By Joy Beland
For three years now, I’ve been roaming LA with my Security Awareness Training presentation and asking everyone who attends to learn how to create a complex password, and never to save them on sticky notes or in a document named “passwords” on their computers.
And then it dawned on me. We, as IT people that are the trusted advisors, are doing our clients a big disservice by not providing a good way to store those passwords. It’s pretty unfair to ask everyone to have a complex, different password for everything they do, and not provide a way to save them that is easy to use and secure.
In my own business, we’ve used LastPass as a tool to manage our internal passwords, for about two years. It is much more secure than saving passwords in your Chrome or Internet Explorer browser, or saving them on your phone, or on your computer. And we have ours set up with two-factor authentication, so you can’t just log in to LastPass without also entering a Google Authenticator code tied to your smart phone. So, we are extra careful about securing our passwords.
But here’s the catch – the ease of saving those passwords is “blissful” and it gives me complete control over all of the passwords my employees use, from one administrator portal. An employee leaves – no problem, I just disable their access to the LastPass tool, and when their replacement is hired I assign that account to the new employee and … Wellah! The new employee has every password they need to do their job.
We have LastPass on our smart phones, and it works on iPads, Macs and PC’s. You can install it as a “browser plug-in” or “extension” in Chrome, so that each time you go to a website and log in with credentials that are unfamiliar to the tool, or an updated password, it will recognize this and prompt you to save it in LastPass. It will also create a random complex password for you on a new website, and then save it automatically, if you want it to.
We recently started deploying this tool for a few clients and the training and learning curve is super easy. They LOVE it! For us, it’s the logical next step in providing security to our client environments.
If you’re interested in more information, let us know. Whatever you do, don’t use a free version of ANY password management tool. Spend the $48/year per user and get something that is manageable from an Admin console and highly secure. LastPass is not the only cowboy in the saloon either. We have a few we can recommend.
And remember – password123 is not a password.
This is an example of the LastPass vault with your saved websites and associated passwords. With one click you can launch the website and it will prepopulate your login info and password.
When I chose MailChim, for example, login info and password are already prepopulated, I just click “Log in.”