Thursday, September 17, 2015

If you can remember all your passwords, you’re doing it wrong

You need strong unique passwords. Those that you can't easily remember. That's where a password manager comes in. Security experts use them.

I've been using a password manager for some time now. It improved my browser experience. It's faster and more secure.

I use LastPass to store (client side encrypted) all my login information in the cloud. I use their browser extensions to sync these passwords among my different devices. On trusted devices, like my desktop and laptop, login fields are automatically filled in. On non trusted devices, I need to enter my LastPass password before the fields are filled in.

In addition, and this is optional, I need to insert my YubiKey (USB) and press its button to authenticate with a one-time-password, again only for non trusted devices, which is rare. You could use your phone for this too.

LastPass can also store encrypted notes. These can be used for other passwords and secret information that you want to access from anywhere.

Don't forget your LastPass password ;)

3 comments:

dekus said...

Good post! I'm obligated by work to start using a password manager (to ensure proper passwords being used in the work environment) but haven't found one that actually works cross platform.

Most managers appear to be user-friendly either on iMac/iPhone or pc/any-other-fucking-device.

But I'll give this one a go!

cybrbeast said...

I will look into this. I'm curious how much negatives you have experienced using this. Websites not working maybe?

annom said...

No negative experiences yet.

Also not experienced any LastPass downtime. It's a rather big company with many paying customers, including large companies. They have good reasons and the resources to prevent downtime.

However, you can always do a password reset on sites, if LastPass is down. That's why you should always remember your email password.