February 19, 2019 Contact Us At (559) 733-1940       Login   
NewsletterCurrent SolutionsManaging Passwords for Websites    

Torian Group, Inc. - Live Support


Newsletter Sign-Up
Newsletter Sign-Up
Managing Passwords for Websites Minimize
Managing Passwords for Websites
A Torian Group Solution- Technology with Integrity

Executive summary: Use Lastpass to manage your logon names and passwords for websites. It is secure, accessible from any internet connected computer, and free.  Use unique complex passwords for every site you log in to, to protect your security. Revisit websites for which you have common (not unique) or simple passwords, and change them.  Delete any emails containing your changed password if you get an email confirmation.  Share the passwords securely with team members who need access to your business websites, allowing them to log in without having to know the password.
Best Practice: Install and use lastpass.com to manage your website login accounts, and those of your team members.  See detailed instructions below, or give us a call, and we can help you get set up.

If you use a computer, you probably have a lot of websites you log in to, each of which requires a password.  You log in to your bank website, your web based email, your social networking sites, your custom home page at Google, Yahoo, or AOL, etc.  If you are a professional you probably have research or online services you log on to.  It is not unusual to have 50 or 100 websites, each requiring a username and password. 
Common strategies for managing this are to use one or two memorized logons that you use everywhere; or keep a written list on your desk or on your computer, or use password management software – the preferred choice.
If you use the same or a few logons, your password is as secure as the weakest site you log in to.  In order to compromise all your websites, a hacker only has to break one.  Many forums and social sites not too concerned with security will send the password in clear text (meaning it can be intercepted), or will have very basic security set up on their website. In many cases it is possible to hack the password database on poorly secured websites. The hacker then can try your password and username on a list of more interesting sites such as email, and social media sites. They then use this information to access Paypal, bank and credit card logins. They don’t have to know who you are, they can just try the login. Of course if you write it on a list by your monitor, the cleaning crew can give it a try or sell it to a friend with very little effort.  A list on your computer is a little tougher, but not safe.  Word and Excel passwords can be broken relatively quickly.  Saved passwords in Internet Explorer or Firefox can also be hacked.
Password managers allow you to securely save unique passwords for each website in an encrypted database. It saves time, and is more secure. You log in once to the password manager on your computer, using your master password.  The master password is not ever sent to any website, and is not stored on your computer. It then automatically logs you in to websites where you have saved your password, saving time. You can use a unique and complex password without having to memorize it.  Obviously, you need to protect your master password carefully, and make sure your master login is turned off if you leave your desk.  Web based password managers allow you to log on to your websites from any computer – the passwords are encrypted locally in a password database, and then saved on an internet server which you access from anywhere. It is secure, since the encryption/decryption takes place locally.
Most employees now need access to multiple business websites to do their work. You have to give them the password, which they can take with them if they stop working for you.  With the right password manager, you provide them with one login, and they use it to log in to the work websites you have already set up for them.  You can restrict them to only certain websites, and make each site have a long and complex password. Unless they are a hacker, the login is relatively secure. If they leave, you change one password for the password manager, rather than dozens for websites they have logged in to.
For those needing greater security, some password management programs offer “two factor authentication”.  This takes the form of a physical key (usually a special USB device that looks like a thumb drive) which has to be inserted into the computer along with requiring the master password.
We have tested a number of password managers, and recommend www.lastpass.com.   It give you most of the features that a personal or business user would need for free, and allows you to expand to full featured security, including a physical key if needed.  It allows you to group website logins and share them from a separate master account, without sharing the underlying password/login.  In other words, you can set up a group of websites and give your employee access to that group, using their own Lastpass login account, with their own Lastpass master password.  It is web based, which makes it feasible to login to needed websites when working remotely or on a different computer.  It is easy to use, and the price is right - free.

How to:
To setup your account with lastpass.com, go to their website, http://lastpass.com
and click on (Free) Download Lastpass.
Run the installation program, which steps you through setting up an account. 
Create a new account:
You will be asked for your email address. Use your primary business email to manage your business websites.  Pick a secure password which you can remember. It is CRITICAL that you remember this one password. If necessary, write it down and put in in a safe or safety deposit box. If you have been storing passwords in your browser, let Lastpass find and move them to lastpass security for you.
Follow a similar process, using your team member’s email to set up a separate Lastpass account for each person for which you need to grant access to websites.
Log in to http://lastpass.com, which they call your “vault”.  Select the option to share login information for a site, and pick the emails of team members whom you want to be able to login. You can elect to share just the ability to login, or the website login and the ability to view and manage the password.
Watch these videos for basic instructions: https://lastpass.com/support_screencasts.php
Once you are comfortable with using Lastpass, go back and revisit all the websites you can remember logging in to, and change to a unique, more secure password.   Search your inbox for welcome messages to help find sites you have signed in to (and then delete them). Also check your internet favorites and history.  When you change your password, you may receive a confirmation email, which you should also delete once the password is changed. 
Lastpass also serves as a foundation for your web marketing efforts, which inevitably involve creating a large number of user accounts on web sites – Google Local, Google Analytics, Yahoo, etc.
Once you are set up, make a printed copy of your passwords using the export function in the Lastpass software, and lock it away.  (Do NOT save it to your computer). This protects you in the unlikely event that Lastpass goes out of business or starts charging for their free service.  This is your backup.
If this all sounds too complicated, consider the alternative – cleaning up the mess after your identity is stolen.
We can help you get set up, and do basic training for you or your staff in using Lastpass, typically in 3-4 hours total.  Give us a call or email to talk about the next step.
Tim Torian has taught computer networking at the College of Sequoias and Cal Poly Extension. He has a BS in Computer Science, and has been consulting on computer networking for the past 30 Years. He is a Microsoft Certified Systems Engineer, and a Cisco CCNA and CCNI.  He was recognized as Entrepreneur of the year for 2008 by the Tulare County EDC. He is president of Torian Group, Inc. which provides a full range of Technology Consulting services to local business, including computer services, networking, web and custom software development.  www.toriangroup.com


Torian Group, Inc. Phone: (559) 733-1940  Fax: (559) 532-0207  Contact us