Over the last few years, I’ve had to create logins at well over 100 different websites. Some of these I use heavily, like Google, Facebook, or Twitter, and others I use only rarely, like AAA or Consumer Reports. Yet for each one, I have had to set up an account name and a password.
This leads to a common conundrum: how to keep track of all of those passwords? One option is to use the same password everywhere, but different services have different restrictions on length, character combinations, etc., and if your password was ever compromised, every single service you use would be vulnerable. Most people I know tend to have a couple of “go-to” passwords that they use for multiple sites, with perhaps separate passwords for the most heavily used and sensitive sites, like email or facebook. Many people use a computer file or email message to store which password went with which site, and more sophisticated users use a more sophisticated password locker like SplashID or 1Password.
For a long time, I have been wishing that I could do away with all of these separate accounts and just have a single ID that was shared across sites. You can already do this to some extent using oAuth – many sites will allow you to log in with your Facebook or Google or Amazon account. However, the capability varies from site to site, and it has its own issues. You are more or less locking yourself in to one of these providers, and you may not necessarily want services like Facebook integrating with these other accounts.
To my delight, my friend Meyer Potashman recently introduced me to a service called LastPass that allows me to consolidate all of my accounts but without surrendering the control to a third party. At it’s core, it’s another password safe for maintaining all of your accounts, but it is so well implemented that you can more or less stop having to be aware of the details of your logins for each separate site. All I need to do is remember my LastPass password, and it does the rest.
LastPass functions as a combined browser plugin and mobile phone application. Whenever I navigate to a site that I want to log into, like pinterest.com:
I simply click the LastPass button and punch in my one password.
It checks for a match to “pinterest.com” in my LastPass database and then automatically fills it in:
The beauty here is that I actually have no idea what my password for pinterest is. Instead of being a variant of the same password I use on other sites, I can set it to a random string of characters because I never have to actually see it. LastPass even conveniently provides a random password generator:
For mobile devices, LastPass is almost as seamless. On my iPhone, they don’t allow browser plugins, but the LastPass app makes it very easy to access my passwords. Any time I need to grab a password, I switch to the app, type in a few letters of the site (e.g. “pin” will quickly filter the list down to “pinterest.com”), and then tapping on it immediately gives me a variety of options including copying it to the clipboard:
I then switch back to the original app I was using and paste it into the password field. Done!
LastPass is a cloud-based service, so there is no need to worry about syncing data between your computer and your phone. While the data itself is stored in the cloud, it is never unencrypted on their servers. The plugin and mobile applications handle the encryption/decryption locally on your device. And since you now only need to remember the LastPass password, it is easy to choose a much longer one than you might use normally (e.g. 20-30 characters) for added safety.
The only downside I see with LastPass is that while the browser version is free, you have to pay $12 a year to use the mobile versions. I’m a notorious cheapskate and hate any and all recurring expenses no matter how small, but this one is useful enough that I am willing to pay it.