Feature image via Shutterstock.
I was talking to Cee about this post right here, and they mentioned people’s passwords as a weak point that can be exploited in these dark times. It was then that I had to admit that I am the worst person I know re: passwords. Up until this week, I had the same three or four and I used them for everything. They were all semantic and too easily guessable. Cee took me to task and they’re totally correct. I decided to put off writing to y’all about passwords until I followed their (and my own! See, I know better, that’s why it’s so fucked!) advice. So here’s what I did to make my password life more secure.
Now I recognize that the following things I’m going to suggest that you do are, in fact, a pain in the ass. That’s why I recommend getting a group of friends together at a dining room table and doing this all together. Don’t share your passwords or passphrases, but do share snacks and beverages and a sense of accomplishment.
Why LastPass you ask? Because we’re about to change all our passwords to long strings of numbers, letters and symbols that we will most definitely not remember. LastPass is a service that stores all these passwords and makes them accessible and autofillable with one master password that you remember. Even though it stores passwords in the cloud, Cee assures me it’s better than what I (and maybe you!) have going on right now. Plus everything is encrypted and decrypted locally, meaning only on your device. LastPass can’t even see your passwords. You can even add two-factor authentication to make it that much more secure. They have this neat feature where you can set up an emergency person who can have access to your passwords if you get hit by a bus, so you can give access to your wife or family or best friend if you want. They have extensions for just about everything — all major browsers, plus software for Windows, Mac, Linux and so many mobile solutions as well. Starting to set up your account? Well then it’s time to—
Choose a Passphrase
What’s a passphrase? It’s basically a sentence instead of a word. A passphrase contains spaces between each word and might feature punctuation. It’s more secure than a password because it’s longer and features a larger array of different kinds of characters. Make your LastPass password a passphrase instead! Some examples (please don’t use these!) include: “Autostraddle is my number 1 website; I read it every single day!” or “You better believe I will resist Voldemort—I’m a member of the Order of the Phoenix.” I know it takes a while to type, but it’s just going to be to get into your vault. You won’t actually have to type it all that often. But REMEMBER the damn thing! Once you’ve got that all sorted, it’s time to—
Generate Random Passwords
This is the real pain in the ass part, but it’s gotta be done. Now you have to run around the internet and start changing your passwords to more secure random strings of stuff. LastPass has a password generator that you can use. If it weirds you out to have LastPass generating passwords (even though LastPass can’t see them!), you can use a separate plugin to generate strings. Google Chrome also lets you generate passwords from within the browser itself (just hit up chrome://flags to turn on password generation).
But how do you remember where you’ve gone and made passwords? Well, friend, that is a conundrum. You can start by making lists by category of all the services you remember using online. Try thinking of categories like Email, Social Media, Communication, Shopping, Work, Banking—what other categories can you come up with? Another way to do it is just start using the internet as you would any other day, and when you come across an insecure password, change it. I’ve approached it using some melange of both.
But What If I Don’t Like LastPass?
Fair enough. I think LastPass is peachy because it balances security and convenience, and I feel like we wouldn’t really get this password security stuff done if it made our online lives horrible inconvenient. It’s also free. That is my last pitch for LastPass. Password Dragon is also free, and it runs on Windows, Mac and Linux as well as being totally launchable off a USB drive. But it doesn’t have a mobile solution. Dashlane only syncs when you pay premium, so if the syncing is what’s bothering you, GOOD NEWS! You can just not have that feature and Dashlane is free. KeePassX is the open source option, but it’s not easy to use.
What Do I Serve at a Password Party?
Any tips for securing your password? Please make healthy use of the comment section so we can all benefit from your knowledge!