I’ve got a confession to make: I’ve only just now started using a password manager. There, I said it. It was about time I got off my ass and fix this mess that’s my digital identity once and for all.
The reason why should be obvious: these times require strong and unique passwords, that are virtually impossible to remember if done correctly. You will need a tool to keep track of it all.
The reason why I haven’t done this until now is part procrastination, part feeling overwhelmed by the daunting task of figuring out where the hell I’ve left my identity. Moreover the task lacked a sense of urgency so it moved from my immediate to-do list to my bucket list… until lat week, that is.
The trigger for getting off my ass was a e-mail message I received from scrum.org; someone had managed to hack their way into their database and gained access to information including encrypted passwords. If I’ve learned anything from the past is that encrypted passwords only take so long to break, so changing passwords was imperative.
But the real problem is, that combined with a known e-mail address and a potentially compromised password, you can log into a lot more sites than this one. I’d used that password on other sites as well (which tends to happen if you have to memorise them), which were compromised as well.
So it was time to get my act together. I’ve browsed around a bit for a password manager that was reasonably priced and highly regarded. I ended up choosing for Lastpass because it seemed to offer all I need for a good price (12 USD/jr if you want mobile support). It also comes with a nice security challenge that gives you a higher score for every step you take to make passwords stronger and unique, which is just the type of thing my OCD-self needs to get my shit organised.
So I am now gradually upgrading my accounts across the web to have unique strong passwords. Better late than too late, I suppose. But more importantly, it will make my life a lot easier in the future when making accounts, or updating passwords when another hack occurs.
My advise: don’t wait, just do it. There is no reason not to do it and you gain from not doing it will be regret.
I have slowly started using keepass for new registrations, but the task is daunting. I like keepass cause its free and extremely portable (I store it in Dropbox), yet very secure and independent.
Downsides are that mobile support is lacking and you have to manually keep it up to date and distributed.
I’ve used KeePass in the past, but it was a bit more cumbersome to keep track off and maintaining passwords. In the end I somehow lost my password DB and had to start over.
The browser integration of Lastpass is part of the reason why I decided to it. I decided later to pay the 12 USD/yr fee so that I have the added benefits of mobile support, but if you don’t need that you can use it for free.
The only downside is that you’re not in full control on how and where your passwords are saved, but that’s something I can live with for now.