ISBA Development Site
This website is for ISBA staff use only. All visitors should return to the main ISBA website.
This website is for ISBA staff use only. All visitors should return to the main ISBA website.
Last week, I had to file an online report with the State of Illinois on behalf of a client. Before I could file the report, however, I had to establish an account, and that process began with a user name and password. The password had to meet certain criteria, i.e., the minimum number of characters, an alpha-numeric mixture, plus symbols. Once the task was completed, I had some choices to make. I could have written the password down in order to save it, and selected a place where I could find it in the future. I could have committed the new password to memory, which would have been virtually impossible given the criteria that I mentioned—not to mention my addled brain. Or, I could have assumed that when I needed to file the report next year, I could simply set up another account; however, the system might respond by saying that an account already exists. The failsafe protection is the often available help link “did you forget your password?” But maybe you also forgot the answer to your prompt question. What was the name of your first dog? And bear in mind that setting up the account actually took longer than filing the report. Some or all of this must sound familiar to each of you, and it occurs with a frequency that is really annoying.
If you are like most of us, you have a staggering list of passwords. That list may include online banking accounts, professional organizations, case management software, legal research services, alumni associations, state and federal courts, frequent flier accounts, retail accounts, home thermostats and security systems, cloud accounts, online publications, and, of course, your Starbucks account. Unless the sites that you patronize have minimal or no criteria for password selection, which is unlikely, or you are willing to cast security completely to the wind, you may easily have 50-100 unique passwords. The day when you could save your handful of passwords on yellow sticky notes stuck on your computer screen is long past. In PC Magazine, in a February 9, 2016 article, "The Best Password Managers for 2016," the author says “…[c]reating one strong password that you can remember is hard enough; doing it for every website is just about impossible—unless you use a password manager….”
LastPass 4.0 Premium is just that – a password management app or browser plug-in. It is not only one of my favorite apps, it is my favorite app, because it is easily the one that I could least afford not to have. Hardly a day goes by that I don’t use it several times. With a password manager, you can reduce the number of passwords that you need to remember to just one, which is the password for the app itself.
How does a password manager work? When you log in to a new site, it can save the unique user name and password for that site. If you want to return to that site, you can open the password manager app and it can automatically log you in. In the case of LastPass, once you open the app, you can access your LastPass Vault where your user names and passwords are safely stored. In most cases, once you enter your vault, you can click on the name or icon for the account that you want to log into, and you will be whisked by that click or clicks to the site without any further interrogation. When you add a new account, LastPass will generate a unique password for you, either for single or repeated use, and the password can be designed to meet the criteria, if any, that the new Web site requires or can be tailored to meet your own personal security requirements. It is also helpful for automatically filling out forms with personal data that it stores, e.g., address, phone and the like. All of this reduces your dwell time on site. Just five minutes saved each day is thirty hours in a year.
You can easily avoid the use of obvious and vulnerable passwords, and you can also discontinue the use of duplicate passwords, which is another common security risk. There is a security challenge feature that will scan your vault to analyze the overall strength of your passwords and to identify weak passwords as well as the use of duplicate passwords. My guess is that not all of your user names are identical either, which only compounds the problem of trying to rely upon memory. Passwords weaken with time, and LastPass will prompt you to replace old ones that it automatically detects. As it does with passwords, the password manager keeps track of your user names for you as well.
Nothing could make access to one’s online accounts easier in the event of death. You should encourage your estate planning clients to use a password manager and to provide their personal representatives with a means of access at the appropriate time to the password manager. If you have ever dealt with the problems associated with accessing a decedent’s online information without having user names and passwords available, you will understand why I am mentioning this. There is even an emergency access feature that allows you to designate emergency contacts.
I recommend, at a minimum, that you install a password manager. After you enter your secure credentials for the sites that you use the most often, to begin with, I recommend that you use the security check feature to test the strength of your passwords and eliminate duplicates. The experts recommend that your passwords be at least 12 characters long. Some password managers will even automate the password changing process for you. Now you’re ready to use the most basic features of your password manager and to begin learning some of the more advanced capabilities.
Which password manager is for you? I mentioned the PC Magazine article earlier, which is available on the web and ranks some of the top password managers. It has a very useful chart that compares features between those top vendors, all of which come at a price. LastPass is their top-rated password manager; however, not all such apps have identical features, so you should do some comparison shopping. Even though the cost is usually modest, and not prohibitive, if you prefer a more basic approach, there are many free password managers, and that same article has a link to a comparison between password managers that are available at no cost.