Password Security - Berkshire Family History Society

Introduction

Our website requires a strong password because we hold personal information about you and we are required by the General Data Protection Regulation (GDPR) to keep that secure but, unless you’re blessed with a photographic memory, remembering a strong password is impossible. A Password Manager will help

Password Managers

Password managers store your usernames and passwords (credentials) securely and will auto-complete the login fields for you. Most modern browsers include a fairly sophisticated password manager but free third-party cloud-based password managers are slicker and more portable

Credentials are stored outside your browser in a secure cloud-based location. This is accessible from whichever browser or computer application you are using and means your credentials are completely portable across all browsers and devices. This is useful if you use multiple browsers, multiple devices or public computers.

Storing your passwords in the cloud might make you concerned. With all the recent data breaches and privacy scandals, is this wise? My view is that the companies who have suffered data breaches are those who gather your personal data as a means to an end – which is to sell you something. The security of your credentials is secondary to that. Companies that provide cloud password security have a number one priority – to keep your data secure. It’s the central pillar of their business, without it they have nothing and that means they take security very seriously.

LastPass

LastPass is one of many web-based password managers. I’m describing it because it’s the one I use it but other online apps will work in a very similar way. – use whichever you’re comfortable with.

To install LastPass, visit https://www.lastpass.com/ and download the free version

You will need to create an account and set a master password that will protect your account and allow you to access your stored passwords. The master password needs to be strong but it must also be memorable’ LastPass’ requirements are:

The good news is there is an easy way to do that. Use a simple phrase that is part of your life such as

“My1stdog’snamewasFido”

After you’ve created your account you’ll see this prompt:

Press the Install LastPass button and follow the prompts to install the browser extension and you will be ready to start using LastPass

Using LastPass on a site for the first time

The first time you visit a site after you have installed LastPass there are two ways to proceed.

If it is a site you are already a member of, login in the normal way. After you have successfully logged in, LastPass will prompt you to add the site to your password vault

Select Add

If the site is new to you, create an account on the site in the usual way but when you get to the password field you need to let LastPass generate it for you, like this:

If the green bar doesn’t appear, you can access the password generator like this:

When you log in to the new site with the new LastPass-generated password you will be prompted to add it your LastPass vault (see the previous paragraph.)

Day-to-day operation of LastPass

Once you have trained LastPass about your favourite sites’ passwords, logging in becomes very simple. Your browser will show a LastPass icon, red, black or orange depending on whether you are logged into LastPass

If the icon is black you are logged out. Click the icon to log in to LastPass, and enter your LastPass credentials

It’s tempting to check both of the boxes in the screenshot. I recommend you check the email address but not the password.

Choosing the option to “Remember [Master] Password” is a security risk because anyone with access to your computer could access any of your accounts. Even if you are the only person that uses your computer, you need to remember that master password in case you are ever prompted for it. If you don’t use it regularly, you may not be able to remember it when you need it. If you have to write it down, only write sufficient for you to remember the rest.

If the LastPass icon is red, you are logged in to LastPass. When you go to a site that is registered in LastPass you can use LastPass to auto-logon

If the icon is orange, LastPass has not been able to connect to the internet. Check your connection and try again

Logging In

To log in to a site, click the LastPass icon. (1) LastPass will match the site URL to it’s stored passwords and offer you the matching entry. Hover over and the select the “Fill” icon. (3)

On some sites you will see a LastPass icon in teh usermame box. (3) This is an alterntive way of accessing LastPass’s stored paswords

Using LastPass on public computers

LastPass allows you to login in to your websites wherever you are. Simply go to LastPass.com and login:

Then you can search your vault for the site you wan to visit, and lauch it from LastPass

Happy and safe browsing!

Paul Barrett

Webmaster