secure passwords

How To Make Your Passwords More Secure Than Your Bank’s Vault (A Productive Guide)

73%

The percent of people who use the same password for multiple sites.

How many do you use? One, two, maybe five?

Your online identity is as secure as the passwords you use. The more duplicates you have and the weaker they are, the more you open yourself to a world of unpleasant opportunities. From your email, to social media accounts, to personal and business financial information, everything online is protected by a string of characters that you use at least a couple of times a day.

But with so many places requiring a password, how can you possibly use a different one and remember them all?

You’d think it’s impossible, but it’s not. You just need the right tool at you disposal. A tool that can store all your password in a secure place, help you protect all your accounts and save you time and make you more productive in the process. Sounds like a unicorn, right? Not really…

Enter a password manager.

Why you should use a password manager

A password manager is a tool that will store all your passwords “in the cloud” (online). Instead of logging into each site individually, you’ll need to login to just the manager and it will take care of the rest. Here is why you should consider using one:

Reason #1 – it is just too easy for anyone with access to your computer to obtain your passwords.

How easy?

As easy as sitting down on your computer and opening your browser.

All major browsers such as Firefox, Chrome and Safari leave your passwords completely unprotected. If you are using Chrome, try this, it will take you just a few seconds. Open a new tab and copy and paste the following into the URL bar “chrome://settings/passwords”. These are all your stored passwords. Anyone can access them as easy as you just did.

A Firefox user? No problem. Click on Tools > Options > Security tab > Saved Passwords > Show All Passwords. Tada. All your passwords for the world to see. From your email accounts, to bank info, to social media, everything is conveniently stored in one unprotected place.

Safari and Internet Explorer passwords can be accessed just as easily. Anyone can Google how to do it.

If anyone can get to your passwords, the very purpose of having them in the first place is defeated. They are meant to protect your information. Having a publicly available password is like building a protective wall around your house and leaving a space opened on one side. Most people won’t notice it’s there, but those that want to rob or TP your house will make good use of that opening.

Takeaway: your need to store your passwords in a secure place that only you can access.

Reason #2 – increased productivity

Using a password manager will allow you to automatically login to the sites that require you to enter access credentials, thus saving you precious seconds.

The usual login process looks like this: you enter the URL, you put your cursor in the username field, you try to remember it, you type it in, move to the password field, try to remember that one, put it in and click on the button below the form.

The process with a password manager: you type the URL, the tool automagically inputs all the needed information and even presses the button for you and logs you in. All you see in reality is a flashing screen for a split second and you are in. No typing, no wasted time.

Plus, you can use it on any computer with an internet connection. When you store all your passwords in your browser, you are cut off from them every time you use a different machine or when you travel. With a password manager you have all your passwords at your fingertips with a few clicks of the mouse whether you are using a different computer of yours, your colleague’s or your parent’s old desktop in the basement.

Takeaway: using a password manager will streamline the login process and save you a few seconds every time you use it. Might not seem like a lot at first, but over the course of time, those seconds turn into minutes and hours of saved time.

How to secure your passwords

Let’s get you set up with a password managers so you can secure all your passwords and become more productive. This way you can sleep like a baby every night knowing your online identify is safe and your time is not going to waste entering login information all day long.

Enter LastPass.

lastpass password management

LastPass is one of the best password managers currently on the market. It is very easy to install and use, has a ton of great features and it’s free. It works with all major operating systems (Windows and Mac) and all browsers (even Internet Explorer). Plus, it is offered in 50 languages so you are sure to find one that suits your needs if English is not your language of choice.

Start by downloading the tool from the official website. Once you click the download button, LastPass will automatically detect your browser and operating system and download and install the correct version of the software.

Once installed, click on Create Account. You’ll end up on a screen that requires you to create a “master password”:

master password

The master password is what you’ll use to access LastPass and all your other passwords. This is the most important password and technically, the last one you’ll ever need to remember (thus the name LastPass).

How to create a secure master password:

  • Unique – create a password that you’ve never used before and will never use for another tool or website
  • Does not use publicly available information – avoid using names of people from your family or even your pets. Same goes with names of favorite sports teams, celebrities or shows. Anyone can figure what those are with a basic Google or Facebook search. Refrain from using publicly available dates such as your birthday, the ones of your family, your anniversary or any other major event.
  • Long – a good password is at least 8 characters long
  • Has unique characters – use of capitalized letters, numbers and special characters will make your password harder to guess

The master password poses a unique challenge. It needs to be easy enough for you to remember, but hard enough for anyone else to guess or crack. Here is a little trick to use that will accomplish both at the same time: abbreviate your favorite quote, song title or phrase. For example, a favorite phrase of mine is “Good, better, best, never let it rest until your good is better, and your better is best”. Abbreviating that using only the first letters of the words will look like this “gbbnliruygibaybisb”. To me this is a motivational saying, to anyone else is a random set of characters. Add a number to it, capitalize the last letter and you have a very secure password.

You can use a song, book or movie title, a quote, a phrase, whatever works best in your case. This type of passwords are easy to remember, but nearly impossible for anyone else to guess.

Once you have entered your master password and email click on Create Account. The next screen will ask you to re-enter your master password to make sure you got it correct.

On the last step of the account creation process, LastPass will ask you to create a form filling profile. This will allow the tool to fill out forms for you in a productive and secure manner. It is a great feature in general, but for the purpose of password management, you don’t need it right now so select “no”. You can always enable it later on.

LastPass is installed. You’ll see it on the top right hand corner of your browser window:

where to find it

Now let’s configure it for maximum security.

Click on the icon and navigate to Preferences:

preferences

Navigate to the General settings tab:

general settings

Check the first box and enter 0 for the time. This way when you close your browser(s), you’ll automatically be logged off from LastPass. If anyone wants to use the same computer after you, they won’t be able to obtain access to your credentials.

Check the second box and enter 60 for the time. This way if your computer is idle for more than 1 hour, LastPass will automatically log you off. Adjust the time to your personal needs. I used to have it at 15 minutes, but if I watched a TED talk or anything longer than that, I had to re-login and it became unproductive to do it over and over again. I found that 60 minutes works best for me. If you use your computer in public places, like a coffee shop or a library, you might want to set the timer for 5 minutes or even less. This way, when you walk away for a short break, your passwords would be secured.

These are the two most important settings to play with. Everything else is optional. Once you have configured all, click on Save and you are all set to start using LastPass.

How to transfer all your passwords to LastPass

Let’s gather all your passwords into one secure and convenient place and delete them from your local computer.

Click on the LastPass icon and go to Tools:

tools

From there, click on Import From:

import from

This will bring up all the places you can import from. Your choices will look differently depending on the browser and operating system you are using, but here are the most common places to consider:

  • Browser password manager – make sure to import from all the different browsers on your computer. It is not uncommon to have saved different information in difference programs.
  • Wi-fi passwords
  • Keychain (if you are a Mac user)

Follow the on-screen steps to import your passwords from all possible places.

Once the import is done you need to delete the passwords from your local computer. Before you do it, it is important to make sure all of them have imported correctly into LastPass. Click on the LP icon and click on My LastPass Vault.  This will show you all passwords. Just give it a quick glance to make sure it is all there before you delete them from your machine.

Here is how to clear your passwords from your browsers:

Firefox users: Tools > Options > Security Tab > Show All Passwords > Remove All.

Chrome users: open a new tab and paste this into the URL field “chrome://settings/passwords”. Click on the “X” next to each password.

Safari users: Safari > Preferences > Passwords > Remove All.

To delete passwords from your Keychain (Mac users only) follow these instructions.

All your passwords are now in LastPass and not on your local computer where everyone can access them. Your online identity is a lot more secure. Now, let’s take it to the next level and protect you even further.

How to perform a security audit with LastPass

Your passwords are stored securely, but that does not make the actual passwords strong. If you are using weak, duplicate passwords, you are only halfway protected. Let’s perform an audit and see where you stand.

LastPass has an option called “Security Challenge” which will analyze all your information and provide you with suggestions on securing it better.

Click on the LastPass icon and select My LastPass Vault:

the vault

On the menu on the left, click on Security Check:

security check

Click on Start Challenge and LastPass will analyze your passwords.

The results screen will provide you with your personalized security score and rank at the top. The score is what you should pay attention to. The higher the score, the more secure your identity is.

Let’s raise your score. Scroll down to the individual site assessment. It looks like this:

individual sites

This will show you how weak your individual passwords are and how many duplicates you have. The more duplicates you have, the more vulnerable you are. If one site has a security breach and hackers obtain your credentials, they can easily use them to access your profiles on all other services. You need to eliminate the duplicates by changing your password on those sites.

How to change your passwords and generate secure ones

Start with the duplicate sites. Click on “Visit Site”. LastPass will automatically fill in your details and log you in. Navigate to where you can change your password. This option will look different depending on the site you are on.

While on the change password screen, use LastPass to create a new and secure password for you. Click on the LastPass icon and click on Generate Secure Password:

generate secure password

You’ll get a pop-up with options for your new password. I use and recommend the following settings:

settings

Click Accept and LastPass will automatically fill in the password field for the site you are on.

Once you save the new password, you’ll get a prompt from LastPass asking you to confirm the change.

confirm change

Click on Confirm and you are all set. You have successfully changed your password with a more secure one, eliminated a duplicate one from your list and it is all saved in LastPass

If you run through the Security Challenge again, you’ll notice that your score has went up.

Repeat the same process for all other duplicates and weak passwords. Depending on how many sites you use, it might take you a considerable amount of time to do it initially. After you do a couple, it gets tedious. Do it in chunks. Dedicate a few minutes every day to going through the process and changing your weak and duplicate passwords. This is also a pretty good activity to do while you have a few minutes in between appointments or while on hold on the phone, or even during the holiday downtime.

Every time you sign up for a new website, use the same process to generate a random secure password and save it into LastPass.

Bonus step (for all your super-achievers)

You’ve imported your passwords from your browsers and keychain, but there is another place that contains a lot of them. A place you might not to even consider to look in. Your email.

A lot of the services you sign up for send your access credentials via email. This means that your inbox contains a good amount of usernames and passwords.

There is no way to bulk import them so you’ll have to go though the process manually.

Open your email and do a search for the following keywords: password / pass / user name / username / access / credentials /.

If you are a Gmail user copy and paste this into the search box: password OR username OR “user name” OR pass OR credentials OR access.

When you find an email that contains access information use it to login to the respective site. LastPass will offer to store that information. Once it is saved, go back and delete the email.

This process will take out sensitive information out of your inbox and store it securely with all your other passwords.

Over to you now

Password management. Not the most exciting topic. But it is an activity that needs to be done, regularly. So much of your life is online, protected by a password that you cannot simply ignore the need for making it as secure as you can. It does not have to be hard. Tools such as LastPass make the process. not only more secure, but easier, and more productive than saving the passwords locally.

Be proactive. Change your passwords. Store them securely. Your will sleep like a baby at night, knowing your information is protected and it will stay exactly that, yours.

Do you use LastPass or another password managing service? Share your thoughts and questions in the comment section below: