For the last year or so I have been using a browser based password manager called LastPass.

Logo:


Originally I began using it because I had too many accounts to remember. I mean, how many websites can a person remember credentials for before they simply run out of room in their brain? My answer is 137. At 137 I was ok, but when I had to add one more account 138 my brain melted and I felt a wave of fear as my online presence became suddenly unmanageable.

So, I began to go to every website and log the passwords with the LastPass utility. The idea is that you remember one very strong password for the Utility and then it stores the password hash for the rest of your accounts based on your LastPass credentials. Fantastic... 138 passwords logged and life was good. Until I realized that there were haunting accounts from my past that started to creep up. Wow, I forgot about that one, and that one, and next thing I knew, I was at 196 accounts.

While I am sure that there must still be lingering accounts out there, 196 became the new base. Over the last year I have added some new sites while others have died off. I am now at a round 225 accounts and I have no fear for remembering my credentials...

Great, so I can now access all of my account stuff everywhere I go... but if I can access that many things, perhaps it would be bad if someone else managed to get a few of those passwords I used. I mean, while I have 5-10 good solid passwords that I use, that doesn't spread well across 225 accounts. Holy crap... Even with that scary thought, I still didn't do anything until the Gawker issue a few months back. When Gawker got hacked and my password was compromised, I was furious, but mostly with myself.

I took the time to go through all of my accounts on all of those 225 sites and used LastPass's password generation utility to securely randomize every single password I have. I am now officially blind to my own passwords. I have no idea what they are. If someone held a gun to my head, I couldn't get into GMAIL.

AWESOME!

And, so now I figure, I am mostly secure. When I need a password outside of a browser I can copy and paste it out of my LastPass Vault. There is an on-screen keyboard if I need to type it on a machine I don't trust, so I don't worry about key-loggers, additionally if I know I really have to use a machine I absolutely don't want to, I can always use One Time Passwords.

So, that is LastPass. I pray I remember the password to it, because if I forget it, I lose all of my shit, but its worth it to not worry about being hacked.

The reason I like LastPass is because it is remotely hosted. They have the password hashes and my master password unlocks them and enables them. They never have my actual passwords. I can go to any computer and gain access to it and I don't have to worry if my computer explodes. Also, I plan to get a smart phone soon. They have the ability to integrate with the smart phone and reduce the amount of complicated passwords needed while not reducing security gained from them.

Pandajuice wrote:

Wow, seems like a great tool actually. Though, I wonder about the use of random passwords for 225 different accounts - I'd be far more paranoid of losing all of those accounts and not being able to get into them ever again than being hacked.

The idea does freak me out a little... but being hacked would suck more because then someone else would have a lot more access into my life. No one having access is better than someone other than me.

Mr. Satire wrote:

I'm amazed at the fact that you have that many accounts! How would you need so many?

Every time a new site comes out that has a registration form, I feel compelled to give them my information and create an account.

I have been using the internet since the mid 90's. I have been making websites since 1996. I have been a professional computer worker (get paid for it) since 1999. Over that amount of time, I have acquired credentials up the frigg'n wazoo.