Password strength has been a topic about the Internet lately. I have seen lots of clever methods for generating and remembering strong passwords. Some are better than others, but IMO, none are adequate. Here’s the problem: It doesn’t matter how strong your passwords are if you use the same one on multiple sites. All it takes is for a site to get hacked, like Gawker media, or even Sony did, and now your super-strong password has been compromised, and every site on which you used that password has been accessed.
So, the bottom line is that no matter how strong your passwords are, and no matter what clever tricks you use to help you remember them, if you’re like the average Internet denizen, you have way too many logins for you to remember a unique password for every site. And that means that the only truly secure password system is one that remembers them for you.
Enter LastPass. It’s not the only password manager out there, but I like it the best. You create ONE strong password that you have to memorize and use it to access your LastPass database. The LastPass database is stored online, on LastPass’s servers, and is accessed either via HTTPS, via a browser plugin, or via an app on your smart-phone. If you use the browser plugin, logging into sites is seamless: LastPass recognizes the site you’re on and automatically logs you in (after, optionally, asking you to re-enter your master password). LastPass also has automatic form fill and automatic password generation. This means that you can have a different, unique, very strong password for every site you log into, but you only have to remember one master password. It’s the best of both worlds.
One argument against LastPass is that if their database is compromised, then all of your sites are compromised, and that’s true, but given that their entire line of work is keeping that information safe, I’m willing to take that chance. The alternative is rolling dice or picking phrases to create passwords, writing all of them down on a piece of paper or something, and then having to manually type them in when I go to a site. A clunky mess.
There is a free version of LastPass, with some additional features unlocked if you pay a $12 a year subscription.