Passwords, passwords, passwords – wherever we go and whatever we do online we need to use passwords. Unfortunately, humans are really bad at creating and remembering passwords - our passwords are too easily guessed, and we have a nasty habit of reusing passwords between sites. This means that if we become a victim of a hack on one site in which our username and password are stolen, it is all too easy for criminals to try and use those details to break into another – possibly a crucial site such as an online bank or your work computers.
Fortunately, there is a solution – a password manager; a program that creates and securely stores passwords on your computer. Rather than remembering lots of passwords, a password manager means you only need a single password to unlock the manager itself. As a bonus, password managers can create enormous, complex passwords far too complex for humans to remember and much harder for computers to break.
This are a number of different password managers on the market, here we are going to install LastPass – a highly-regarded free password manager available for computers running Microsoft Windows, Apple MacOS and Linux as well as for Apple iOS (iPhone and iPad) and Android devices.
This only takes a few minutes to get started with a password manager and it is time well spent on improving your security.
Start by opening your web browser. Here I am using Google’s Chrome browser, but all modern browsers are supported. Now go to www.lastpass.com – you should see a page like this:
The easiest way of using LastPass on a desktop machine is to add it to your web browser, so scroll down to the bottom of the home page. On the right-hand side of the page you will see a list of browsers – click the name of the browser you are using right now. In this case I chose Chrome.
Now LastPass will prompt you to install the LastPass browser plugin. Click the big Quick Install button near the middle of the page.
At this point your browser may request your permission to add the LastPass browser extension. Agree to add the extension by clicking the relevant on-screen button (the wording is slightly different between browsers so don’t be worried if it looks slightly different on your computer).
Installation only takes a few seconds. LastPass will tell you it is nearly done and ask you to start the program by clicking on its icon in the web browser’s title bar. Click the icon when you are ready.
At this point, LastPass will ask you to create a LastPass userID and password. Your userID should be your main email address. Now you need to choose a master password which you will use to start LastPass and if you edit any of its settings.
There’s some helpful guidance about choosing a master password on the left-hand side of the LastPass window. It shouldn’t be a password you already use and avoid obvious words such as names, birthdays, favourite movie characters, place names and the like.
If you are really stuck; a reasonably strong password can be created by choosing a random word, then a random number and then another random word – e.g. Bucket33Hilltop or Blackberry17Airport (but don’t choose these!)
It is really important not to lose your master password as you will not be able to use LastPass without it.
Click the red Next button when you are done.
You’ve now finished installing LastPass. At this point you can take the guided tour by clicking the blue Show me around button, or you can press on with getting started. If you want to look around, take a break and we’ll see you shortly.
Adding a password to LastPass
Before you can use LastPass to manage passwords you need to give it some passwords to manage! When you are ready, click on Add Item.
LastPass can do more than manage passwords – you can use it to securely store all sorts of information including passport details and medical information, but for now, I’m going to use LastPass to store the log in for my existing Google account.
A new window appears showing a list of the different types of data LastPass can hold; select Password from the top-left of the window (it looks like a padlock).
Another window pops up. You need to complete the form which only takes a few moments:
- URL: the address of the site you are accessing
- Name: a name you will use to remember the site
- Username: the userID you use to access the site
- Password: the password you currently use to access that site
When you have completed the form, click Save to add this site to LastPass.
You can add as many sites to LastPass as you like, but for now, let’s see how it works.
After creating a LastPass entry for Gmail, I have gone to the main Gmail log-in page which looks something like this:
Clicking the right-hand mouse button over the Email or phone line brings up a new menu; near the end of the menu you will see an entry called LastPass. Highlight it with your mouse pointer and a submenu will appear.
So, to log in to Gmail, I chose the option called Google Mail then Fill. I clicked the Next button and repeated the process on the next page so LastPass could complete my password. Finally, I clicked Next and logged into my Google account.
Using LastPass to create a new password
So far, we’ve only used LastPass to store existing passwords, but one of its other useful features is being able to generate strong passwords that are much less likely to be broken by attackers. To make the most of a password manager, it is time to replace your existing passwords with new, stronger passwords. This can be a little bit tedious, but it is well worth your time.
As an example, I’m going to use LastPass to update my Google password, so once I had logged into Google, I went to my account by clicking the little icon at the top-right of the window.
Then I chose My Account, then Signing in to Google and then Password. At this point, Google prompted me for my existing password, I right-clicked and used LastPass to fill it in then clicked Next.
On the next screen, I right-clicked my mouse in the New Password field and chose LastPass and then Generate Secure Password from the pop-up menu.
A new window appeared. Here it is possible to adjust the recipe LastPass will use to create the password by choosing the length of the password (longer is better) as well as the types of characters it will use.
When I was happy with the password, I clicked the Copy Password button – the window closed. I pasted the new password into the New Password box by right-clicking inside the box and choosing Paste. It appeared as a line of dots. Then, I right-clicked in the Confirm new password box and finally clicked Change Password to make the change.
Google updated its records with the new password, then LastPass prompted me to save the change to its own library. A small pop-up window appeared near the top-right of the browser window asking if I wanted to update LastPass. I did, so I clicked Update. The new, strong password is now safely stored inside LastPass.
One site secured, many more to go…
Using LastPass on multiple machines
If you use more than one device, you will need to download LastPass for each phone, tablet or computer that you use. Simply follow the instructions at the top of this article to obtain the necessary version of the software. After installing LastPass, log-in to your existing LastPass account – you do not need to create another account for each machine – and the application will automatically download any saved passwords to that device.
One word of warning, for security reasons LastPass will send you an email asking you to authenticate any new computers or phones before it will allow you to use the application on those devices. This is done to help prevent your LastPass details being stored on machines you do not control.
In case anyone was worried, I changed my Google password again after writing this – so the password you can see above isn’t my actual password.