How to use a password vault
By
Ravi Sinha |
Updated on 16-Dec-2013
HIGHLIGHTS
With dozens of online accounts, we either have too many passwords to remember, or end up using the same password everywhere which is a security risk. Learn how to use a password vault an make life easier
The number of passwords that any ordinary human being has to keep track of these days is astronomical. From social networks and email addresses to bank details and credit cards, it’s very easy to get lost in the chaos of trying to remember one’s password.
Password managers or vaults were thus created to solve this issue. Simply put, a password vault is like a safe storage. It collects all of your passwords and their associated details together under a single lock and key. This key is the master password. Thus, only one master password has to be remembered to keep safe all of your data. Password managers even contain means to thwart traditional phishing tools by comparing URLs with entries in its own database. If they don’t match, it refuses to fill in the required fields. Most password managers even allow for multiple means of protection, such as a USB key.
Yubikey provides two-factor authentication
LastPass is a popular freeware password vault, which you can install as a plug-in to your default browser. It requires a LastPass account, but once you make one, you’ll be able to import your passwords and other data to be encrypted on the LastPass servers.
You can set a default mail ID and master password, along with a reminder for the latter before importing your passwords. Once you have an account, you can log into LastPass online to retrieve your passwords at any time, or organize your passwords into different categories. You also sync LastPass to your browser to automatically fill blank fields.
The addition of YubiKey provides for additional security. Functioning as a touch-sensitive USB device, you can sync it to LastPass and set a password and phrase. Whenever you log into LastPass, you’ll be required to also initialize YubiKey by hitting the touch-sensitive button and then entering both the YubiKey and LastPass credentials.
To combat more advanced attacks, LastPass also supports secure password generation. You can generate a one-time password and securely copy it without worrying about key-loggers or compromising your master password.
Lastpass-Sesame for the paranoid sorts
However, this highlights some of the more troubling aspects of password vaults. If a single password is compromised, you can take comfort in the fact that the others are still safe. However, if your master password is stolen, then all of your passwords are at risk.
They won’t be able to completely guard against screen-grabbing spyware and key-loggers used in conjunction, though LastPass still makes it tough for them. Finally, if someone else has physical access to your computer, the door is pretty much open anyway to access all of your private information because of browser synchronization.
LastPass is also available for mobile platforms as well. The advent of cloud computing and multiple devices has inspired Google to launch its own Password Synchronization feature within Chrome.
Lastpass encrypts all your passwords online
You first need to launch Chrome, and enable Password Syncing by clicking on clicking on the wrench icon and navigating to the Options Menu. Choose “Personal Stuff” and you’ll see a menu for enabling sync and other options. You can also choose to enable auto-form fill and which information to sync.
Choose “Add New User” and you’ll go to a link for entering you Google Account data. Once sync is enabled, all your Chrome data can be accessed on your phone, laptop, tablet and even at a friend’s place. This includes bookmarks, history, accounts, etc. The best part is that the feature has had no reported errors thus far and given the security of Google, it provides a strong impetus for protecting one’s data. It still falls prey to the caveats of password vaults, but it’s a nice feature for those with a short list of enemies and a long list of devices to maintain on the go.
If you’ve been daunted by the amount of online information you need to maintain, a password vault is a pretty good option as long as you physically secure your computer and take precautions.