Forget your passwords
Yesterday I read the umpteenth article on the need to eliminate authentication passwords, a topic that has been under discussion for a very long time. Meanwhile, most are still using a single password for all the sites they visit, and that is usually ridiculously simple and easy to break, and as often as not written on a post-it stuck behind their computer monitor.
Our relationship with passwords has evolved over time. We now know, for example, that advice about changing our password periodically or choosing passwords that contain capital letters, lowercase letters, numbers, special characters and guttural sounds emitted by rabbits in heat, and that have brought us so many headaches, was all a waste of time and may even have made us more vulnerable.
Companies like Apple, which have put fingerprint readers on all iPhones after the 5S and recently on some of its laptops, have made it more difficult for thieves, while Google and others allow us to use our smartphone as a password. And increasingly, the popularization of password managers such as LastPass, 1Password and others, which when used properly, notably improve security.
My only passwords not handled by a password manager, in my case LastPass, are those in which I have two-factor authentication systems, such as Google. All the rest of my passwords, I simply do not know. From the moment I adopted LastPass, I considered the routine of gradually replacing all the passwords I had everywhere with others generated by the application, strings of characters with no meaning or meanings that would be virtually impossible to memorize. What I was looking for was just that: stop memorizing passwords, and start identifying myself through a plugin or an app. In my case, in addition to wanting to improve my personal security, there was an additional reason: there are many occasions, in class, in which I have to enter a password to access some of the services I use, and I do it regularly on a screen that is being projected to my students. One of the great advantages of LastPass is that I can do so in full view of the world without revealing anything, and transmitting my information through a secure channel.
I started using LastPass a long time ago. The application had been free for mobile devices, then for all devices, and lately doubled the price of its premium and family option, which I subscribed to from the beginning because it provides good value in exchange for little money. I even use it to access my bank account and my credit cards. I was also a LastPass user when the service was hacked, and I realized that having all our eggs in the same basket was not a problem, because the application’s encryption was steel plated. If the password manager you choose is good enough, you should not have any problems even if it gets hacked.
In today’s internet, using a password manager is a good idea: a way to change our relationship with security, to think about passwords in another way, and to reinforce good practices. I am sure that the percentage of readers on a page like this using a password manager is significantly higher than among the general population, but if you’re not already doing so, now is not a bad time to start.
(En español, aquí)
