I am a terrible person – but not for the reasons you may think. It turns out part of my terribleness is related to the fact that I only had three passwords or so that I used for the entirety of my presence on the internet. I had known this for years and years. I would occasionally update my passwords – only to change it to one of the previously used ones, or a new password that I would use for everything. It was a shameful state of affairs, and I’m sort of shocked that I didn’t have my identity stolen more than the basic level I experienced that I think everyone gets.
The good news is I am a changed woman. And the scare news about every big leak finally got to me when it was about a data breach called Cloudbleed. Yes, it was a bad breach, but probably not the worst one, but it was sort of the final straw. I’d been hearing for years about how I needed a password manager, but dutifully ignoring that information. Perhaps it was the idea of having my website hijacked – not that there’s a lot of use for that beyond wanting to convince my dozen or so friends who read that that I’ve gone round the bend, but still. So I finally got on that, and made the leap into password management.
I will say that I didn’t do a lot of research before diving in. Mostly because I’d heard of LastPass, and the few articles that I did read about “best password managers” came back saying it was a really good choice. Perhaps PC Magazine isn’t the gold standard in digital/electronics rating and journalism anymore, but I still think being their editors choice for best password manager has to mean something. And this may be an example of confirmation bias, but whatever. I don’t care that much, which is a lie, because I do care about the quality of my password manager, but maybe don’t care so much that I answered my own question before asking it?
In any case, I got LastPass. It’s a free service, and here’s how it works. You sign up at their website, and then download a browser extension which will make it easier to actually get into websites without a lot of going back and forth to copy passwords. You create a master password that becomes the one you use to get into your LastPass “vault” – the place where all your account information is stored. There’s a lot more information on the level of encryption and exactly how/why LastPass doesn’t actually have access to your passwords here, but you can read that for yourself, because I can only trust that it’s good. Theoretically you can upgrade to a premium account for $12/year, but the only benefit I see from that is the ability to store and share information, documents and passwords securely with trusted persons/family members. Which means you’d have to get your people to sign up too. And the Boy isn’t really interested – he’s just too paranoid about “but what happens if LastPass gets hacked, and then you’re totally fucked!” and I’m thinking, “well, at least they’d let me know if someone was trying to get into my account, and also I have crazier strong passwords because of LastPass, which is good. So who knows if I’ll ever convince him.
Theoretically I should have been able to convince him when we listened to the ReplyAll podcast that was about having your password hacked and had a discussion about password security called “The Russian Passenger“. As we drove along together, listening and guffawing at what happened, I found myself for the first time in my life feeling smug – I’d done the things that they’d suggested just a few weeks before. I was on top of things! But something I didn’t know about was the very interesting site ‘;–have i been pwned? It was created by an Australian data security specialist and goes through the information about publicly posted breaches and lets you know if your account was one of them. If you know that you were breached, you can change your password, because chances are – like I used to do – you’re using the same password on multiple sites. So knowing is half the battle. (Also, if you’re interested, there was a creepy as hell follow-up to that podcast episode called “Beware All“, and it will just scare the pants off you regarding internet security)
So yes – I like LastPass a lot. I can use it across multiple computers (having to log into the website to gain access to the passwords in my vault each day), and even on my phone, which requires me to use my fingerprint or master password to verify that it is indeed me. I’m able to set stronger passwords for my accounts with little to no effort, and am able to retrieve those passwords just as easily as if I had them stored in a text file, which I definitely do not have (anymore). Am I scared of having my LastPass account hacked? Sure – but I think the chances of that happening are less than having, say, my ebay account hacked. Using LastPass has also opened my eyes to how many accounts I have online. I’m currently at 67, and I’m sure there are more that I just haven’t logged into in years. Which is sort of shocking. But the entire process of going in and changing your passwords is just eye opening. So…yeah. Highly recommended. Because you know you should have done this long ago too.
Ok – who out there has been putting off using a password manager? Or uses a different one? Who can explain to me in simple terms about how good LastPass’s encryption and security is based off of what they say on their “How it Works” site? And is there anyone out there who thinks I’m dumb for using a password manager because you too are paranoid about someone hacking the password managers?
After doing a little digging, because of Nicole’s comment below, and because I’ve been getting a message on the app on my phone about, “Your LastPass Premium trial will expire in 6 days”, I did a little digging. It turns out that LastPass was giving people 60 free days of Premium, which allows syncing on multiple devices, but that your free account only continues on the first type of device you signed up on (Desktop, mobile, tablet). They weren’t really clear about the fact that (for me) the mobile service was only free for this trial period. Information here in this blog post. Premium service is $12/year, and allows for syncing across all devices, multifactor authentication, and removing ads. That seems like a pretty good deal for me, and considering I spend more money on other frivolous things, I think it would be a dollar a month well spent.
Details: LastPass (free on one platform, $12/year for Premium)