The majority of WordPress website Admins and users use very weak passwords and (SHOCK HORROR!) reuse them on many many different websites. So we all know this is a bad idea, but how the heck ARE you supposed to use strong, unique passwords on all the websites you use? The simple solution is a password manager, such as LastPass.
A password manager is a software application or hardware that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password: a single, ideally very strong password which grants the user access to their entire password database. Password manager – Wikipedia https://en.wikipedia.org/wiki/Password_manager
See here for a great article by Bill Hess on “The Real Life Risks Of Re Using The Same Passwords, and how to Establish a Safe Password Policy….”
What does a Password Managers Do?
Password managers like 1Password, LastPass and KeePass all have the same basic premise and functionality:
they store all your passwords in one “secure” place that is easy and fast to use, while maintaining VERY Secure passwords.
To put it simply, Password managers do these basic things:
- they let you store your login and password information for all the websites you use, then let you log into them automatically.
- they encrypt your entire password database (yes every one) with a master password – this one master password is the only one you ever have to remember
- they generate big long and scure passwords for you with a click of the mouse, and remember them at the same time. Passwords like : 0lSaj%zUS506eyW@
What is a VERY secure Password?
According to the old and traditional security advice, which is still good to this day, a strong password is:
- Has 12 Characters, Minimum: You need to choose a password that’s long enough. There is actually no minimum password length everyone agrees on (but some sites are starting to enforce password strengths), but you should in general go for passwords that are a minimum of 12, but preferably 16, characters in length. A longer password would be even better 🙂
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
- Isn’t a Dictionary Word or Combination of Dictionary Words: We really need to stay clear of obvious dictionary words and combinations of dictionary words. Basically any word, especially English, on its own is bad. Any combination of a few words, again especially English, and especially if they’re obvious or true sentence, is also bad. For example, “horse” is a terrible password. “Brown horse” is also very bad.
- Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either, those days are long past my friend. For example, “H0rs3” isn’t strong just because you’ve replaced an o (letter) with a 0 (number), and a n “e” with a “3”. That’s just obvious and the bots fire past these in milliseconds..
Why not just use your Browser-Based Password Manager?
“Would you like Firefox/Chrome/Opera/Safari/IE to to remember this password?”
All of the current major web browsers – Chrome, Firefox, Safari, Edge, Internet Explorer, and the rest – all now have quite extensive have integrated password managers. None of the built-in password managers however can compete with a full featured, dedicated password managers. As a basic issue, Chrome and IE (and Edge) store all your passwords simply on your computer in an unencrypted form. Hackers and bots could access the password files on your computer and simply view them, unless you encrypt your computer’s hard drive, and trust me, no one does this!
The new Firefox does have a “master password” feature that lets you to encrypt your passwords with a single “master” password, and stores them on your computer in an encrypted format. However, Firefox’s password manager just isn’t the perfect solution, either. The interface doesn’t help you generate long, secure, random passwords and it lacks many of the features, such as cross-platform syncing (Firefox can’t sync to iOS devices).
A dedicated password manager like LastPass stores your passwords in an encrypted form, lets you generate secure. long, random passwords, offers a more powerful interface, and allows you to very easily access your passwords across all your different computers, smartphones, and tablets.
LastPass is a cloud-based password manager with extensions, mobile apps, and desktop apps for all your browsers and operating systems you could ever have in your life (seriously, we use it on Linux machines!).
LastPass is extremely powerful and most importantly it offers a choice of 2-factor authentication options, that way you can totally ensure no one else can log into your password vault without access to your physical phone.
LastPass stores your passwords on LastPass’s own encypted servers in an encrypted form. How this works is that the LastPass extension (or app on your mobile phone or tablet) decrypts and encrypts locally on your machine, and then again when you log in, so LastPass never actually sees your passwords even if they wanted to.
How to get started NOW!
The first thing you need to do is get yourself a free LastPass account which is simple. Get the Trial LastPass by clicking here.
