One password above all

With more and more services requiring you to register for an account, the sheer number of passwords you need to remember is growing. At the same time, though, there are also more security risks to be aware of. Just one password out of all those might not seem like it could potentially do much harm, but in this article, we’ll show you how to make sure it’s secure enough.

One more password, and you no longer need to keep dozens of codes in your head. But only by setting it correctly can you protect your login details from hackers.

Over the last two years, more than 642 million account logins have been stolen from web services databases worldwide. We cannot protect ourselves against such data theft, but we can protect ourselves against the consequences. The attackers’ goal is to read passwords from the databases, which is fortunately made more difficult because most services (where the user is only a tiny part of the equation) store this data encrypted. However, if passwords are short and frequently used, they can be deciphered in seconds, whereas complex, individual passwords of ten characters or more are much harder to crack – if they take the time at all.

And to avoid having to memorize these codes for every website and web service, password safes require you to memorize a single but more complex master password. One such application is LastPass. Although the password database is in the cloud, it is encrypted. To prevent anyone from accessing the unlock key, the program downloads the database to your computer for each use, which takes only a few seconds. The decryption is then done on your computer, as is the uploading of any new data or changes to old data until the database is encrypted locally again by the application and uploaded to the cloud.

Optimal security for our devices

Before installing the password safe, it’s vital to give our devices a thorough security check. While this is time and energy-consuming, we risk attackers gaining access to our LastPass without it.

Protecting Windows systems

Protecting desktops is the most time-consuming task. First, check that Windows itself is up to date with all security updates. In Windows 7, you can do this by clicking the Windows Update icon in Control Panel, then the Check for Updates bar. In Windows 10, you can do this by going to the Update and Security menu in the Control Panel and clicking the Check for Updates button.

As well as patching system vulnerabilities, it’s essential to use an antivirus that’s also up to date. Finally, make sure you are using the latest version of your browsers!

Using Password Manager

We chose LastPass for several reasons. We’ve been using it for a while, and we’re pleased with it. The other is that we can store unlimited passwords in the free version, which is a significant advantage over many competitors.

On a desktop computer

The first and most prominent button on the LastPass site (lastpass.com) is to get the free version. Click on it to download the appropriate add-on for the browser you are using if you have accessed the site from Firefox, Chrome, Opera, or Safari. Of course, this usually requires permission, as you can see in the image below. After installation, the first thing we need to do is enter the master password. This must be very strong, as it allows access to all our other passwords, and it must be one that we can remember; otherwise, we may not lose access, but it is a pain to get it back, which we will come back to at the end of this article. You can quickly check whether your password is strong enough at https://www.security.org, which you should also recommend to your friends who think that 87654321 is a remarkably sophisticated and secure password. If you are serious about Security, it is worth thinking of a motto instead of a password. For example, a not very popular line from a favorite book, in capital letters, with a punctuation mark. Of course, even with a serious computer or a zombie network, it won’t last for trillions of years, but there’s an excellent chance that attackers will look for another target.

After creating your account, you’ll see a tutorial on LastPass, which can help you get started. The first step is to import your previous passwords from your browsers, which can be started by going to More Settings from the safe, then going to Advanced and clicking Import. Usually, you need to do this in the browser you want to import from – but you can also drag and drop from other password vaults’ databases. And it is best to delete the selected and stored codes from browsers where they are much less secure. Also in the Advanced section is the Request one-time passwords section, where you can set temporary passwords in case you want to log in once on an insecure machine or delete them once they’ve done their job. After that, please look at Account Settings, where we first ask to show More Settings. Under Security, enter a secondary email if available (and trusted) and turn on country restriction. Here you can also set up multi-step logins, such as Yubikey’s tools – if you can spare the $1 a month for the premium version. However, to re-enter the master password after logging out of browsers or even the operating system, you have to set it in each browser by clicking on the icon and selecting the Settings item in the local menu, then the Security item in the General tab, under Automatic logout. Using the add-on on a day-to-day basis is much simpler; you can click on the icon to save pages or generate passwords, and if you’re on a familiar site, you can copy your login details to a clipboard or request auto-complete. So after a little extra initial work, you can get online more easily and smoothly.

Account recovery

Forgetting the master password is very inconvenient, but it does not mean losing the entire database. At least if you are adequately prepared for this situation. It is relatively simple to enter your mobile number in Account Settings when resetting your SMS account. If we ever run into trouble, we can either click on the “Forgot your password?” link in the browser toolbar or when logging into lastpass.com to send ourselves a reminder, or we can proceed to recover our account by clicking on the Account Recovery link, where we can enter our phone number and receive a code from recovering it.

If we don’t provide a mobile number, we’ll have a bit more to do, and our chances will be worse. Once we’ve entered our email address when requesting the recovery, we’ll receive a message to start with a one-time code. However, it can only be successful if the browser has previously saved recovery data to the device. This means that you will not succeed if you try on a foreign device if you have reinstalled the system on a new or reformatted hard disk. Of course, if you have disabled this option for security reasons and deleted the local cache of LastPass.

Conclusion

In today’s world of online shopping, banking, and many other activities that require a password, it seems impossible to keep track of all the passwords we need. Thankfully, there are many ways to keep your passwords safe without memorizing them. Use the to keep your sensitive data safe. Better to worry than to say sorry!