How to master your passwords on all your devices
Simple solutions to help you sort through the chaos of saved browser passwords
Although tech companies have long been predicting the death of the password, it seems as if we're stuck with that as our main way of securing sites and software for a while yet.
Passwords are often viewed as a necessary inconvenience but managing lots of them can be something of a nightmare, especially when changes are regularly forced upon us thanks to a seemingly never-ending run of data breaches and security scares. In addition, most people have logins held on multiple devices PCs, phones, tablets etc making keeping on top of everything even more difficult.
In this project, we'll look at what you need to do to sort out the chaos, to get your passwords out of your browser and into a service that keeps them safe across all your devices. Follow the advice here and you'll never have to worry about your passwords again.
Basic password security
Passwords, in the main, are fairly secure, but it's important to choose ones that are reasonably long, hard to guess, and make use of numbers, symbols and varied letter cases. It's also important you don't reuse the same password on different sites. If one site gets breached, the hackers will try and use the passwords they've found on other sites, which can lead to your identity getting stolen.
Instead of passwords, you might want to consider using a passphrase instead, running multiple words and numbers together. A good example might be "3rdmarriage2ndtimeofasking", which you could shorten to "3m2toa". The best length password is a minimum of nine characters long.
Password managers
Ideally, you should have a unique username and password for every site you've signed up to on the web. The problem with this, of course, is remembering them all. You could ask your browser to remember your login information, which is what many people do, but that's not especially safe either, even if you lock them down with a master password. It also leaves them inaccessible to other browsers on other devices.
The best solution is to use a dedicated password manager, which stores your details securely and can log you in to all the sites you visit, thereby saving you time and effort. In addition to this, it can fill in forms automatically using details you've saved, store credit card information and generate (and remember) tougher passwords. Most decent password managers are available cross-platform, so you can use them to store all of your log-ins, and access them on any device, be it a Windows PC, Mac, smartphone or tablet.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
RememBear can safely store and remember your credit card details
There are lots of different tools to choose from. The newest is RememBear from the company behind the popular TunnelBear VPN (now owned by security firm McAfee). It's very easy to use, includes end-to-end encryption, and is available for all the major platforms. There are also browser extensions for Chrome, Firefox and Safari. It's free to use, although upgrading to the Premium version for $36 a year (around 27) lets you sync unlimited items on unlimited devices, and backs up your passwords, too.
If you want to add a mobile device to RememBear, install and run the app, then scan the QR code
If you prefer to stick with tried and tested solutions, then really it's a toss-up between the ubiquitous LastPass or the open source KeePass. LastPass stores your passwords securely online, and logs you in to any site from anywhere on any device. It can fill forms automatically, store important personal information such as credit card details, and score and improve your password security. Saved logins are available across all of your devices in both the paid-for and free editions.
KeePass can generate and remember super-secure passwords for you
The Premium service costs $24 a year (around 18) and offers emergency access (which lets nominated contacts access your logins in the event of something bad happening to you), advanced multi-factor options, LastPass for applications and 1GB of encrypted file storage. There's also a Families version which lets you store, organise, and share passwords for everyone in your household. This costs $48 a year (around 36).
Click a tile in the LastPass vault to open and log into that site
Despite its popularity, LastPass does have problems importing passwords from Chrome, and can't import them from Firefox at all, so beware. However, this isn't a deal breaker because you can simply populate your vault with new sites as you go by adding new ones each time you need to log in.
KeePass lets you secure your online passwords and personal data using a master password, a key file or both. It's portable, so you can carry it on a USB flash drive, and it can generate super secure passwords. Because it's open source you can be confident the program doesn't contain any hidden backdoors for hackers or governments to exploit. It's officially available for Windows and runs on a system called Mono, which makes it compatible with Linux, Mac OS X and BSD. There are also numerous unofficial ports for Android, iOS, Windows Phone and more.
Export your browser passwords
Most password managers import your existing logins directly from your browser(s), but it can be useful to export a copy for safe keeping. Google reintroduced the option to export passwords in Chrome 66. To make use of this feature, open your browser, type chrome://settings/passwords into the address bar and press Enter. You can view any password by clicking the eye icon next to it, though you will need to enter your Windows username and password for security purposes.
View and export passwords stored in Firefox using PasswordFox
To export a copy, click the three dots next to 'Saved passwords' and select 'Export passwords...' In the window that appears, click the 'Export Passwords' button. Enter your Windows credentials again when prompted and then select a location to save the file to. Your passwords will be exported in a CSV file. Note that this file isn't encrypted anyone will be able to read its contents simply by opening it in any spreadsheet program.
Firefox users can install Nirsoft's excellent PasswordFox (search for it at www.nirsoft.net).
Getting started with RememBear
Step 1: Download RememBear for Windows (or Mac) and install it. Click the 'Create an Account' button, then type in your email address and a Master Password. (2) A minimum of eight characters is required. The strength of your password choice is indicated with a coloured line. (3) Accept the terms (4) and then click Continue. (5)
Step 2: Enter your Master Password again on the next screen and click Confirm. You'll now be given the option to prepare a backup kit. This provides a key you can use to regain access to RememBear if you forget the master password. You can write it down (1) or open and print a PDF of it. (2)
Step 3: You'll now be able to import your logins from your browser or another password manager. You can skip this step if you want to start from scratch. If you choose to import from a browser you'll be able choose which one, then select some or all logins. You can then add RememBear to your choice of browser. (1)
Getting started with LastPass
Step 1: Go to www.lastpass.com in your main browser and install the add-on. Click the new LastPass button at the top right (1) and click on 'Create an account'. Enter your email address and then enter a master password. (2) This needs to be very strong as it will be used protect your other passwords.
Step 2: As you type you'll be able to check that your master password meets the minimum requirements. (1) It needs to be at least 12 characters long. Enter the password a second time. (2) You can click the eye symbol (3) to reveal the text. Add a password reminder if required, (4) and then click 'Unlock my vault'. (5)
Step 3: Your vault will now open. It will be empty at the moment. Click on Account Settings (1) in the left-hand sidebar. From here you can change your master password, (2) and set up a recovery phone. (3) This will help you get back into LastPass should you ever forget your login details.
Image: Shutterstock