesting to us. No outlines, no agenda, no worries. And we welcome newcomers. Got your headset and a bit of free time? Join us on the show by contacting us at: podcast@theaverageguy.tv or rich@theaverageguy.tv

Jim’s Twitter: http://twitter.com/#!/jcollison

If you have a product or a topic you would like us to discuss, please tag your articles in Delicious using the tag “TheAverageGuy”.

Check out other great Podcasts from the Average Guy Network at http://theaverageguy.tv

Podcast intro and exit music is used by permission from “In the Shadow of the Great Machine” by Fool’s Chaos. Hear more great tunes at Fool’s Chaos!