/ #password management #lastpass 

Security Measures: Password Management

UPDATE: Since the writing of this post I have switched to Bitwarden for a variety of reasons. Most notably due to their fully open source approach and support for U2F as a second factor.

This is a brief description of my security practices. I will make several posts and write updates as I make changes.

Password Management

For password mangement I use LastPass. LastPass has its issues, however it is, in my opinion, the best balance of convenice and security. It encrypts all passwords and syncs the encrypred file to all computers and is only decrypted locally. It has only had two suspected breaches in its history and the company disclosed them and corrected them quickly.

I use the LastPass password generator for all sites. So each site has a long alphanumeric password that is unique. I only memorize my master password and a few other high value ones (like my Google account). I also protect login to my account with two-factor authentication.

I use their browser extension and Android and iOS apps to get my passwords when I need them.

This is the part of my setup I am the least comfortable with. LastPass has a good history, but my passwords are completely in the hands of a proprietary peice of software that hasn’t been audited. I obviously trust it enough to use it, but I wish there was an equivalent piece of open source software.

Photo Credit: https://www.flickr.com/photos/kevinshine/10597406823

Author

Eldridge Alexander

Manager of Duo Labs at Duo Security. Formerly employed at Cloudflare and at Google. Technologist, magician, designer, musician, videographer, blogger, and avid sweet tea drinker.