Managing passwords with LastPass

It’s abundantly clear from the numerous recent data breaches that the most secure password for a website is one that isn’t used anywhere else. And while there are mnemonics for making memorable, unique passwords, the best way I’ve found is to use a password manager like LastPass.

Before LastPass I used the common, but very insecure, method of having different “levels” of passwords. One password was throw-away and used on sites that I didn’t care about. My medium-security password was used more rarely and only on sites that were important but did not hold financial or medical data. My high-security password was only used on financial and medical sites. Periodically the high-security password sites would be changed and the password demoted to medium password sites, etc. That’s a pretty dumb way of doing it, because all it takes is for one financial company to get hacked for that password to be at risk1 and open the door to all your financial and medical accounts.

The most secure way is for every site to have its own password. That way if a site is hacked, the only place that password can be used is the already-hacked website, not your bank account2. Memorizing a unique, secure password for every website you visit is impossible for mere mortals however.

Enter a password management tool like LastPass.

LastPass is a browser plugin for all major browsers on all major platforms. You have one master password to log into LastPass and it then keeps track of all of your usernames and passwords in a vault, automatically filling in those form values when you visit the website again. LastPass uses your master password to encrypt/decrypt your vault and only sends the encrypted vault to its servers, so your data is never accessible outside of your computer.

You can have LastPass installed on multiple computers and devices, including your mobile device, and have access to all your usernames and passwords whenever you are using a hardware device that you trust.3 The only password you have to remember is the master password to your LastPass vault. Accordingly, that password should be both strong and memorable.

You can share individual username/password entries to other LastPass users for them to use. This is perfect for giving multiple people in a household access to a single resource — like utility company website credentials — without duplicating that information when the web site requires you to change the password every 6 months.

Also, just because you use LastPass doesn’t mean that all of your passwords have to be an unintelligible mishmash of characters and symbols you can’t remember. While I let LastPass create such completely-unmemorable passwords for most sites, I still create strong but memorable passwords for a few accounts that I want quick, direct access to. LastPass will happily remember those passwords just as easily has ones it creates, so don’t let that dissuade you from using it.

I’ve found LastPass useful for other things as well. For instance, within LastPass you can use secure notes. These are great for putting information like your frequent flyer numbers, known-traveler numbers, passport information, private key passphrases, and other data that you want to have secure and generally available.

If you aren’t using unique passwords everywhere, I strongly encourage you to do so. A password manager like LastPass is a great tool for easily moving to that paradigm and I highly recommend it after using it for 2 years.


1 For some definition of “at risk”. See also hash strength, salting, and rainbow tables.

2 In the biz we call that isolating the failure domain.

3 It’s important that you trust the device you are accessing LastPass from. Untrusted devices can be using keyloggers and other technology to swipe your passwords. Never type in a password on a device you do not trust.

Casey’s 2017 Mix CD

In 2011 I started creating mix CDs1, one a year, of songs that resonated with me to share with friends. In January I create an empty playlist and add to it over the course of a year. Then in November I tweak, tune, and adjust it before sharing it with friends.

This year saw new music by Caro Emerald & P!nk (two of my favorite artists), new-to-me music by Meghan Trainor (who quickly became a favorite, although I think it makes me a bad gay to have just now found her), and a slew of oldies that just hit the spot.

Speaking of spot, this year you can listen to the playlist on Spotify. Long live mix tapes mix CDs digital playlists!

  1. Exotic Flu – Caro Emerald
  2. Brave – Sara Bareilles (this is a repeat from last year for good reason)
  3. Big Yellow Taxi – Amy Grant
  4. If I had $1,000,000 – Barenaked Ladies
  5. Curious Thing – Amy Grant
  6. I Just Called To Say I Love You – Stevie Wonder
  7. Perfect Picture – Carlos Bertonatti
  8. Rather Be – Glee Cast (for Daniel)
  9. Whatchugot – Caro Emerald
  10. 455 Rocket – Kathy Mattea (for Mr. Moore)
  11. Me Too – Meghan Trainor
  12. What About Us – P!nk (for all of us being shafted since the election)
  13. I Won’t Let You Down – Meghan Trainor
  14. I Am Here – P!nk
  15. Champagne Problems – Meghan Trainor
  16. Once Upon A December – David Newman
  17. The Dark – Caro Emerald

1 Anyone remember mix tapes? No? Just me? Damn I feel old.

Doing Good; Fighting Bad

Last year Daniel and I gave a lot of thought into how we can do some good in the world with our charitable donations. We found some great local and national organizations that we really believed were making an impact in the world by supporting women, people of color, immigrants, LGBTQ+, youth, and other minorities. This year we are excited to support those same organizations again.

Sometimes, however, it’s not enough to just Do Good, you have to also Fight Bad.

Accordingly, next year in addition to supporting local and national organizations at the same financial level we have been, we are giving an equal amount of money to local and national political campaigns.

This isn’t something we’re venturing into lightly. Both of us strongly believe that local communities should be the ones electing their representatives without outside influence. And in a perfect world people would have equal representation within that community to elect those officials. But we don’t live in a perfect world. We live in a world where Republicans have used gerrymandering to stack the deck in their favor, denying minorities equal representation in states across the nation. Not to mention re-enacting Jim Crow laws in 9 states and disenfranchising minority voters with voter ID laws.

We’ll be keeping a close eye on how the midterm races unfold over the next year and where we can put our money to good use. And I’m not above funding Republican campaigns to get the lesser of two Republican evils if it comes down to that. I’m not about to let perfect be the enemy of good enough.

It’s time for liberals to stop pretending we live in an ideal world and playing by idealist rules. It’s time to take the gloves off and buy our own congresspeople, even if that means setting aside some of our principles, because the Republicans have abandoned their principles years ago.