Stop using that terrible password. Password managers demystified.

  • You have 3 passwords that you randomly choose between for every site you log into.
  • You haven’t updated your passwords in over 5 years.
  • Your password has your pet’s name or your birthday in it.
  • Your password has been on a leaked list but you still haven’t changed it.
  • You accidentally tweeted out your password.

Sean Spicer twitter screen grab tweet reads: n9y25ah7, Gizmodo subtweet reads: Sean Spicer just reeted somethign that looks an awful lot like a password 686 retweets and 1043 likes

Sound familiar? You know your password sucks, but you’re busy, who has time to deal with managing passwords? No one. I sure don’t. Even talking about passwords is boring. I know. I’ll try to make this quick and painless. You should use a password manager.

Password Managers

I started using a password manager a few years ago, and it’s easy, convenient and secure. I use LastPass, but there are other ones out there that are just as good. A number of people I know who use 1password.

A password manager is a program that runs on all your devices and creates and stores passwords for you. I have no idea what my passwords are. They all look something like this:

Lastpass screen. Password: d&B%x0Mxs6Kz52Rm

Are password managers safe?

Lifehacker has a good article on this. TLDR: Yes. Lastpass is encrypted, it has a running list of any sites that are hacked and will prompt you to change those passwords right away, and if you use 2 factor authentication a hacker still wouldn’t be able to access your account if they somehow stole your master password. [edit: there’s a hilarious episode of Reply All where they show how to hack 2 factor authentication, nothing is 100% safe).

But what if Lastpass is hacked? Lastpass has actually been hacked twice already. Here’s what happened last time it was hacked.  After reading about them being hacked, I actually feel safer using it.

Lifehacker has a good run down of other password managers, if you want to shop around.

If you’re thinking you’re fine because you’re using correcthorsebatterystaple, sorry friend, you’re not.

screenshot of xkcd comic - full comic in link

You need a different password for every site. I don’t believe you can memorize so many random words and remember which site they’re for. Go download a password manager.

This is the second post in a monthly series about online security.

Last month I told you how to encrypt everything.
Next month I’ll be talking about 2 factor authentication.