Tap That App: LastPass and Password Management Apps To Secure Your Online Life
This week's Tap That App is all about your life online, and how quickly to protect it from all crashing down at once. It's Tap That App's password manager special!
Password managing apps are essential nowadays. If the Heartbleed bug, the Russian password hacking ring, or the almost weekly major cyber security breaches at big name websites aren't enough to convince you to begin taking your password security seriously, nothing will be. Good luck, you're on your own.
However, if you have an hour of free time and a willingness to fix a sloppy password history -- either because you realize you've got the same password on a dozen different sites and/or because you realize you're going to be using the Internet for decades to come and might as well take an afternoon to make your accounts as secure as possible -- this is the Tap That App for you.
There are many highly recommended password manager apps out there. Most are free or very low-cost, most work across platforms including mobile, and almost anything will be more secure than using your browser's built-in password tools, or of course using no system at all. KeePass is great for multiple platforms, and it's free and open source. 1Password costs about $35 but is great for people with Mac and iOS devices and offers an easy and good looking interface, plus a lot of security extras. And RoboForm Everywhere costs about $20 per year but allows you to secure as many computers as you want.
All of these password managers offer the same basic function that LastPass offers, which is free for desktop and $12 per year for mobile. We particularly liked LastPass for its extra security-check features, but we'll use it as an example that you can follow up with any of the previously mentioned password managers.
Setting Up Your Password Manager
If you have a history of using the same or similar passwords across accounts (who doesn't), you'll need to take an hour out of your day to fully secure your passwords. There's no way around it, but LastPass offers a system that makes it as fast and convenient as possible to secure your accounts.
First, download and install LastPass on your computer. Password managers primarily work on web browsers, so don't be confused when it only installs as an extension or plug-in on your browsers. Once installed and opened, LastPass will ask if you have an account already. You probably don't, so go through the process of setting up LastPass with your main email account and the strongest, most personally memorable, unique passphrase you can think of. Just for good measure, write that LastPass password down on a piece of paper to keep next to your computer for the time being -- it will become your master password, and if you forget or lose it, you're in trouble.
LastPass, and most other password managers, will ask you during the set-up process to import all of your saved passwords from your browsers' password managers. You should really do this, because this is how you get an overview of the passwords you use on various accounts, and it's how you can start to repair your sketchy password history.
Auditing Your Password Security
One of the reasons we chose LastPass was because it offers a simple way to get an overview of your password security, once you've imported your password information from your browsers. LastPass's auditing system is called "security check" under the "tools" section of your LastPass extension's menu.
(Photo : LastPass)
It takes you to their secure site (where you must enter your LastPass master passphrase), and onto the "LastPass Security Challenge."
(Photo : LastPass)
It's less of a game than it sounds like, but remember, this is to jumpstart your cyber security for the rest of your digital life. The security challenge page will give you an overall score and a detailed list of all the sites you've used duplicate passwords to create.
For many, this will be a depressingly long list and low score. Just think, if any of these accounts were breached or are part of that 1.2 billion username/password cache that Russian hackers have amassed, it's possible many of your accounts could be hacked at once.
That's okay though, because we're about to fix all of those security holes as fast as humanly possible.
Step-By-Step Password Replacement
The accounts lists are organized by password, not account, so you can see exactly which services have the same password and password/login combination. Choose the most personally important accounts and work your way down to the least. Here's the process:
1. Simply click "Visit Site" and login with your current username and password, which LastPass has stored from your browser (disabling your browser's password function can help keep your browser from confusing things by offering to auto-fill or save your information. Remember, your secure password manager will be all you need going forward).
2. Go to your account page to change your password. If you need to reenter your current password, it can be found by searching the LastPass "Vault," clicking the "settings" wrench icon, and choosing "copy password" and pasting it into the field. Now click on the "New Password" field.
3. You'll notice a little lock icon with a circular arrow will appear to the right of the new password field. Click on it and LastPass will generate a very secure, random password -- and you can set parameters to exactly fit the password parameters set by whatever site you're on.
(Photo : LastPass)
4. LastPass will put the new password in and ask you to save it. Do that.
Repeat those four steps down the list of duplicate passwords on the security challenge page, until the process is done. Afterwards, you can re-run the security challenge to see your new, higher score and the list of all of those websites that now have strong, unique passwords.
LastPass's Security Challenge is a great tool to use whenever you hear about a cyber security breach in the future, since you'll be able to go in, beef up security with a new random password, and be done with it. And for any new account you may open, just follow steps 3 and 4, and you're on your way to a secure future on the web.
Tap That App?
Whether it's LastPass (the easiest for those who might need serious security audits across their account history) or another reputable password manager (we advise using something that's cross-platform, so it will be more future-proof for any new device or computer you might get), this isn't just an ordinary Tap That App recommendation based how cool a new app is.
We strongly urge you to use a password manager and clear away your duplicate passwords because it'll basically be a cyber security necessity as long as passwords are used to secure online accounts. Alternatives might be on the way, but it only takes an hour to make yourself secure until they arrive -- and it only takes a few minutes for a breached account with a widely used duplicate password to ruin your day, or worse.
And as we've seen before, most people are very bad at generating secure passwords themselves, with literally laughable passwords like "password," "123456," or "111111" seemingly always making the top 10 most commonly used list.
So why not let an app do that, and remember it, for you? For your own security and safety online, please do.