password

Family Password Management

Family Password Management

Passwords are a big deal these days.  You see it on the news – don’t write your passwords down, make them long and complicated, change them often, and definitely never reuse them.  As a busy dad and husband, I'm lucky to remember to tie my shoes on the way out the door, let alone a few dozen passwords!  So what is a person to do?  You need a good password manager, and so does your family.

What is a password manager?  It is a program or app that stores all of your passwords to the various sites you use.  You create one very secure master password to protect them.  The benefit is that you only have to remember a single password and the rest of your passwords can be super long and complicated so you'll be safer online.

Why do you need it?  Would someone really try to hack you?

Yes, yes they would.  You might not be a high-interest target, but if the opportunity exists, someone will take it.  The truth is that you really should never use a single password for more than one site or service.

For example, you might use the same password for your account at an online forum and your main email account with Google. Now, Google spends billions of dollars on security and does a pretty great job. Turns out that the forum stored your email address and password in a text file, unencrypted. The forum is hacked and people with possible bad intentions have your email address and password. The first thing they will do is go to lots of other major sites to try to gain access with your credentials. Now, they have access to your email and by simply analyzing the contents, they can reset your passwords on other sites you frequent. At this point, they might have access to your online banking and brokerage accounts, medical accounts, or other very sensitive information. All this was accomplished from hacking a low-security forum. So what can you do about it? Get a password manager and use different passwords everywhere!

There are some pretty good options out there.  LastPass, 1Password, KeePass, etc.  Though we are going to reference LastPass in this article, mostly because it is so flexible and compatible with almost all devices, the concepts can apply to many of the major online password managers.

LastPass Strip - The Efficient Dad

OK, so you need a password manager – now what?

As previously mentioned, I’ll be discussing LastPass, which is free on mobile devices, and ~$10/year if you want desktop access.  It is compatible with Touch ID as well if you want to log in with your fingerprint on iOS.  Head to www.lastpass.com and create an account, making sure to set a secure password.

One way to create a secure password is to create a passphrase instead.  Look around the room or use your imagination and select a few objects.  For example, a cabinet, a glass, and a television.  We’ll start with just that: cabinetglasstelevision.  Add a symbol, some numbers, capitalize some things, and you end up with: cabineT#glass4telev1sion.  That password is very secure due to the length alone.

Next Steps

As I'm sure you've thought about - what happens if someone gets the password to your LastPass account?  All of your passwords are sitting in one place, nicely organized, for someone to steal.  I highly recommend setting up two factor authentication (sometimes written 2FA) for your account.

By enabling 2FA, it makes it so signing in on a new device uses something you know (password) and something you have (token via Google Authenticator or similar app).  When you sign in on a new device, you’ll enter your username and password, then open Google Authenticator and view the 6 digit code it gives you, and you’ll input that as well.  Though this takes a few minutes to setup and is slightly more inconvenient, if your LastPass password is ever stolen, your passwords will still be safe.  The catch is that you need to have the authenticator device with you when signing in from a new location.  If you ever lose it, LastPass does have a reset process that involves sending an email to you for verification.  So rest assured, you have a way back in to your account if that happens.  It would be a good idea to write your LastPass and email password down and store them in a secure location in case you ever need to recover from a lost device.

Take some time to input all of the sites you use and their existing passwords.  Once you have that completed, you can start changing passwords to make your online presence more secure.  For major sites, with the click of a button, LastPass will change your password for you and record the new one automatically – nice!

LastPass Security Challenge - The Efficient Dad

Security Challenge

A convenient feature of LassPass is the Security Challenge, which takes you through a step-by-step process to become more secure online.  To take the challenge, you'll click “Security Challenge” on the left-hand menu.  All of your passwords are analyzed and LastPass then provides an outline of how to improve your security posture.

  • Step 1: Change passwords that were possibly compromised in a known hack.  LastPass researchers know what's going on in the world and if a service is hacked, they'll let you know.
  • Step 2: Change weak passwords.  It gives you an opportunity to make weak passwords stronger by pointing out the ones that should be changed.
  • Step 3: Change passwords that have been used in more than one place.  As we talked about earlier, it is a very good idea to never use a password in more than one place.  But what if you don't remember where you used them?  This step will detail all of the sites you use that share a password.
  • Step 4: Change your oldest passwords.  As passwords age, it is a good idea to change them.  That way if someone finds a way to get their hands on an old password, you will have already changed it to something new and there is no harm.  Consider changing your passwords every six months.

Every step of the way, specific sites will be detailed so you know which ones to change in order to complete the step.  Don’t want to change one?  No problem, you can skip it.

Sharing Passwords with your Family

This post is called Family Password Management for a reason.  LastPass gives you the ability to share passwords with other users, which gives your family a nice way to have access to all of your services without texting/emailing passwords.  For example, you probably share a Netflix account, maybe Amazon Prime, and you'll need a good way to set secure passwords and then share them. 

To do so, you’ll click on “Sharing Center”, then the + in the lower right portion of the screen.  They will walk you through the process, but I recommend creating a new folder called “Shared Family Passwords” or something similar.  That way you know that anything placed inside that folder will be shared.  You can create subfolders within if desired to help you better organize your passwords.  Your top level folder might be called "Shared Family Passwords" but within that folder, you might have a subfolder called "Shopping", one called "Finance", and so on.

Next, return to the Sharing Center and click “Manage” on your shared folder name.  Here, you can invite users, delete them, and change their permissions.  One thing to note: there is an option called “Hide Password” which doesn’t have an obvious function.  It allows someone to use the plugin to auto-fill passwords, but never actually view the password.  The other option is to give someone read-only access to your passwords.  They could then view them, but never alter the passwords.

Now that you have your password management under control, your family has a nice, easy, and most importantly, secure, way of using and sharing passwords.  Leave a comment and let us know what works for your family!

Cheers! ~The Efficient Dad

Posted by The Efficient Dad in Family, Technology, 2 comments