Have You Ever Forgotten A Password?
Posted on February 21, 2011
Well, have you?
Like everyone else, I had a system. I had two passwords (for my personal stuff… more at work), and there were just a couple of variations on the theme to allow for site-specific requirements (like sites that required a capital letter in there, or something). I had two passwords — one for very secure information (like bank accounts and email), the other for everything else (like social media sites).
Then, the Gawker security breach occurred compromising my “everything else” password. Following a mad dash to change passwords everywhere, I’m officially overwhelmed. Since then I’ve clicked on “I’ve forgotten my password” more than ever before combined! Can you feel me?
I’ve remember to change some, but not all. Variations on a theme mean that I have to check through as many as four passwords on each site. And, more sites seem to enable logging in with a username or email, but not all will say which you’ve used. And, they won’t tell you if it’s your password or username that’s incorrect. Combine that with the logins via facebook or twitter credentials, and I’m ready to write my paswords on a piece of paper and keep it in my wallet!
By the way, DON’T DO THAT. The security threat is real.
I’m not a security expert. But there are some simple things you can do to keep yourself more secure.
For example, when logging into sites from public wifi networks, always use the https prefix (not http). Since the Gawker breach, many sites have updated their login process to encrypt the connection so your passwords aren’t sent “in the clear” (so that anyone with a simple/free sniffer looking at network traffic can see them).
Back to topic…
There is a class of software meant to help people securely track passwords. Simply put: they store/remember all your passwords in a “password vault”. Then, you just have to remember your one password to the password vault.
Of course, it’s never that simple.
It’s got to be easy to use. It’s got to work the way you do.
In short, I’ve come up with three questions/requirements that I’m looking for:
- Has to support Mac and the browsers I use: Chrome, Firefox & Safari.
- I want to be able to login from my computer, my iPad, or a stranger’s device (like at an internet cafe).
- Needs to easily support managing multiple accounts for the same site, for example Chase requires that I have two accounts, one for my business and one personal and I need to remember both sets of logins separately.
Primarily though, it has to be seamless and easy.
I’ve come across two companies that people have recommended:
In short, both look like good solutions. 1Password is a little more polished according to one friend who’s used both. I’ve found that LastPass has better online information about the product (and it’s much easier to find). 1Password says they’ve posted their videos on AppTorial. Can’t find anything there! If this is a sign of how they think of usability, I’m scared of their product.
I finally managed to find a tutorial on how they work when you’re not at your own computer/device. I’d share the link but they don’t have static links to content for sharing!!! You guessed it — strike 2! The solution is a bit complicated, but well documented. I think I could manage with it, though it depends one other sacrifices.
And, 1Password doesn’t even have a list of browsers supported. In fact, there’s no link to details product information anywhere other than their users guide (and if you click on the page about macs, links on that page take you to Windows product information).
The one thing I like about 1Password is that how they manage multiple identities for the same site is very obvious in their tutorial videos, and I’m still not sure how LastPass does that.
Lastpass also has integration with a hardware key. While not originally a requirement, a security expert friend of mine considers it such. And, since I’m looking to fully upgrade my approach to security, it’s a consideration. LastPass has a short video of how that works and why it’s important.
What it seems to come down to for now is how they work when not at your own computer, and how they work with multiple identities for the same site.
1Password makes it really easy to manage multiple identities, but not to work from another computer. LastPass makes it easy to work from another computer, but not sure how they manage identities yet.
Pricing. It’s $40 for a license to 1Password for the Mac, another $15 for the iOS devices (By the way, hate it when vendors don’t advertise their iOS prices on their website). LastPass has a free version, though it’s $1 a month for mobile use and other advanced features (including using the YubiKey). And, should I choose to do so, $25 for the YubiKey.