The problem with passwords is that you can’t remember them. So you end up re-using the same password or creating simple short ones that can easily be hacked.
As you can see in the table below, any password that has 8 characters can be hacked between 0 second and 39 minutes depending on complexity. What this means is that if your encrypted password is stolen from a compromised website, the hackers will find the real password in less than 39 minutes.
So today you need to use passwords with at least 12 characters and a mix of lowercase, uppercase and numbers to be on the safe side!
Obviously there is no way you can remember 12 character passwords for the hundreds of websites that you use. At my last count I had 550 websites! Only a password manager can do this for you. There are multiple ones available but the one I use is LastPass, which is considered one of the best.
Password managers all work on the same principle. You can read a recent comparison here.
How to set up LastPass
LastPass is free for individual use however you are limited to one type of device: computer browser or mobile app. I would recommend purchasing the Families edition as it allows you to use any device, share passwords between family members, give emergency access of your LastPass vault to a family member and notify you of security breaches where your password could have been compromised on websites where you have an account.
Once you have created your (long and complex) LastPass password, this is the only one you will have to remember. Record it in a very secure place and use two factor authentication to secure your account even more.
To use LastPass you need to install an extension in your web browser on your computer and install the LastPass app on your mobile device. You will need to deactivate the built-in password managers:
For Google Chrome: turn off Offer to save passwords and Auto sign-in. Firefox, Edge and Safari will have similar options
For the iPhone: go to Settings > Passwords > AutoFill Passwords and select LastPass. Android phones would have a similar feature
How to use LastPass
LastPass will offer to provide passwords in Chrome (or your favourite browser) AND in mobile apps.
Example with Chrome
LastPass automatically fills the login name and password. You can select another one by clicking on the three little dots
Example with Apple iPhone
Using LastPass to create new passwords
Let LastPass generate a complex password for you when you create a new account or change your password. This automated way works only on the browser on your PC however you can always generate random passwords in the security section of the LastPass app on your phone.
Using the LastPass Security Dashboard
The paid version of LastPass can analyse your passwords for strength as well as for re-use on multiple web sites.
On the browser version of LastPass click on “Security Dashboard”
This brings the security score window. I still have 28 passwords that need attention. Mostly because they are too short or duplicates of the same website that I need to clean up.
Dark Web Monitoring
In this part of the Security Dashboard you can tell LastPass which of your email addresses should be be monitored on the dark web (the nasty part of the web where stolen data is sold). LastPass will notify you if any of these addresses are found on breached websites. I’ve had several instances where I got notified and was able to change the password straight away on these websites.