Your Personal Password Plan

Computer Web Signin User SecurityA few days ago, Yahoo revealed that a suspected 2014 security breach generated enough media to give us a much-needed respite from the presidential campaign. Some simply recycled the same old password resetting advice, some boldly predicted apocalypse, and some entertained us with CYA articles from within Yahoo.

Leaving behind the hyperbole, the only certainty is that passwords are not going away anytime soon, and that this will surely happen again. If you’re like most people, you need a plan so that you can feel safe enough, and can ignore these articles in the future.

Here’s the plan. It will take you a while, but once you’re done, you can relax that your important personal data is as safe as it can reasonably be:

  1. Make a list of all the websites and apps that you use regularly
  2. Mark the ones that have important personal information* stored in them
  3. Download LastPass** and install it on your computer and mobile devices. Splurge for the $12/year LastPass Premium, your passwords are important.
  4. Install the basic Google Authenticator App (available from your device’s app sotre) on your mobile device
  5. Create a very strong master password in LastPass, memorize it, and turn on two-factor authentication in LastPass using Google Authenticator
  6. On every site/app you marked, do the following:
    • Change the password to a unique, LastPass generated strong password.  It is very important that you do not use the same password across multiple sites/apps.
    • Turn on two-factor authentication using Google Authenticator
    • Add each site/app to your LastPass account
  7. Set password and/or fingerprint locks on all your mobile devices
  8. Encrypt the hard drives on all your laptops

*All financial websites, all email accounts (Gmail, Yahoo, Outlook.com, etc.), all cloud files (Dropbox, iCloud, Google Drive, etc.), all health-related sites, all insurance sites. Shopping sites? If you don’t store your credit card number on them, then don’t worry too much. Only store your card on shopping sites you use regularly, like Amazon or Seamless, in which case you should mark those as personal information.
**Why LastPass? Because we like it. All well known online password managers such as 1Password and Dashlane all work well.

Frequently Asked Questions:

  1. What if LastPass gets hacked? The short answer is, it doesn’t really matter because your passwords are strongly encrypted and only you have the key. You also have multi-factor authentication, which will protect you while you change your passwords.
  2. What is two-factor authentication? It’s an additional way to ensure you are whom you say you are. This is currently the best way to protect sensitive information. Even if someone, somehow, figures out your password, they can’t log in as you unless they also verify identity through other means such as a text message or Google Authenticator.
  3. Am a 100% safe if I do all this? Of course not. But you will have done everything you reasonably can do to protect yourself.
  4. What if I share passwords with other family members? Get them a LastPass account too, and share the passwords with them through LastPass.
  5. Do I need to regularly change passwords? Not a bad idea, but not necessary if you do all the above.