In the past, most people only needed to remember a couple of passwords and PIN numbers in their daily lives. However, as we use more and more online services such as banks and social media, the number of passwords we need has increased dramatically. This has created a situation where the average user simply uses the same password, or a slight derivative of it, for all of their online accounts. This creates a security situation since once one account is breached, that same password can be used to access other services the user might have. This problem is what password managers were designed to solve. The best password manager for most users and the medical office staff is LastPass. It is easy to set up and uses and the free version provides all the basic features that nearly everyone would need.
Full disclosure – I, nor any company that I am a part of, has any financial interest in LastPass. I receive no compensation from them. I am only a user of their product.
What is the problem with passwords?
We have too many passwords to remember. And humans aren’t good at remembering random things. This means we tend to choose passwords that are meaningful to us and then we use them over and over again. Imagine you use a password for a site like Marriott. Marriott was recently hacked by unknown attackers. Now your password is in the hands of the attackers. If you follow what most people do, you didn’t choose a very strong password.
Here is a list of the twenty-five most common passwords for 2018:
How do we know what people are using?
Because each time a breach happens, that data often ends up online. Security researchers then get that data and begin to crack the passwords. Easy passwords like these are usually broken very quickly. This lets us see the trends that most people do for their passwords. If you would like to see if any of your accounts have been breached, you can go over to Have I been pwned. Enter your email address and it will show you if that account has ever been part of a breach. That means that your password for those accounts is compromised.
What makes a secure password?
A secure password follows 3 guidelines. These are:
Randomness – is your password a normal word? Is it in the list above? Is it something others would use or guess about you? (birth dates, children’s birth dates, etc.)
Length – How long is your password? Each digit you add adds up a great deal of difficulty in cracking the password. More about that lower.
Complexity – Did you use upper and lower letters, numbers and punctuation or symbols?
Geek alert! Math explanation follows…
To explain password strength, we have to explain a bit of math. There are 26 lower letters and 26 upper letters, 10 numbers, and approximately 33 symbols (including the space bar) that are easy to use on a keyboard. This gives us 94 possible characters to choose from for each digit if our password. Each digit we add to our password is an exponential growth.
2 digits = 94 x 94 = 8,836 possible passwords
3 digits = 94 x 94 x 94 = 830,584
4 digits = 94 x 94 x 94 x 94 = 7,8074,896
8 digits = 94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 = 6,095,689,385,410,816
10 digits = 94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 x 94 = 53,861,511,409,489,970,176
From this, we can see that simply making our passwords longer, greatly increases the security of the password. However, just using a long password, it it doesn’t follow the other two, guidelines, complexity, and randomness, it doesn’t matter.
Password12345678! is an example. Even though it is a long password, it violates the randomness rule.
A truly strong password is would be –
It is 12 characters long, completely random and is complex. But this creates a new problem. Most people can’t memorize that password, and certainly not several unique passwords. This is where a password manager comes in.
What is a password manager?
So what exactly is a password manager and why do we need one? As mentioned above, the average user today has a lot more passwords to remember that before. This creates a situation where most people use the same password over and over. A password manager solves this by creating a unique password for each site you use. It then stores that password in an encrypted database that only you can use. Each time you access the site, the password manager will insert the password in for you. You no longer have to remember the password at all. In addition, the password manager generates completely random and extremely secure passwords so they are very resistant to hacking. Now you only need to remember one password – the password to the database of your password manager.
Most password managers integrate directly into your browsers and also have mobile apps. This means that you can use your secure passwords now anywhere you go.
What is LastPass?
LastPass is a free password manager. It integrates with all major browsers such as Microsoft Edge, Google Chrome, Mozilla Firefox, and Apple Safari. It also has mobile apps for both Android and Apple IOS. This means it is used anywhere you will need it. If it’s available, you are more likely to use it.
LastPass has a free version and a premium version that has more features. However, for most users, the free version is enough.
Below is the menu for LastPass in a Chrome browser.
This menu gives you access to all of the functions within LastPass. From here you can generate completely secure and random passwords. They are all stored in your LastPass vault. As long as you have chosen a strong master password for this vault, your passwords will remain secure.
You can also store passwords for things like your wifi routers and other types of passwords under the Secure Notes section. This would be used for passwords that are not automatically entered into a site for you.
Another feature of LastPass that is useful is the Form Fill. This allows you to save the registration information you have to enter into a new site. Your name, address, and email address can be stored securely and then when you wanted it entered, you can do so quickly.
Is LastPass safe?
LastPass has been hacked once, that we know about. Both times, the company disclosed it. This did allow for the theft of the user’s password databases. However, to date, no user information has been found online. These databases are encrypted and it is believed that they are resistant to attacks.
LastPass did recommend that users change their master password when they announced the breach.
Why is LastPass the best password manager for most users?
LastPass is available just about anywhere you would need it: your computer browsers, mobile devices, and tablets. The more places you can use it, the more likely you will. It integrates itself in such a way that it makes it very easy to generate passwords when you need them. Also, it can be set to automatically insert them when you visit the site.
Best password manager for medical practices?
Medical practices have HIPAA regulations to contend with when using online sites. Due to this, it is highly recommended that practices use strong passwords for all of their sites such as payment portals and even electronic medical records (EMRs). However, LastPass has a final feature that is very helpful to practices. It allows for shared passwords. This means that a practice manager could generate passwords for sites and then share them with the LastPass of other employees of the practice. But this sharing doesn’t actually give the employee access to the password. This is very useful when an employee leaves as you wouldn’t need to change the password. You would just revoke their shared access to it.
This feature allows you to keep control of your practice’s passwords and not fear that an employee could use it outside of the office.
Passwords are one of the most important parts of computer security. However, the sheer number of passwords that we need to remember has become more than most of us can handle. In addition, these passwords need to be strong and complex to protect us. This makes remembering them even more difficult. LastPass allows us to generate completely random and secure passwords for each site you use. This greatly increases your security while online. LastPass is free and easy to use so there really isn’t a reason for everyone not to be using it.