January/February 2021

Product Watch

Stop Forgetting to Remember Your Password

William T. Ramsey & Phillip Hampton

Cybersecurity experts tell us that a good password management policy is one of the critical elements in maintaining a safe and secure computing environment. Sadly, many of us fall short when it comes to creating complex, effective passwords. So much of what we do at work and in our personal lives sits behind a username/password combination lock. Because we have so many passwords on so many different systems, many of us take the easy route by creating relatively weak passwords and reusing them on multiple systems. Unfortunately, this easy password scheme is a recipe for cyber disaster. Having worked with rolling out tech systems in the legal industry for many years, we have seen a variety of methods for keeping up with one’s passwords. A sticky note with a senior partner’s network password scrawled on it and attached to the attorney’s computer monitor is not a comforting sight if you are a client entrusting your confidential data with that firm. We’ve seen passwords written on the bottom side of the computer keyboard or stored “surreptitiously” in a document labeled “PASSWORDS” on an attorney’s desktop. The bottom line is that, absent some sort of programmatic assistance in maintaining an effective password policy, human attempts generally fail miserably.

Thankfully, there are software applications that do a very good job of password maintenance for us, and these applications are generally not very expensive nor difficult to use. We have been using one of these, LastPass, for several years. There are many good options in this software genre, and many do as good a job as LastPass. However, we started using LastPass initially because LastPass had a free version that was extremely feature rich. We have since upgraded to the premium, paid version of the software, which we highly recommend as well. Whether you start with a freemium password manager or a premium subscription, the day you start using a password manager such as LastPass is the day you offload the considerable burden of maintaining effective and secure passwords for your burgeoning list of online accounts. We will describe the experience with LastPass.

First, the software gets its name, LastPass, from the notion that the password you create when you set up your LastPass account is the last password you ever have to remember. Sound too good to be true? It is true if you use LastPass as it is truly intended. Since your LastPass password is the only one you really have to commit to memory, it should be a good one (maybe a long phrase that includes upper and lowercase letters as well as numbers). Most people are glad to know that this password is not stored on LastPass’ servers; so, if you forget your LastPass password, LastPass personnel can’t look it up for you (there are account recovery procedures available if you do forget your password). Since you are going to be storing all sorts of sensitive passwords in your LastPass vault, you should make sure that absolutely no one can get inside the vault except for you. LastPass makes that promise to you.

Once your account is set up (either the free or premium version), you then begin to build your vault of passwords for the various online sites you visit. You can add these manually or import them en masse. Since the idea is to have very complicated, unguessable passwords for all of your online accounts, LastPass conveniently has a password generator that will create a truly random, very complex password for each of your accounts if you choose to do so. Of course, there is no need for you to memorize (or even write down) these complex passwords because LastPass manages this vault for you.

Once LastPass has been installed, either as a stand-alone app or via a web browser extension, and you are presented with a login screen to an online account, LastPass will autofill the credentials for you. It really is that easy and that convenient. LastPass works on all major browsers on PCs, Macs and Chromebooks. It also works on smartphones. On our Samsung Galaxy Note 10, we can even unlock our LastPass vault with the phone’s built-in fingerprint authenticator. So, for example, if we want to log in to a bank account from our phone, we simply start the bank app, and when presented with the login screen, we authenticate with our fingerprint and LastPass handles the rest, securely logging us in to the bank account.

LastPass, like all good password management systems, allows for multifactor authentication—a security measure that requires users to provide two or more verification factors to gain access to their account. We highly recommend this. With multifactor authentication turned on, if LastPass detects an attempt to access a LastPass vault from an unfamiliar IP address (for example, from somewhere other than our home or work networks), a text message is sent to the registered phone to alert the user of the access attempt. If the access is legitimate, the user can authenticate the access from the phone and LastPass will allow access to the vault. With multifactor authentication turned on, we have the peace of mind that unauthorized attempts to log on to our password vault will be flagged and blocked.

In addition to storing your account passwords, you can also use LastPass to store credit card and bank account information, and secure notes and Wi-Fi passwords. If there is a need to share a password with someone, you can grant access to specific LastPass users via the LastPass portal. Paid versions even allow you to designate a trusted LastPass user or users who can access your entire password vault in the event of an emergency.

The paid premium version of LastPass for an individual is only $3/month, a small price to pay, in our opinion, for password security and peace of mind. An even better deal is the family version for $4/month, which you can use for password management for up to six people.

So, for any user who feels beleaguered by all the passwords you have to remember on any given day, a password management application like LastPass is a welcome relief. For the user who chronically uses the same password on every site or uses some lame password like “12345,” LastPass may just save your digital life. We honestly don’t know how we managed before password management.

William T. Ramsey

Partner

William (Bill) T. Ramsey is a partner at Neal & Harwell in Nashville, Tennessee. He tries lawsuits, farms and fools with tech gadgets in his spare time. ramseywt@nealharwell.com

Phillip Hampton

Founder & Chairman

Phillip Hampton is the founder and chairman of LOGICFORCE, a legal technology consulting company. While he cut his teeth in the tech industry as a software developer, he has a passion for tech gadgets that make work easier and fun. phampton@logicforce.com

Entity:
Topic: