Well, it seems like lots of people were interested in last week’s article about Password Managers – so I thought this time I’d answer a few of the common questions people have been asking me – largely about how you’d actually go about getting and using one.
Oh, and I’ve also got a tip you might not have heard before, about spotting spam. But password managers first.
Once you’re at the website, you can sign up for it there and also download the little bit of software to your computer (or tablet or phone) that makes it work.
Question: Do you have to pay?
Well, like so often with questions about technology, the answer is “it depends”.
For a fully blown version, yes you do. I pay $12 a year, which is just over £9 at the moment.
But if you only want to use it on one device, you can get a free version that doesn’t have all the bells and whistles (and if you ever do decide you want the bells and whistles, you can easily upgrade it). So you might not need to pay anything if you only want to use it on one PC.
Question: So what do you mean about using it on different devices?
Well, I use two PCs – my home one and my work one – but I sometimes work from home. So I have it set up on both PCs.
But I also have it set up on my phone so I can access all my accounts from that (of course, I still need to remember the one password that I set up to LastPass, but that’s easier than remembering all of them).
That way, if for example I’d away on holiday and I get a text saying “Tim, did you remember to actually send last week’s newsletter?” from Laura in the office, I can log in on my phone, see that I’d written it but forgotten to press send and do it from my phone.
But it’s set up with one account – so I don’t have to tell each device all the passwords separately, and if I change a password on one, it changes on all of them.
You might not be bothered about having it set up on your phone – it depends what you use your phone for. But you might possibly want it on a tablet as well as your PC. That way, if you do online shopping, you can use either.
Up to you.
Question: How do you actually use it once it’s set up?
The first time you set it up, you have to tell it all the passwords you want it to remember. That could mean typing them in or if your web browser (eg Edge, Chrome or Firefox) has remembered them, it can get them from there. (That tells you a bit about how storing passwords in the web browser isn’t brilliantly secure…).
Once it knows them, when you visit a website that you need to log in to and it knows your password, a little message will appear. In LastPass it’s next to the box you type the password in. Click on that box and it’ll list any logins you have for that account – usually there’ll only be one here but there might be two if for example you and your other half both have a log in.
Click on the one you want and it’ll log you in – done.
Except – if it just did it exactly like that, you wouldn’t be secure – anyone who had your PC, tablet or whatever could access all your accounts.
So the first time that “session” that you use it, you’ll have to type in the password you set up for LastPass (or whichever one you’re using). It means you’re still typing in a password, but you only have to remember one. And then if you log in to several things in that go on the web browser, without shutting it down or turning the device off (or it turning itself off) then you don’t have to type the password again.
Question: Do I really need one?
This is another “it depends”, I’m afraid. I’m the last person to say everyone has to do things the same way or to push the latest technology on everyone. I’ve found it useful and I know a lot of other people do, but it probably won’t be right for everyone. Have a think about how many passwords you have and how secure they are (to be secure they need to be fairly long, have a mixture of words and numbers, and not be simple words or names, like “cat123”).
Then it’s up to you!
A Quick tip about Spam
Spam emails are frustrating. And the worst type (in my view) are the ones that are trying to rip you off – pretending to be from an organisation you do business from in order to get something from you.
I’ve mentioned before that just because an email says it’s from the bank you use or your broadband company doesn’t mean it’s genuine. Don’t think “Well, how would they know I bank with NatWest bank” – they just pick a bank send millions of emails and for some people it will be right. (Come to think of it, the same will be true for this email – some people who’ve just read that might have thought – that’s peculiar – I do bank with Nat West… but I didn’t know, I just picked one.)
But there’s another trick they use – you might often find the email has the right first name. Is that proof it’s genuine?
No – there are two ways they could have done this. One is simply if they got your email address from hacking some system, it might include your first name (and your surname and even your address).
But even apart from that, they often use the first bit of the email address. So if your email address was [email protected], they might start the email “Dear Fred”. Or if it’s [email protected], they would take the bit before the dot and start “Dear Ada”.
So even if an email has your actual first name on it, be wary – it could still be a trick. Banks and the like know not to ask you to click on a link in the email then type your details in “For security reasons” so if it asks that be very suspicious. And if you’re not sure, you can always ring the bank/broadband company on a number you already had and check.
Tech Inner Circle
Don’t forget, the doors to my Tech Inner Circle are opening later today for a week or two. If you’re not a member, you’ll get more info at 11am – watch out for that. If you are a member, you might want to pass on the word to anyone you think might like to join. They’ll need to sign up for this newsletter to hear about how to join.