The Password Conundrum – Part 3

This is the last part in a series on password management. Read on to learn about the strategy I employed to improve my personal password security.

Security is best employed in layers. That is to say, that using one method of security such as a single password on it’s own is not as secure as using multiple methods together. If one method fails such as your password gets guessed or cracked then requiring a second factor to log in, like a Yubikey or a finger print can help prevent unauthorized people from breaking into your accounts even if they’ve figured out what your password is.

Yubikey – A second factor of authentication

Yes, this is my actual YubiKey. Still working after a year of continual abuse.

I’ve used a YubiKey  for over a year now and it’s survived remarkably well. The Yubikey  is a small USB device that attaches to my key chain and acts as a second factor of authentication. Whenever I need to log in to a service (like LastPass) that supports two factor authentication, I plug my Yubikey into the USB port of the computer I’m using and when I touch the green dot in the midle of the YubiKey, a code is automatically entered into the computer that allows me to then enter my user name and password, to log into the service or web page. Without the YubiKey, no one can log into my accounts. It’s not foolproof, but it is an added layer of security which makes it a lot harder for my accounts to be broken into.

LastPass – A password manager for everyone

The LastPass service and it’s software works very well for my purposes. LastPass is not the only game in town when it comes to password managers but I found it to be the one that fits my needs and has the features I require. In particular, the ability to work with my YubiKey as a second factor of authentication was one of the deciding factors in my choice. The service also has plug-ins for most major browsers which makes logging in to sites that I have saved credentials (user names and passwords) for simple and fast.

It seems that websites and services are getting hacked on a monthly if not weekly basis and the need to change my password on those sites is a regular occurrence. LastPass makes it easy to generate a new random password that is ridiculously long and then save it in an encrypted database that requires both my super secret credentials and my personal YubiKey to access it.

Passphrases – Extra long passwords for the win

Its really important to pick passwords that are not only complex, but long. I like to use strings of esoteric words together or words that I don’t know how to spell very well, together with unusual spacing (yes spaces can be considered special characters). The passphrase becomes memorable because I have to think extra hard about what I am entering when I have to type in a password.  An example of this might be “ReprehensibleHirsuteHair Suit9” or “LachrymoseMoos3 Pouts”. You can probably think of something better but I’ve found that this works pretty well for me.

A great benefit of having a password manager like LastPass, is that you can generate really long, random passwords that you don’t have to remember. The password manager takes care of generating passwords and also allows you to create new, random passwords easily if you have to set a new one on the spot.



I’ve found that the strategy I outlined above works really well for my purposes and needs but of course, your mileage may vary. I hope that what you get from this series of articles is a better understanding of what options and tools are available to you to help you enhance and maintain your own personal security.


Further reading:

3 thoughts on “The Password Conundrum – Part 3

  1. Thanks for the whole series Abner, great summary and overview. I have never heard of Yubikey and it sounds great, but my password manager Sticky Password ( is probably not compatible with it and I don’t want to switch to other one, but will try it for sure.
    Do you use Lastpass also for your online banking?

    • There are a choice few accounts that do not end up in LastPass. I like to use LastPass primarily for managing various web site account credentials like forums and sites where I shop online.

  2. Abner,
    Thanks for all the research and info. I will let you know how it goes with the whole package, after the yubikey arrives. So far Last Pass seems pretty straightforward.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s