In the past few weeks, I’ve come to realize 2 things. First, the collegiate football (American) offseason is somewhat boring…bring on the SEASON! Second, people’s Gmail accounts are getting hacked….a lot. I’ve seen 2 of my friends have their accounts hacked in the past month and a half.
While there is nothing I can do about the first one, there is something I can do about the second.
I figured it might be a good idea to share how I generate passwords for web resources like Gmail and any other web based service. I can do this in ANY browser…Opera, Chromium, and Firefox…and any operating system; because I use a tool called LastPass.
LastPass is a password vault for your browser. It can remember any password you type on the web and it can also fill out forms for you (if you’d like). I’ve been using it for about years now but have only recently taken advantage of their handy tools to generate passwords. I’m going to walk you through setting it up in Firefox and generating passwords. Hopefully, this will inspire you to change your password to something a little more complex to thwart hackers.
First of course, install the add-on/extension. This process will differ depending on your browser. Once LastPass is installed, make sure you sign up for an account or sign in to your existing one. Remember, LastPass allows you to use a master password to keep a lock on your entire array of of websites you visit. It takes security a step further by way of password generation.
Password Generation
You already have passwords for email, Facebook, Twitter, and other places on the web. Is your password complex enough to thwart hackers attempts to crack it? Most likely the answer is no…and if that’s the case, it would be a great idea to change your passwords to randomly generated ones and use last pass to remember it. Imagine your password being the following:
hank65yankees
With LastPass it can become
S&Wllj98oCDFZ*
Which one seems harder for hackers to figure out to you? So let’s get started. During the installation for LastPass it should have told you how to access the menu…either through a standard menu or perhaps a button. Once you access the LastPass menu, look for ‘tools’ and then choose ‘Generate Secure Password’.
This should bring up the LastPass password generation tool. It will look something like this:
As you can see, the generator is ready to randomly generate more passwords for you by clicking the ‘generate’ button and you can copy it to your clipboard with the ‘copy’ button. However, 8 digit passwords (default setting) may not be good enough for you. In that case, click the ‘Show Advanced Options’ toggle. This will bring up the following options:
As you can see, you can increase the number of digits for password length…I’ve increased mine to 14 characters…and you can increase the Minimum Digit Count. I’ve done so and moved it up to 2 digits. Customize it however you like and once you have it set the way you like it, you can click ‘close’. The options will save for the next time you go to generate a password.
Changing the Password
Now it’s time for us to actually change a password. How do we do this? Well, if you already had a LastPass account, you can visit your password vault and search for the site you would like to change. Once you find it, you can open up the password generator and generate a new password…then edit the site inside your password vault and paste the new password. Your job isn’t over yet though as you need to go to the actual site and change the password there as well.
If you haven’t used LastPass before, just visit the site you would like to change the password at and login. LastPass will detect that you’re logging in and will ask if you want to remember the site you just logged in to. You should select ‘save site’.
After you’ve logged in, go to whatever password change link the site provides and go ahead and change the password using the LastPass password generation tool pictured above. LastPass should detect that you’re changing the password and ask if you want to update the site. Remember, you can always manually edit the password inside the LastPass Vault.
Why Generate Passwords
I’ve shown this process to people I work with in Information Technology and they scoff at this idea of having randomly generated passwords. They often say ‘how will I remember the randomly generated password?’ and that’s the beauty of LastPass. It remembers so you don’t have to. Once I tell them this, they generally move onto the question ‘well, what do I do if LastPass isn’t installed on the computer I’m using?’ and once again, the solution is LastPass. Just head over to www.lastpass.com and login using your account details. You’ll be redirected to your online password vault. You’ll be able to fully manage everything as if you were using the extension in your browser. You’ll also be able to copy and paste passwords by clicking ‘edit’ on the sites and ‘show’ beside the password field. Sure it’s a bit more work…but it’s also quite a bit more secure.
Don’t put your trust in things you think are difficult for hackers to guess…chances are, it isn’t that hard for them to do so…allow LastPass to randomly generate them for you. That way, you’ll never have your email account hacked like my friends did these past few months…unless you really do want to support the sale of pharmaceuticals or would like to enhance certain appendages. I hope this helps you to use secure passwords in the future! If you have questions, please let me know in the comments and I’ll do my best to answer them! Thanks for reading!
To secure your gmail account you could just simply enabel 2 step verfication
http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html
it’s a good step with one major caveat…if you have an Android phone and tablet like I do…then keeping 2 step verification working with them can become a hassle. Also, I never could get pidgin in Linux to work with 2 step verification cleanly…I was always revoking application privilege and redoing it every single time I signed in…must have been something wrong.
In the long run, this is perfect for people who have ONLY gmail that they use. It overcomplicates things when you have multiple devices and multiple applications to utilize with your google account.
And to secure your lastpass… you can also enable 2 step verification!
I’ve been using LastPass for a while now, so far it seems to work great! Thanks for the reminder on security, it’s really easy to get lax.
I remembered a situation some time ago. I changed my Gmail password and then forgot it. Hopefully Google saved me – they had my phone number, so I was able to reset password. So surely if you don’t want to lose all your mails, contacts, documents, etc. LastPass might be worth trying.
Hi,
It is really a nice article, most of the users are not aware of the hacker’s mindset to know the passwords. This article will really help such novice users.
Hey it is really a nice article as we came to know about the tool which we can use to secure our mails. Thanks for sharing.
But….if you use LastPass as it is designed isn’t your entire vault in “the cloud?” What prevents someone at LastPass from accessing your vault. What if they get hacked? I just don’t trust password managers.
Last pass has an optional professional service that allows you to use a USB key to authenticate. So, for those people who think that the cloud is the most insecure thing out there…this is an option.
Lastpass has a couple of more options here to help with securing even further: http://blog.lastpass.com/2012/08/increase-security-of-your-lastpass.html
If you’re still worried, increase the iterations of your PDKDF2 strenght inside the options in Lastpass: https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/
Lastpass supports multifactored logins utilizing thumbprint or 2-step authentication (or both) as well.
I’m comfortable with changing my passwords regularly and using 2-factor authentication. I’m also comfortable with my browser holding onto the only decryption key for my password vault. That means, even if there is a breach, the hackers will only get encrypted data.
If Lastpass doesn’t sound good to you…there are other services such as Keypass, which allows you to pick where you place your password database…that might be more along where you need to go to feel more secure.
Keep in mind that NOTHING is 100% secure EVER. As someone who has used cloud applications not only to host this website but also in my professional career since 2006, I have no problems with the cloud. I find that breaches of security are done far less often than the media will have you believe.