Password Management
 |
| Photo from Pexels |
Credentials are one of the most common things a regular Internet user has to use. Almost any site you access today has a sign up form and a private area for each user. Any service you can name has a sign up/log in mechanism. Whether it's mandatory or not to consume the service or content provided is another matter. Web email, video streaming sites, social networks, home banking, forums, some blogs, the list goes on. Credentials vary per site. The most common ones are the user/password combination or email/password combination, but other sites may ask further information, cell phone, a real world ID, domain, etc.
At the same time we, Internet users, move around several services and keep these credentials in the head. It's easy to remember when you use the same user or email, and it's not much of a problem when the number of services we use is small, but it's rarely the case. There's also the common case of the impulsive registration, when we want to access something for just one time and we're forced to create an account that we later never use again, like a forum for example, to view a post of a topic we're interested in.
Over time, the number of credentials gets considerably high and hard to track. Some people choose to use the same combination across sites to reduce the amount of data to remember, however this is a very bad practice. Others choose to save this on a text file on the disk, which is even worse and not practical at all if you use other devices or if you're away from the disk you stored that information and you need to access one of those site.
To address this problem, different tools were made to make the process safer and more practical. Each option may have its benefits and problems and there's not a single best option. The usage and needs for each user also is different. A small organization for example may need a solution that allows sharing for its IT department. Some users may want a completely offline solution. However this is sensible data, and whatever solution you may choose, it needs to be safe and private.
There are many tools out there, from portable apps that can work from a flash drive to web services. In this post I would like to briefly mention one solution I use: LastPass.
In the past I was very careful with these things. The thought of having a web service to store this was a bit scary to me. I needed to trust the site. A few times I tried to use offline apps, but they end up collecting dust. Their security can be high, but it's difficult to find a portable solution both for Linux and Windows that just works. Over time it became more and more difficult to track this data and I finally washed off the fear. LastPass really sold to me.
In a few words, LastPass is a site that uses heavy encryption to store your data and allows you to sort it in different ways. But it doesn't just store the information, it has additional tools to enhance your browsing and it acts accordingly. They developed a Chrome extension that can detect the site you're on and suggest or track credentials to automatically store or update them as you use them. And if that wasn't enough, they also have an Android app to do the same on a device. LastPass can autofill forms and even customize the autofill to put the proper data for those forms that ask for more information. At the time I started using LastPass there wasn't a desktop app to operate like the browser extension or the device app, but hey, 80% of what you do is done in a browser, so chances are that you always have a browser or device at reach to view those credentials for that desktop app.
Among other things it includes a generator to create safe and long passwords with the complexity you like to make it almost impossible to guess, encrypted notes, site information, URLs for the log in forms and also sharing features. Someone can share an entire set of credentials with you from LastPass to LastPass in just a few clicks. Sharing features include expiration dates to prevent extended access. Finally, it gives you recommendations and warnings about insecure passwords you may have or repeated ones.
The service is paid (quite cheap however), but they have a free option with some restricted features. I must say that it's very practical to use and I can make my passwords way safer this way, without worrying about remembering them. The additional benefit is tracking all the sites I have an account on and act properly in the case of leakage.
So if you are in need of a password manager solution, take a look at LastPass, it may suit your needs, whether you are just a user or an IT manager in some organization or else.
Worth noting that I don't get anything by recommending LastPass nor am I doing sponsorship or seeking anything. It's a tool I regularly use and just want to share my experience with it. I'm also in no way associated with the company behind it, just a regular user who is happy with it.
https://www.lastpass.com/