Passwords have gotten out of control. With all the online services I use and all the sites I manage, I have hundreds of them. Over the years, I’ve made my passwords increasingly secure — longer, less like actual words, more complex combinations of characters. In the past year alone, three sites to which I have logins have had security breaches, requiring me to change my password there and on any other sites where I used that same password. Yes, I know I’m not supposed to use duplicate passwords, but with hundreds of logins, I didn’t think I could manage any other way.
The most recent security breach has finally forced me to move to a 21st Century solution, and I’m recommending it to you, to. The concept of LastPass is simple: It’s an online service that stores your passwords securely and automatically fills those passwords for you when you visit a website. It does a lot more, too, including the most important feature of generating long complex passwords, the ones that look like 3&kU9)x28&h63#. Remembering even one of those passwords is tough; having a different one for every site makes it impossible to rely on memory.
Which is why I think LastPass is now essential. The basic service is free; and a premium subscription that adds an app for mobile browsing as well as multifactor authentication options is only $12 a year. Check it out at LastPass.com.
21st Century Password Security
Whether you decide to use LastPass or not, here are some things that you just have to bite the bullet and start doing to protect your online activities and data.
Use Long Complex Passwords
Make your passwords at least 8 characters long. If you use LastPass, make them even longer, because longer is better and you won’t have to worry about remembering them. To make your passwords strong, make them complex. Forget about using recognizable words, or even “disguised” recognizable words like 9um9k!n$. Instead, use a combination of upper and lower case letters, numbers, and symbols.
Don’t Use Duplicate Passwords
Never use the same password on two sites. Never. This is the main reason I moved to LastPass: It’s just too hard to remember dozens or hundreds of strong passwords, but it’s absolutely essential. If one site gets hacked, you’ll only have to change the password on that one site.
Ditch the Docs
I’m willing to bet that you fall into one of three categories of password users: 1) You already use unique strong passwords and store them in a secure, encrypted system like LastPass, 2) you use unique strong passwords but write them down on a sheet of paper or in a Word doc or text file, or 3) you use the same 1 or 2 passwords for everything. If you’re in group 2 or 3, you’re in serious jeopardy. Passwords should never be written or stored anywhere that isn’t encrypted and secured. (By the way, letting your browser remember your passwords is not secure. Ditch this method, too.)
Consider Multifactor Authentication
Multifactor authentication means you have to supply two or more pieces of information to login. This could be a password and the answer to a security question, or a password and one-time code that is texted to your phone for you to enter into a site, a password and a fingerprint scan, or any other combination. Consider using multifactor for financial sites and others that merit extra security.