Cloudflare scare and password managers

Some of you may have received e-mails over the weekend from various services or websites where you have an account ( a user name and password).  Cloudflare a major provider of website security services was breached.  As a consequence millions of user names and passwords were exposed.   Those e-mails that you got were not a scam.  You should be changing your passwords on those sites.

That brings me to my second point.   It’s 2017, you need to be using a password manager.  Last year I sent out a paper based password manager to my low-tech customers.  I think that sheet coupled with creating 12 character or longer passwords on  is a bare minimum must do.  

Trusting Safari, or Firefox, or Chrome to manage your passwords is a bad idea.  When you need to clear out your browser  because it is slow, something that we all do, what if you clear out your passwords by mistake.  Poof  — they are gone!   Saving your passwords to a Word document on your desktop or an Excel spreadsheet?   Leave the front door open too.  

Most of you should be using a real password manager application. Last summer I mentioned that I could set customers up with either Last Pass ($12 per year) or 1Password.  1Password was always a more Mac focused company and when I sent out that e-mail back then, I was thinking more along the lines that Last Pass was for Mac users and Last Pass was for Windows users.   Last Pass, however, was considerably less expensive because 1Password only sold a family membership at $5 month (billed annually).   At this time 1Password is totally up to date for Windows.  1Password also has an individual subscription priced at $3 per month (billed annually).   Both the Last Pass and 1Password subscriptions cover all your devices.     

By reading this, it’s easy to think that 1Password is 3x more and that Last Pass is better.  That’s not necessarily true.   I think 1Password is a little better for “low-tech” users or those who need a slightly more user friendly interface. I don’t favor LP or 1P over the other.   I use both. You only need one.  I can set my clients up with either.

If you are wondering how long it will take you to master a password manager, I think I can have you up and running in a 1.5 to 2 hour session. In order to succeed with a password manager, you need to make it a routine.  Once you do that, you’re golden.