Home » The Business of Writing » Never Forget Your Logins Again With a Password Manager

Never Forget Your Logins Again With a Password Manager

11 December 2016

Not exactly about books, but important for indie authors and almost everyone else, particularly if they’re paid online.

From The Wall Street Journal:

When it comes to remembering all your passwords, you’ve got three choices:
1) Have a memory like Dustin Hoffman’s character in “Rain Man.”
2) Make the multistep “Forgot Password?” reset process a part of your everyday life.
3) Use a password manager that remembers all your login details—and can even automatically log you in.

What’s never a choice? Using the same password across all of your online accounts. To stay safe, every single account needs a unique password that’s hard to crack.

A password manager works the way you’d expect: You set up an account through a desktop or mobile app and input your various usernames and passwords. Then they are securely stored in a digital vault of sorts. When you need them, you can go copy them, or use a browser plug-in to autofill them when you’re on websites. The only password you need to remember? The one that opens the password manager.

These apps aren’t new, but with more frequent security breaches there’s never been a better time to set one up.

Link to the rest at The Wall Street Journal (Link may expire)

PG has used LastPass forever and has always been satisfied. When he buys a new PC, one of the first things he does is to install LastPass so he has access to all his passwords, including those for the various software programs/online services he uses everyday.

The Business of Writing

23 Comments to “Never Forget Your Logins Again With a Password Manager”

  1. Until one of the updates clears the database and ‘forgets’ all your names/passwords. (I’ve had it happen!)

    Keep your little black book updated. (I use an old columnar pad, where/name across, passwords down and checks/Xs to remind me where I am/was. 😉 )

    • You can download a spreadsheet with all your usernames/passwords plus your saved account links.

      I’ve been using Lastpass for more than 2 years now. Extremely happy with it.

    • LOL I literally have a little black book. Between the “helpfulness” of Microsoft’s forced upgrades to Windows 10 and personal info hacks, a record of passwords on my harddrive or cloud wasn’t worth the risk no matter how much I worship our computer overlords.

      • I’m with Suzan. Between glitches and hackers, I’m not about to put my passwords in the cloud, or even on my HD. I have a clipped stack of index cards that lives in my pocket.

        Angie

    • I have a password protected file as backup/supplement to LastPass. Keeps my serial numbers and similar things, too. Word rather than Excel for the freeform aspects.

  2. I use KeePass and I’m really happy I do! Makes it super easy to have hard passwords.

    • I’ve used KeePass for years; it works well for me. It uses a local database, but if you place the file in a folder managed by a cloud-storage service like Dropbox, Google Drive, or Microsoft OneDrive then it is both backed up and available from other devices.

      • I have my database in my cloud and on a jump drive I carry with me. Super easy.

      • Little note on this. If you’re going to store your password database on a cloud storage service (I personally run my own instance of ownCloud… probably migrating to nextCloud soon), I highly recommend that you lock your database with a passphrase *plus* a keyfile. The keyfile doesn’t go on the cloud. That stays with you on separate media (like a USB stick).

  3. An old notebook has worked just fine for me for the past 4 years. Affordable, too.

  4. Since I’m wacky, I use both LastPass and KeePassX (the Mac/OS X version of KeePass) and, despite the hassle of dual maintenance, am very happy with my set-up.

    Also worth noting: LastPass Authenticator, their app for two-factor authentication, is the best I’ve used. And two-factor authentication makes your accounts much more secure. (You want to secure your primary email account in particular since anyone gaining access to it can reset the passwords of all accounts registered using it.)

    Mind you, you might not want to live your life like I live mine. I mean, you really might not.

  5. I asked my brother the IT security expert whether those password managers were just one-stop shopping for hackers and he said ‘Basically, yeh.’ So I stick with the little black book in which I write the passwords down in a shorthand that only I know.

    But then I think of my friend who died recently and how nobody could get into her password-protected phone to find out how to reach her next of kin… I think we can get too focused on our privacy. It’s worth leaving some of your info in a non-secure form for just such eventualities, and also to remind us to not do financially vital stuff on all our devices.

    • I asked my brother the IT security expert whether those password managers were just one-stop shopping for hackers and he said ‘Basically, yeh.’

      I think your brother did you a dis-service, to a degree. Unfortunately, the easier a password manager is to use, the less likely it is to be secure in all respects.

