Stay Safe With LastPass Auto-Change

No doubt, you know that you’re supposed to change your passwords every so often to keep them secure. Nobody I know EVER does this. Maybe we’re all lazy, but the mere thought of changing the bazillion passwords I have makes my head hurt!!!

Enter the LastPass Auto-change passwords feature.

auto-change-password-in-progress

 

How It Works

For LastPass, click on the extension icon in your browser and select My LastPass Vault from the drop-down menu. Choose the account you’d like to change and select the wrench icon. Then in the pop-up window that appears, select Auto Change Password and the process begins.

Granted, it doesn’t work with every website out there, but automating password updates many of the popular sites you use probably makes it worthwhile.

If you’re not using LastPass already, grab the Chrome extension and let Lastpass generate secure passwords for you anytime you need one.

Managing Passwords in Chrome

If you use Google Chrome as your web browser (and you should) you probably know that it can save your usernames and passwords for sites that you visit. But did you also know that Chrome can sync these passwords across all your devices?

Imagine you’ve created an account on your computer at work but want to sign-in from home or even from your smartphone while you’re out and about. This is definitely easiest if you’re using the Chrome browser and signing in with your Google account on all your devices.  Fortunately, you can access all your information from any browser simply by visiting passwords.google.com

ChromePasswords

 

Just sign-in with your Google account, to access a list of all the accounts and passwords you’ve used in Chrome.

You can display the passwords by clicking the eye icon or remove any of the entries aren’t able to change your existing passwords. (You’ll have to visit the associate website to do that.)

If you don’t want your passwords stored in the Google Passwords site, you have two options. Don’t save your passwords in Chrome at all or make them unavailable from the Google website.

  1. Open Chrome and go to Settings – Advanced Sync Settings.
    ( Or enter chrome://settings/syncSetup in the address bar )
  2. Under the Encryption Options, choose “Encrypt all synced data with your own sync passphrase”, enter a passphrase and save the settings.

Disable Google Passwords

Shortly afterwards your passwords will not be accessible via the Google Passwords site. You can always change your mind revert back to the default settings..

#302 Memorable AND Secure Passwords

Since October is Security Awareness month, I thought I’d try to do my part by giving you a pop quiz. (Don’t worry there is no punishment for not passing.)

Which of the following two passwords is stronger, more secure, and more difficult to crack?

D0g.....................
PrXyc.N(n4k77#L!eVdAfp9

Go ahead. Pick one. And no cheating…I’m waiting! 😎

Despite the fact that the first password is infinitely easier to use AND remember, it is also the stronger of the two. You might have suspected this was a trick question so let me explain.

First, both do well by incorporating at least one of each of the four types of characters. (lowercase letter, uppercase letter, number, special character)  This makes a much larger number of possible combinations that a hacker needs to try to guess. (And by the way they can guess them really fast. There are automated password cracking tools that can guess thousands of passwords PER SECOND!)

The difference is that the first password is one character longer which would take 95 TIMES LONGER to crack by guessing.

Assuming you use all of the four types of characters in your password THE MOST IMPORTANT FACTOR IS PASSWORD LENGTH!

Make Your Own Password ‘System’

One simple way to create your own unique, easy to remember passwords is to “pad” your passwords by simply adding some characters to the beginning, middle or end. When used along with a simple password formula we can easily come up with long and memorable passwords that are super-strong AND easy to use!

For example, if I insert the name of the site into a formula like this:

<* + UPPERCASE first letter of the site + & + lower-case letters from the rest of the site name + 23*>

I would get passwords that look like these:

Facebook     <*F&acebook23*>
Gmail            <*G&mail23*>
Outlook        <*O&utlook23*>

So you see, it’s actually pretty easy to make your own custom password system that is memorable and secure. And lest you think hackers don’t care about little old you…you’re probably right. But you have access to a lot of things they do care about like your bank and your company’s corporate network.

Steve Gibson’s Password Haystack page. has the best explanation of this, including a fantastic Security Now podcast.

Check Your Passwords & Password Managers

Since October is Security Awareness month, you should check to see if your passwords are as good as you think and and check out this review of three top password managers. (Personally, I’m a fan of LastPass.)

What about you? How do you handle creating and managing your passwords? Leave a comment and share what works for you.

#279 Are You (and Your Passwords) as Smart as You Think?

For those of you who have followed me over to “the other side”, I can’t tell you how glad I am that you’ve made the journey. Since my new role has brought me into the cyber security world, I thought it would be a good idea to revisit a previous tip on passwords.  One of our human foibles is often over confidence and the fact that we are often unable to recognize their mistakes.  After all, you don’t know what you don’t know, right?

So in an attempt to increase your awareness of what makes a good password I’d like to invite you to take 2 minutes and check the strength of your passwords. As someone who has had an account hacked I promise you that you’ll be glad.

Go Take the Password Test

How did you do? If you passed, good for you. If not, check out how to make your passwords better. Strong Passwords | Microsoft Security

Leave me a comment and let me know how you well you did. Next time we’ll revisit some options for keeping track of all those dang passwords and how you can implement a more secure password strategy AND save time doing it.