Every few weeks, we hear the news that another major website has been hacked. Often these hacks mean your personal information has also been compromised. In this post, we cover the important reasons for why you should use a password manager to protect your online identity, and how to get started with LastPass, a free password manager.
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access their account–a username and password.
As an online security best practice, you need to have long, complex and unique password for every web account you use.
Strong passwords need to be:
Long – The more characters in a password, the longer it would take a hacker to guess your password.
Complex – By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
Unique – You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important for your website?
If you use the same email address and passwords for multiple websites that you log into, what happens when one of those websites gets hacked?
Your email address and password is now on a list that will be used to try to log into other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Keeper Security’s list of the most common passwords of 2016. Do you recognize any of them?
|1. 123456||10. 987654321||19. 555555|
|2. 123456789||11. qwertyuiop||20. 3rjs1la7qe|
|3. qwerty||12. mynoob||21. google|
|4. 12345678||13. 123321||22. 1q2w3e4r5t|
|5. 111111||14. 666666||23. 123qwe|
|6. 1234567890||15. 18atcskd2w||24. zxcvbnm|
|7. 1234567||16. 7777777||25. 1q2w3e|
|8. password||17. 1q2w3e4r|
|9. 123123||18. 654321|
Password Managers vs. Browser Password Storage
Note: While most major web browsers today will offer to remember your passwords and fill them in automatically for you, this is for convenience and not security.
A Password Manager such as LastPass not only remembers your login information, but also helps you generate long, complex passwords and stores them and other information securely.
LastPass vs. Other Password Managers
There are several excellent options for Password Managers available:
Ultimately, using any one of these password managers is a good choice, but we recommend LastPass because it offers the most value in free vs. paid features.
Getting Started with LastPass
In this next section, we’ll cover how to get started with LastPass.
Creating an Account
Click the Get LastPass Free button in the header at lastpass.com.
Walk through the steps to create your account.
Your LastPass Master Password
The most important part of this process is creating your master password.
This password is the master key to all the other passwords in your account.
It’s the only one you need to know, so make it memorable but secure.
Example: Al@b@m@Cr!ms0nT!d3 (and, no that’s not my real password ?)
All your information is encrypted based this Master Password. Not even LastPass can access your info without it – so don’t lose it!
Note: It’s a good idea to enable two-factor authentication for your LastPass master password.
Setting Up the Browser Extension
At the beginning of the account setup process, you will also set up your software (or go here to download the LastPass software
Download and install the Universal Installer for your operating system which will set up the app and extensions for every web browser you have installed.
The LastPass icon should appear on your browser next to the search bar
Once you log in, LastPass is now ready to save new logins.
Importing Existing Passwords
If you’ve been using your browser to store passwords, you can usually import them into LastPass without a problem.
Click the LastPass icon in your browser and choose Account Options.
Then click Advanced and then Import.
You should see an importer for your browser that will step you through the process.
Be sure to turn off saved passwords on your browser when you’ve finished the import because you’re using LastPass for this job from here forward.
If you’re not sure how to do this, just Google something like Turn off password saving in Chrome
Note: if you’re a Mac user, Keychain passwords can’t be directly imported due to the security Keychain uses to store data.
How to Add and Save Sites
Adding Sites Automatically
Whenever you log into a website that is not yet saved in LastPass, it will prompt you with a request to add the site to your LastPass Vault.
Click Add and your login will be saved for future use.
Creating an Account on a New Website
When you create a new account, LastPass recognizes this process and will prompt you to store the information.
On most sites, you should be able to pre-fill information you’ve stored as a Form Fill (see below).
You should also be able to generate a random password by clicking the circular arrow icon in the Password field and click Generate and Fill. This should fill the password and confirm password fields.
Adding Sites Manually
You can add a site manually by clicking the LastPass browser icon
Select Sites then Add Items and then select Password to open a window where you can enter your login information.
This is particularly useful to save websites with nonstandard login code that is not recognized by LastPass’ automatic saving system. This does happen from time to time.
Pre-Filling Website Logins
Once a website is stored in LastPass, when you visit that site again and attempt to log in, you will see the gray LastPass 3-dot icon in the username and password field.
Click the icon and select your login to prefill the login form.
Note: in cases where you have more than one login for a website saved, you will see a number on the LastPass icon indicating how many logins for that site exist in your Vault. Click the icon and select which login you’d like to use.
The LastPass Vault
Your vault is where all your secure items are accessed, including website logins, form fills, and secure notes. Access the vault by clicking the LastPass icon in your browser and choosing Open My Vault.
What you should know about the LastPass vault:
Add sites and secure notes by clicking the (+) icon at the bottom right
Search and sort logins into folders easily
Access your Form Fills
How to Fill a Form
Set Up Form Filling
From the LastPass Vault click Addresses in the left menu and set up your information.
Do the same for Payment Cards and Bank Accounts from within the Vault.
You will be able to select saved information when you fill a form on a webpage.
Filling a Form Automatically
Once your information is set up in the Form Fills area, LastPass will place a form filling icon (looks like an ID card) at the top of any web form it can fill.
Click that icon and your form will be automatically filled with the information in your vault.
Note: LastPass may notice information you fill manually and offer to add it to your Form Fill information so you don’t have to manually fill it next time.
5 Nifty Things You Can Do Once You Set Up LastPass
1. Generate a Strong Password
If you have a need to generate a strong password, just click the LastPass icon in your browser and Generate Secure Password.
Note, you can set the password length and what kinds of characters are allowed (which is helpful on some sites that inexplicably don’t allow special characters)
2. Take the Security Challenge
Once you’ve used LastPass for a while and have stored a number of logins, open your Vault and click on the Security Challenge.
This process evaluates your password strength, checks for known compromises and allows you to automatically change your passwords for many popular sites. Running this process from time to time is a good practice.
3. Start Using Notes
Secure notes allow you to save information other than website logins securely in your LastPass Vault.
You can store driver’s license info, passports, etc. as text information and also upload attachments like photos for each one.
Since this information is accessible on a mobile device as well, this is an excellent way to make these kinds of information available anywhere securely.
To set up a Note, open your Vault and click Notes in the left menu.
4. Set Up Sharing
You can share some or all of your saved logins with other users by setting up Sharing in the LastPass Vault.
Open the Vault and click Sharing Center in the left menu.
Then set up a shared folder and invite users to access it.
Any site logins you add to that shared folder will be available to the users invited to that folder.
Note: shared passwords cannot be copied, only automatically filled by LastPass.
5. Set Up Emergency Access
What happens if I get hit by a bus? By giving trusted friends or family emergency access to your LastPass account, you can allow them to access your account after a pre-defined wait time.
In the LastPass Vault, click Emergency Access in the left menu.
6. Set Up Two-Factor Authentication for Your Master Password
As an added measure to a strong Master Password, you should really set up two-factor authentication by using LastPass’ own authenticator or one of several other industry standard two-factor authentication options.
To set up two-factor authentication, access your Vault, click Account Settings in the left menu, then choose the Multifactor Options tab at the top.
Select your preferred provider(s) and set it up.
LastPass Free vs. Premium
As you can see, LastPass Free has everything you need to securely store and fill passwords on a single kind of device (for example: a Mac computer, a PC Computer, an iPhone, an Android Phone).
But if you want to access LastPass on different kinds of devices, you will need to upgrade to LastPass Premium for $24/yr. LastPass also offers Business and Enterprise versions that focus on a single bank of passwords accessible by users.
Watch the Video: Getting Started with LastPass
In this webinar video, we walk through how to get started with LastPass, as well has how to take advantage of several of the great password manager features.