      See https://www.schneier.com/blog/archives/2014/09/security_of_pas.html for a discussion. As at the date of that article, it sounds like LastPass’s bookmarklet and OTP features were insecure; I have no idea if the vulnerabilities have been fixed in the intervening two years.

      Personally, I use the non-web-based PasswordSafe with the database in my DropBox folder. I have access from any of my computers and my phone and the database is resilient against direct attack. That is, I consider myself as secure as the little black book users 🙂 I can also store the master password in my safe (plus instructions to find the password database) so my accounts are accessible if something dire is to happen to me.

  6. I need to get a little black book. 🙂 Right now I’m using an ancient envelope, covered with tiny writing on both sides and more on slips of paper inside. Takes me forever to find a password some days…

    I’ve always suspected that master passwords were the Mother Lode for hackers. I know, I’m paranoid. 😉

  7. We use 1Password and we love it. Sure, it’s possible that the service itself might be hacked, but in all the years it’s been in existence, nobody has actually gotten into the heart of the system yet, so we feel they have a good track record, and the benefits and ease of use far outweigh the potential costs.

    It’s a bit of a pain to set up, but once that’s done, it’s very easy to use. If you have iOS devices, it supports touch authentication, it generates strong, customizable passwords whenever you have to set up a new login, can be accessed easily from your browser, updates your login records fairly seamlessly whenever you have to change a login, and synchs automatically across all of your computers and devices.

  8. I’m another fan (recent convert) of password managers. I use lastpass but haven’t tried any others. In my case a forum I had contributed was hacked (through a wordpress plugin) and their subscriber login details taken. I had the same login details on multiple sites and then had to go through and change them all. This made me think it might be better to have different passwords on different sites but my memory was not up to the task.

    If you are concerned about storing your passwords in the cloud, this article is a clear and useful place to start. No idea of any biases and I have no connection to it other than having read it.

    http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389

    Note that it is from 2014, but the general ideas still apply.

    Also this from 2015:

    http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

  9. I used to use the address book / little black book route until I thought about the fact that the pro as well as the con of that approach is that it exists in only one place in the world.

    I (and spouse) have been using 1Password for years now. Password required to access, keep coordinated with an app (requires password to access) on my iPhone. Have hundreds of very secure and unique passwords well organized. Backs itself up to my computer regularly. One less cluster of headaches to worry about.

    • I’m not suggesting the little black book as the ‘only’ place, but as a backup in case someone’s ‘update’ blows your online/in the computer/phone out of the water.

  10. Main thing is to ensure that the electronics sitting on your desk (or riding in your pocket / purse) are secure. Realize that those bits of equipment are the only thing you have control over – passwords stored electronically anywhere else are potentially vulnerable.

    Black book in a fire safe, or a safe deposit box, is also secure. Any online store may – or may not – be secure. You don’t know.

    • Even on your desk isn’t safe if you’re connected. Offline backups still make sense for things you don’t dare lose.

  11. I was a password manager skeptic until about a year ago when I started to research a book on personal cybersecurity. I, like a number of others here, distrusted password managers because they are a single point of failure: hack the password manager and you have everything.

    I changed my mind. Security breaches are very seldom the result of direct hacking. Much more often they begin with social engineering, non-technical trickery that gives the criminal access to the system, like clicking on an email attachment that implants a keylogger or giving your password to a phony repairman on the phone.

    After you’re had by a social engineer, good password management contains the damage. If you read the reports carefully, the hacker usually starts from a small crack and busts a victim wide open by exploiting duplicate passwords and weak passwords.

    Paper management systems are fine, but for me, they are simply too hard to maintain properly. Until I started using a manager, I had a stack of index cards an inch and a half thick that I used to manage passwords. And I did not manage them that well. Those of you who have such systems know how much busy work is involved, and how easy it is to overlook changing a password on schedule or using an easy guess variant of an old password instead of a strong new password.

    My conclusion for myself, and recommendation to others, is that unless manual password management appeals to you as a pastime, use a manager. For me, the dangers of DIY management outweigh single point of failure dangers.

    Hint: if you think you have a strong password that you did not randomly generate, take a second to google it. If there are no matches, it is probably strong. If you get a bunch of matches, it could be on some cracker’s rainbow list.

Sorry, the comment form is closed at this time.