So I have been meaning to do this for years, but I finally got around to it on New Years day… I went over a bunch of articles and reviews, and then set up a Laspass account. If you haven’t tried it, and want a free month of premium (gifting one to me in the process) here is my Lastpass referral link. I already bought a year of premium as I wanted the phone syncing and shared folders. The referral link failed on the first try when setting up an account for my wife with it, but their support corrected the error after I opened a ticket.
I have to say this was one of the most boring ways to spend a day, and we didn’t do it all day. After recent political events it motivated me to up my security game, and when assessing the best approach then Lastpass looked like one of the best options. It has great integration on the browsers and operating systems I use, reviews suggest their security practices are solid, and they have a number of great features I liked including support for Android syncing to desktop, and shared folders with logins for family accounts. I also liked their emergency contact feature, with build in timer should the black helicopters come for me.
I was always pretty good, I used the same password for a number of less important logins, but tended to use a mixture of uppercase, lowercase, numbers, and symbols when allowed to. I also use two-factor authentication in most places that offer it, love the Google Authenticator app, encrypt my phone, and switched to a password rather than pin on it. That said, I knew there were duplicates, and due to all the different rules there were several accounts where I would forget their weird password rules by the next time I came to use it. It is an enormous shame that I can use two-factor authentication for Google, GitHub, Dropbox, etc but none of my bank accounts, investment accounts, etc support it - in fact they are usually the ones that only allow some (or no) symbols and restrict password length!
It took a lot of time, and I have stuff I use a lot moved over but still need to go through some of my less used things. It is shocking to see just how many accounts we have built up, and all the weird and whacky requirements different ones place on user names, passwords, etc. I love the analysis to spot weak passwords, and duplicates using a score to poke my internal perfectionist to win at this security thing. I wouldn’t recommend this as a fun activity, but if you have been putting off improving your security game you might want to consider it as sites get hacked all the time, reusing credentials is a simple attack, and we have seen governments are not above hacking their or other country’s citizens.