Password Herding in Less than 10: Getting Started

Ever thought about how keeping track of all your passwords is a little bit like keeping track of cows? Well, it’s certainly a bit of effort to keep them corralled, but a righteous pain in the chaps if any of them happen to get out!

I am not what most would refer to as an "early adopter" of technology. You’re more likely to find me sitting on the porch rocker with your great-granny (since even granny’s probably got a tablet of some sort) lamenting about kids and their phones these days. But I’ve also come to the realization that this whole keeping track of a gazillion passwords thing is out of control.

(Editor's Note: With the discovery of the Heartbleed bug, updating and keeping track of new passwords is now vital. Learn more about how Heartbleed compromises website security and user accounts.)

I, for one:

1. Am sick of typing login information all the time and have a hard time keeping my passwords straight.
2. Am concerned about the very real security risk of having passwords stored in the browser (Why this risky: Anyone who hacks into your computer will have access to *all* of your passwords right at their fingertips). 
3. Realize that having all passwords written on a piece of paper somewhere is a dumb set up. Not only do I constantly have to search for said piece of paper, but I realize it’s also a silly risk to have that written out and lying about, not to mention the hassle of accessing any account when I’m *not* at home.

Do any of these describe you, too? Read on, partner…

Here’s what I concluded: it’s time to download a password manager to take care of the hassle and keep my passwords safe (this would be the electric fence to carry out the cowboy metaphor a tad further…). Need more convincing? Read this argument from How to Geek. 

Quick! Summarize what a password manager is in a sentence!

A password manager is software you can download to help you organize (read: memorize) your passwords and PIN codes.

How does it work?

The way it works is that the password management software has a local database or a file that holds the encrypted password data for secure log in onto computers, networks, web sites and application data files. See the "encrypted" part? That’s what’s critical to keeping your information safe.

To get my toes wet, I tried out LastPass’ free version and found I was able to get it set up in about five minutes. Updating each site with a password thereafter takes another minute or two.

After you initially download your password manager software, you’ll need to go onto the site in order to set it up initially and come up with your brilliantly complex, memorable password that will be your “master password” thereafter. Here’s a helpful step-by-step guide (with pictures – whee!) to walk you through what this looks like for LastPass. 

You can also check out this brief seven minute overview on the ins and outs of KeePass here.    

Decisions, decisions…Which password manager to go with?

A quick search will show that there are a lot of password managers out there. This Lifehacker article gives a helpful rundown of key features of some of the more popular password managers that surfaced in my research: KeePass, LastPass, 1Password, RoboForm, SplashID. Here at TechSoup, we use KeePass and Password Safe.

While LastPass is repeatedly flagged as being one of the more user-friendly versions of password managers available (my experience suggest this is the case, too), there are many to choose from, depending upon:

1. Whether you want your password data stored locally or in the cloud
2. Whether you want proprietary or open source software
3. What you want to pay
4. Whether you want a straightforward, simple password manager or something to help safeguard your personal account info, too

Password managers: helpful features

• If you’re comfortable with simple downloads, password managers are easy to use, quick to set up, and mobile-friendly
• If you’re creating a new account, your password manager will offer to generate a secure random password for you, so you don’t have to think about that, either. It can also be configured to automatically fill information like your address, name, and email address into web forms.
• The automatic log in ensures you don’t have to remember what 20-character, random password goes where on which site
• Automatic form-filling (More minutes to your life back – yay!)
• Built-in on-screen keyboard that you can use to enter your master password. This is good if you’ve got any concerns about keylogger software from capturing your keystrokes and forwarding that information to hackers.
• Most programs back up your data online for free if you’re comfy storing passwords in the cloud. You can also store this locally on your own machine or on a USB flash drive.
• LastPass 3.0 can import passwords from competitors

The cons:

• The debate is still out on HOW safe and HOW hackproof password managers are. That said, general consensus here is that having *something* is definitely better than nothing to keep your account information safe(r). 
• Even with anti-keylogger software, password managers are not able to prevent clipboard loggers from stealing your login info from the invisible “clipboard” where you copied your password to before pasting it into the form.
• Password management software means all your passwords are in one place. All the hacker needs is the one master password you use to access all of your logins.

Other considerations for password managers:

• Make sure you’re protected by anti-keylogger software so that the password you type into the form will not be captured by keylogger spyware that you may not even realize is on your machine.
• Think about whether you want your password vault stored locally on your own PC or in the cloud. Some password managers like Keepass let you configure your passwords to as USB flash drive.
• You may want to consider using a password manager that is "platform agnostic" if you have devices that are not all compatible.
• There are many FREE versions of password managers – they simply won’t have as much functionality as those you pay for but they are equally safe

What says you?

 Have you had previous experience with password managers? What worked for you or what should we avoid? Log in to add your two cents!

Images: New Old Stock Photos