It cannot be repeated enough, using the same password on multiple websites is not only the stupidest thing you can do on the Internet besides clicking a link in your email it’s Internet suicide. Now I know, nobody is perfect, we’ve all done it. You’re in a rush, you’re creating an account on yet another website that wants your shoe size or your grandma’s first pet’s name. You do the easiest thing. Enter a password that you’ve used before on another site whilst saying to yourself, I’ll change it later. Truth is you never do. So you end up using the same password or variations on that password. You probably use a couple of other passwords for things like your email or Paypal. Well let me tell you right now. STOP!
Every week we hear of another website that’s been hacked and the user database has been released publicly on the Internet. Last week it was LinkedIn, this week it’s Envato and the Tuts+ platform. It doesn’t really matter who is to blame or how they did it. What matters is your personal information and if the worst happens, your money. Nobody really know’s if anyone does anything with this information. It’s all about risk management. If you use the same password and email address combination on multiple sites, and if any of those sites store your credit card details and home address. How long does it take for them to steal your identity and worse your money. If they manage to compromise your account on another site unrelated to the hacked site, how would you prove who you were if they then changed the password on the other site? It would probably be easy on the hacked site, they are expecting it. But the other site doesn’t know you use the same password on both sites.
So, that lengthy intro leads me to my main point. Password management online. I use lastpass. They offer a free service and a premium subscription based service. The free service is perfect for what I need. Which is what I am recommending in this blog post.
No matter which browser you use, there is a lastpass extension or plugin. The principle idea is that you create an account with lastpass with a long alphanumeric password, you then let lastpass create a unique alphanumeric password of the length of your choosing. Eight or more characters seems the accepted length.
There are numerous guides on how to use lastpass so there is no point repeating them here. The video on the lastpass home page serves as a good intro. Lastpass will also import your unsecure local saved passwords from Firefox or Chrome and import them into your lastpass database. Once you’re up and running it’s a good idea to visit each of these sites and change each password for each site. It’s a lengthy process, I wont lie to you. It took me the best part of a day to go through each site, log in, find their change password page (every site is different), reset the password, log out and then test logging back in again. Don’t worry lastpass makes it easy for you, 9 times out of 10 it detects you’re on a password page and offers to automatically fill in your old password and generate a new password for you. Just be sure to say yes when it asks you if you’ve just changed your password.
That’s it. Be secure. Lastpass is available for all browsers and all mobile devices. Do yourself a favour now or face the consequences later.