Head over the LastPass.com and download the appropriate software for your machine. Run the application; you should be greeted with a run wizard that talks you through the entire process.
When asked, just tick the check-box(es) of the web browser(s) you want to install LastPass on.
The advanced options gives you a lot more control over the specific aspects of those browser installs (see some of the recommended settings below); skipping this advanced section at this point is fine for most users.
Tick the box to say that you do no have an account and want to create one.
Type in your primary email address and select a good strong password using some of the rules above. You’ll only ever be using this password to access your web password vault and to login once every browser session to the local database, but it does have to be something you can remember!
Now is a perfect time to start using a passphrase instead of a simple password—i.e. TotoWe’reNotInKansasAnymore#2017.
WARNING : We can’t stress this enough on LastPass’s behalf: if you lose your LastPass password you’re completely out of luck, there is NO way to easily recover this. Again, use a strong but memorable passphrase. If you have to, write it down and hide it away.
The next step is that you’ll be asked to import all the passwords from your web browsers into LastPass. There’s really no good reason not to do this. Even if you’ve used “123456” (still the most common password in use today, SERIOUSLY!) for all your passwords, it will in the least build a list of sites you’ve been using insecure passwords on so that you can later go back and update them as outlined below. Once you have had this done, the next step will list all your saved sites, the associated usernames and passwords, and a toggle switch/button for you to select them for importing into LastPass.
The final setup step is to say whether or not LastPass should log you out when the browser closes and whether your LastPass Vault should be your homepage. We strongly recommend setting it to log you out and not using your vault as your homepage.
After you finish your LastPass installation, relaunch any of your web browsers you specified in the 1st step of setup. In the toolbar of the browser will be a dark LastPass icon (which looks like a red square with 3 dots). Login using your email and LastPass password. We recommend that clients let LastPass remember our login/email but leave the password blank. Once you login, the LastPass logo in your bar should switch from dark gray to red and white.
Now Go Ahead and Change ALL your Passwords to Secure ones!
After installing LastPass as your password manager, you should now spend some time and change your website passwords to more secure ones.
One of the reasons we love LastPass is that LastPass offers the LastPass Security Challenge, which identifies the weak and duplicate passwords you should focus on changing. Go ahead and login to LastPass online in any browser and click on the link.
Recommended Security options in LastPass
LastPass also offers a huge pile of security options for locking down your password-manager account and protecting your valuable data. You’ll find these options in the LastPass account settings dialog. Simply log into your LastPass vault (through browser button)and click the Settings button at the left side.
- Restrict Logins to Specific Countries only: pretty obvious this one, where do you live? Never go to China or Russia? Limit them immediately!
- Disallow Logins From Tor: never access the Dark Web? well turn this off then!
- Set Up 2-Factor Authentication: 2-factor authentication is an essential key for fully securing your LastPass account, then even if someone discovers your password, they’ll need access to your physical phone to log in
- Log Off Automatically: if you leave LastPass logged in 24/7 and someone gains access to your computer. well you’re stuffed.. Set LastPass to automatically log out after a period of time – or when you close your browser. We say minimum once a day!
- Use a Dedicated Security Email Address: Have LastPass send recovery-related emails to a special security/recovery email address instead of your normal email address. This way, password hint emails and account recovery emails will all be sent there, and not into your normal email client which may be n your same machine
- Ask for passwords when doing secure stuff: Next, click Show Advanced Settings at the bottom then look under Alerts. Here you can force LastPass to ask for a password before you take some secure actions, such as accessing a secure note. This setting can really protect your most sensitive information> Even better it canbe toggled on and off on a per-site basis
LastPass FanBoys R Us!
As you can tell, we’re huge fanboys and fangirls of LastPass here at The Army of Flying Monkeys – it’s a great service that we recommend wholeheartedly to all our clients.
When clients use a password manager like LastPass, our jobs are much, much easier!