image

Image: Some rights reserved by izik

Like most people, I have more passwords for various internet sites than I can possibly remember.

For ages I have used Firefox as my main browser and set it to remember my passwords, which was a handy way to overcome my memory deficiency. You can do the same with other browsers.

From a Firefox-user’s perspective, this can be problematic: (a) you can see them pretty easily from Tools / Options / Saved Passwords and, although it is possible to lock them with a master password, my understanding is that (b) Firefox stores them in a simple text file that can easily be retrieved if you have the right know-how. This is potentially a major security problem, if for example, you lose your laptop.

The other issue with the above approach to passwords is that you have to set up your passwords across any separate computers you use. There are online syncing facilities for passwords available, such as Foxmarks. Online syncing of passwords, however, makes people understandably nervous. Having your passwords out there somewhere in the cloud feels less secure than the fact that your laptop might get stolen.

I have started using an online syncing service, however, and I think it is great: LastPass. You need to judge for yourself whether you are comfortable with online sync. I currently reserve some paranoia – I have not yet submitted my bank passwords, although that seems irrational given my understanding of how it works, and the fact that I have already submitted many key identity-linked passwords such as email accounts. I think I will move to linking bank passwords as well sometime.

You install the software on your computer. You give the software a master password which is stored locally on every computer you set it up on. The master password is needed to unlock the encrypted list of passwords which are stored online. The master password is only stored on your computer(s) when you are logged in, and even then, only after you have typed it in. (You can save it on the computer but that defeats the point.) Ultimately it stays safely in your head.

It has lots of useful features like:

  • one-click sign in to sites which it recognises you have a password for
  • worlks across different browsers (Internet explorer, Firefox, Chrome, etc) and different operating systems (Mac, Windows, and Linux)
  • it can generate rock-solid passwords for you when you sign up to new accounts
  • it can save fill-in form information for quickly filling in online forms
  • there are mobile versions available

http://lastpass.com/

As I say, you’ll need to decide whether this idea for managing your passwords is for you, but weigh it against the approaches many people use to handle passwords (including the very vulnerable one password for all) and it soon makes a whole lot of sense.

It also comes highly recommended by some well respected organisations:

http://www.economist.com/node/15141284?story_id=15141284

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords-between-all-your-browsers

http://www.pcmag.com/article2/0,2817,2343565,00.asp