Technology Associates Group

I large number of people I know have recently had their Facebook or Twitter (or both) account hacked. Often times, they don’t even know until friends who’ve been receiving their tweets or updates start asking them if they really meant to post pornography. Of course the real downside to having one account hacked is that most people use the same password for different sites, including their online banking. It’s one thing to have your Twitter account hacked; its a whole different story to have someone clean out your bank account.

In truth, some accounts are actually hacked by viruses, but that’s a subject I’ve already handled.

So what are we to do? The good news is there’s an easy process to protect your accounts:

1. Never use the same password for more than one site
2. Use passwords that contain upper and lowercase letters, numbers and symbols
3. Use the above in a random fashion
4. Never type your password on a computer that has any possibility of infection

There, now that you know what you need to do, practice safe computing and have a nice day.

What? That’s too hard? You can’t remember T$d63Fes% as a password? Thankfully, there’s an easier solution – use a password manager.

Password managers have been around for as long as there have been passwords. My first was a little black book that got washed one too many times. My second was a Palm Pilot, that I lost, and that probably got washed too. Fortunately, today’s solutions don’t risk the possibility of loss or accidentally getting washed. There are many to choose from, but the one I want to detail today is from Lastpass.com.

Lastpass is a browser plug-in for Firefox and Microsoft browsers. By default, it replaces the insecure (yes, they are) password managers built-in to those browsers. Your passwords are actually saved on the Lastpass servers, freeing you from the possibility of losing all your passwords because of a computer failure. I know what you’re thinking – “But that gives somebody else my information!” Actually, no. Before any of your passwords are sent to Lastpass, they are encrypted with your master password. Lastpass uses 256-bit AES encryption which is as good (or better in most cases) as the federal government uses. Maybe that’s a bad example. How about “Its what geeks use.” There, that’s better.

There’s a whole lot of techno-babble I could detail and explain, but suffice it to say that Lastpass gives you secure access to really secure passwords. I’m not going to explain how to install it either, find out at their website.

The real beauty of Lastpass is the password generator, which will give you all of the requirements above. When you use the password generator, you can pretty much guarantee you have a secure password. The design of passwords is customizable for websites that support one style of password but not another (upper/lowercase OK, symbols not OK).

Since Lastpass stores EjaJ9LQ$z%Y^ for you, you don’t have to remember it. Simply visit the site you want and Lastpass will automatically fill in your username and password for you (HINT: If it doesn’t automatically fill in your password, press ALT-PGUP which is the key combination to cycle through all passwords for that site).

You’ll still need to go back through sites and generate new passwords to be secure, but Lastpass should automatically detect the password change and prompt you to save it.

“But, what about when I’m not on my PC?”

The lastpass.com website allows you to login and access your passwords from any PC, also granting you the ability to sign-in to a website directly from lastpass.com without ever typing anything.

Lastly, if you don’t trust the PC you’re using – maybe a internet cafe or hotel computer – you can use one-time passwords. These passwords are exactly what they sound like – they allow you to login one time with that password. So, even if somehow, someone captures your password, its useless once you’ve used it. Of course, you do have to set these up in advance.

There really is no excuse for bad passwords anymore. With the Lastpass plug-in and the lastpass.com website, you have secure password management, offsite storage and one-time use protection when you’re not at your PC.

Just remember to use a secure password for your Lastpass password. By the way, Bible verses make excellent passwords (Ephesians6:7, 1Corithians13:4-8).

This entry was posted on Wednesday, June 10th, 2009 at 3:52 pm and is filed under Linux, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.