The hacker has just spent the last few hours tinkering with a new password hacking tool she has created. The results are fantastic. After hitting a few business and social media servers, the hacker can now post the results to the dark web and make a few dollars. First, the hacker wants to have some fun.
She runs the tool and immediately gets the password from a social media site of a young man living in Texas. She giggles a little to herself at the password-iL0vecoffee! Seriously? Recently married, the young man is smiling happily in his profile picture standing next to the beautiful bride. She glances down at the young man’s bio and clicks the link to get more acquainted with her latest victim-DoD contractor, likes to travel, and has 3 other social media accounts. The hacker opens another browser window with 3 tabs and visits the other sites. She immediately tries the same login credentials from the current site on all 3 accounts and is granted access to 2. The other account she will worry about later. She has to visit a few popular online shopping sites and see where else these credentials grant her access.
Within 20 minutes, the hacker has a pretty good idea of the young man she has just “hacked.” His shopping habits, his social media likes/dislikes, and most of his contacts are in her possession. His usernames and passwords are all basically the same and as luck would have it, one of his email accounts has information on one of the banks he uses. The hacker decides to keep tabs on the young man, see what else she can gather over the week, and then make a few purchases courtesy of her new acquaintance.
The scenario above is fiction, but the reality is problems can arise when a user’s login credentials are compromised. I have constantly fought the mind games associated with coming up with good passwords and the convenience of not having to remember every sequence of capital letters, special characters, lower case letters, and numbers that passwords must have in order to make a hacker’s job a little more difficult. I admit that I have committed one of the deadly IT sins predominantly described in the tale above-using the same password for similar sites. However, after getting a recommendation from a friend and doing a little research, I have finally started to use an app called LastPass, which helps with this issue.
One thing to always keep in mind with regard to any app or program is that nothing is infallible when it comes to IT security so taking individual precautions and looking for odd occurrences in accounts is always advised! And definitely, change passwords often. Other actions I take are making certain my browser cache and history are cleared when the browser is closed, and I verify that my LastPass username and master password are not saved in the browser extension.
LastPass is a very simple to use password vault that provides other nice features. These features include a random password generator, the ability to organize vault items in folders for easy lookup, and the option to store other items, such as secure notes, social security numbers, credit card numbers, addresses, etc. LastPass offers all this in a package that is mostly free of charge. Personal users can pay for the LastPass Premium and LastPass Families options if they choose. After a few weeks of use, I have not missed the other options included in those packages. In a nutshell, users need to install 2 things to make use of LastPass:
- The LastPass mobile app.
- The LastPass browser extension. I use mostly Chrome and Firefox so I installed the extension on both browsers on my machines. The extension shows up on the top right of the browser window, displayed as a red box with 3 white dots.
LastPass allows a user to securely store all their passwords for every website that they have a login. I found adding credentials to LastPass easier on a desktop or laptop compared to the mobile app. To add credentials for a site, visit the site, enter the username and password, and log in. The LastPass extension will automatically prompt to add the site’s credentials if the user has logged in to LastPass. Once confirmed, LastPass will either automatically fill in the credentials for that site or it will provide a little icon in the text boxes for the username and password so a user can click them and select the account in LastPass that should populate the textboxes. Once accounts have been added, they can be shared with another person with a LastPass account. Click the “Share” icon on an account’s tile in the vault and enter the other user’s email address. If they accept, they have access to that account’s information. The sharing option has been fantastic for my wife and I!
A very nice feature that I absolutely love is the random password generator. I loathe having to create a new password for every website. LastPass makes this task simple. When signing up for a new account on a website and coming up to the dreaded “Create a Password” section of the web form, a user can click the LastPass extension, select “Generate Secure Password”, and copy and paste the password provided into the form. LastPass will store the new account credentials in the user’s vault. The great thing is the password is random, unique, and more secure than what the user may have come up with on their own! There is no need to remember that password because it is in the user’s vault which is accessed with the user’s LastPass username and master password. After setting up all my accounts in my vault, I went through each stored account and used the password generator to change every single one to a unique password. Consequently, I no longer have similar passwords across accounts.
After adding most of my Internet accounts to LastPass, I have 50 items in my vault. LastPass does have a search feature at the top of the vault window that filters as a user types. For folks who desire more organization in their vault, vault items can be placed into folders. Each account has a wrench icon that can be clicked to edit the account details. One of the details in the edit window is named “Folder”. Simply typing in a new folder name is all that is required to create one. The edited account will now be associated with that folder. The folder will also be available for all the other accounts. Why is this nice? Since organizing my accounts in folders, I find myself opening my vault in a browser tab and using that as my homepage for launching other tabs to browse the Internet. For example, I will expand my “social media” folder with Facebook, Twitter, Instagram, LinkedIn, and Goodreads and launch their own browser tabs from the vault. In addition, instead of remembering what the name of the account is, I can now search the folder name to find it.
LastPass is a great tool for storing other important information. A user can add their personally identifying information, such as their address, social security number, phone number, etc. This facilitates filling out forms that web surfers inevitably face in their daily Internet experience. One can store their children’s personal information, such as a social security number, for access anywhere. Any parent knows that anything from visiting the doctor to enrolling a child at school requires their social security number. Having it securely stored on a mobile device is very useful. Also, keeping that pesky bank routing number in an easy to find place makes virtual money transfers a lot quicker. Being an avid user of Google Keep, I find the secure notes of LastPass a very good alternative.
I have been using LastPass for a few weeks and have found it extremely helpful. I do not work for LastPass, I do not get paid by LastPass, and I do not have any stake in LastPass’ success. I do hope it stays around so I can continue to utilize its functionality for my personal use to make my online life a little safer and a little more convenient. If having multiple login credentials to multiple websites has you reusing passwords, creating passwords that are easy to guess, or having to constantly reset forgotten passwords for sites you may not visit often, LastPass may be worth a try!