My wife and I got a security alert that our personal information was found on the dark web. I decided to do a computer security update on both of us, including checking her password wallet. We use LastPass to store our passwords.
The idea being that all you have to do is know the master password for the LastPass, and then allow LastPass to generate and store all of the other passwords you need. They can be as long and complicated as you need them to be. I began using it after I struggled with passwords a decade ago.
With a tool like that, there is no need for short, easy to remember passwords that are easy to guess or on the list of weakest passwords. There is no need to reuse a password. You can use a random password like Defw;n%348mEoi and know that no one is going to guess it, you will never need to remember it, and as long as you keep the master password secure, things are great. You password is stored in an encrypted format that uses your master password as the decryption key. No one, not even the company that makes LastPass, can access your wallet without knowing the master password.
The app will even generate secure passwords for you at the touch of a button. You can the specify the length of the password, as well as characters used. I have mine generate 15 character passwords that contain an upper case letter, lower case letter, numerical digits, and symbols.
That is why I was so disappointed when I opened our LastPass wallets to run the built in password security analyzer. It checks all of your stored passwords to ensure that they are strong, and that they are not duplicated. My score was fine, a 94 out of 100. My wife’s security score was a 50.2. I opened the detailed report to see why. That was when I discovered that she had more than 200 passwords stored, and:
- 140 of them were classified as “weak” passwords.
- 112 of them were duplicates of another password.
- 40 of the “weak” passwords had a score of less than 10 out of 100
- 10 of the duplicates were the word “password” or a variation of it
- 5 of the duplicates were simply her name
Even worse, her master password was one of the passwords stored in her wallet. Now to the positive side, the passwords to financial accounts and other high risk passwords were valid, high security ones with scores of 75 to 100. She just didn’t see the risk to having low security passwords to store shopping accounts like those used for customer loyalty cards or online shopping retailers.
So we had to have a conversation about computer security, why I pay for us to have a secure password wallet, and why it’s a bad idea to not use it correctly. I had to point out to her that computer criminals are more active that ever before, and barely a week goes by that we don’t get a notice that one company or another that we do business with has had a data security breach.
Imagine that you do business with an online retailer. Say, an online pet supply store. Their data is compromised. The hackers now have your name, address, password, your pet’s name, and your email address. They now cross reference that email address to others retailer where you reused the same password. Now they are gaining small, seemingly insignificant details of your life until they hit the big one- they gain your SSN, credit card number, and date of birth from a breach of your hospital’s computers.
So I am spending time today to correct and update all of her passwords. My goal is to get her security score above a 75 by the time this post goes live.
ANOTHER TIP FOR SECURITY: LastPass allows you to store secure notes for each retailer. For your security questions, have the password generator create another random password and store that in the notes as the answer to your question. Then if you ever need it, you have a secure answer to that question about your mom’s maiden name that some hacker can’t get from another source.
DISCLAIMER: As usual, I will inform everyone that the products and services I mention on this site are not paid advertisements. I have no connection to them whatsoever, other than being a paying customer. I receive no discounts or special pricing beyond that which is available to anyone else in the general public.