Photo (cc) by devdsp
Even the most hopeful among us will now have to admit that we basically have no online security. None. Nada. Zilch.
If you’ve shopped at Home Depot, Target or any one of thousands of other businesses, which covers pretty much every American older than 18, your credit card and other personal information have theoretically been exposed.
Even if you’re allergic to plastic and always use cash, the Russians likely have your passwords.
And if you like to take nude selfies and store them on your phone, well, there’s apparently a hack for that as well.
What most of us do when confronted practically daily with this brutal new reality is, well, nothing. What can we do? Stop using the Internet? Stop using online banking? Stop taking racy pics?
Well, I guess we could stop taking racy pics. But the other stuff? Not so much.
Here’s a video we did a few months ago called “Identity Theft: The Latest Ways to Protect Yourself.” Check it out, then read on.
There’s a lot of talk these days about enhancing Internet security by eliminating passwords. And maybe one fine day that will happen. But in the meantime, we’re left cowering in a cyber-corner, hoping it will be someone else whose digital life is devoured rather than our own.
There’s a better way
Passwords suck for two reasons. The first I just highlighted: They may not work to prevent data theft anyway. But even without that concern, they’re still ridiculous, because we’re supposed to create dozens of passwords that we can remember but crooks can’t figure out. Then, when the latest hack hits the news, which happens about twice a week, we’re supposed to change them all. Yeah, right.
What we need is to remember only one password. A password that will unlock an impenetrable vault containing the rest of our passwords. And the passwords in that vault should be completely indecipherable, a random string of a dozen letters, numbers and characters, impossible to memorize or for a hacker to figure out. Wouldn’t that be nice?
Well, that solution has been available for a long time. It’s also free.
I use a service called LastPass, one of several free password programs that do exactly what I just described. Here’s how it works:
- I only have to remember one password, the one that unlocks my vault.
- When I go to a new website requiring registration, LastPass asks if I want to save it. If so, it creates a secure password and stores it for me.
- When I revisit a site where I’ve registered, LastPass asks if I’d like to log on. If so, it can automatically fill in the user name and password.
- LastPass also allows for two-step authentication, also known as multifactor. That means logging in requires an additional step. For example, you put in a password, which triggers a text message to your phone with a special code. You need that code to log in as well. So no phone, no entry.
Use multifactor authentication and your hacked password is useless. The Russians will have wasted their time. More importantly, you’ll gain time when you no longer have to create, remember and change the myriad passwords in your life.
Is it safe?
After using LastPass, I suggested it to a few friends. Oddly enough, two of the three said no, thanks. One said it was too much hassle to figure out, and she felt more comfortable sticking with her existing system, whatever that is. The other questioned the security of LastPass.
The first excuse, while predictable, is nonsense. If LastPass was hard to figure out, I wouldn’t be suggesting it to my friends. But the second objection raises a legitimate concern: What if LastPass gets hacked?
I asked LastPass CEO Joe Siegrist that question. His response:
LastPass’ security relies on the strength of your master password. Hacking LastPass would not reveal your data as your master password is never sent to LastPass — even LastPass employees can’t get access to your data. Your data is encrypted with your master password, so make it long and strong and never reuse it for anything else. Use multifactor on your LastPass account to be fully protected.
There you have it. You’ve been remembering a ton of passwords over the years for no reason, and you’ve been wasting time manually inputting them. More important, you’ve likely been using weak passwords for the sake of simplicity. And most important, you probably haven’t been changing them as often as you should. This solution will fix all that.
Not a solution for everything
If hackers can sneak into credit card processing terminals at chains like Target and Home Depot and steal your credit card number, password programs obviously won’t stop them. At least in that scenario, however, you’re not out any money because your loss is limited by law.
But if you’re worried about someone infiltrating your home computer, stealing your passwords and ruining your life — and who isn’t — these programs can offer additional security, especially if you use multistep authentication.
And the one thing they’ll most definitely do is make your life a lot easier, while making some Russian hacker’s life a lot harder.