Usable Password Management

on 01/15/2016 by David Szostek



Nearly every company, from banks, to cell phone providers, to utility providers offer online portals that require a username and password. The easiest way to remember all of these is to use the same username and password for everything, but that is also the least secure (and arguably an ethics violation). The second easiest method, and among the most secure, is to use a password manager.

A password manager runs alongside your web browser. It saves and automatically inputs your username and password for each website that you use. A password manager program is different than using your browser’s built in “manage passwords” feature because your browser’s “manage passwords” feature typically stores your passwords in a way that is very easy to retrieve and view, thus exposing your entire online identity to any half-decent hacker or tech-savvy employee or vendor.

To avoid that (lack of) security trap, you should create unique, complex passwords for each online portal that you need to access. But creating, saving, and using these passwords would be nearly impossible without a password manager. A password manager is a plugin or extension for your browser that remembers and pre-fills your username and password information to the websites that you use. There are a number of good, secure password managers, including: Dashlane, Sticky Password, and Lastpass. We recommend using LastPass because of its features, price, and reputation.

Each time you log in to a website, LastPass will offer to save and pre-fill your information for your next visit. Each time you create a new user account for a website, LastPass will offer to generate a complex password for you, which it will then save and pre-fill every time you visit the website. LastPass saves and encrypts your password data, so would-be hackers, snoopers, and even Lastpass its self will not be able to view it. And LastPass automatically syncs your password data across your devices (Windows, Mac, iOS, and Android) so you never have to remember anything but your LastPass password; you can even use your fingerprint instead of your password on supported mobile devices. Lastpass can even pre-fill your login details for many mobile device apps, independent from any website that the app may be associated with.

By using a password manager to create complex passwords, save, and pre-fill your login information, you can best avoid the possibility of having your online identity stolen, along with all of the information that you can view online (like confidential client information). LastPass has a paid version that costs $12/year per user. Its free version should be entirely adequate for solo firms that do not need to share passwords between its users.

About the Authors:

David Szostek is a partner at Edward Allen Law, where he practices business law, intellectual property, and litigation. Victoria Vuletich teaches professional responsibility at Western Michigan University Cooley Law School and has a private ethics practice that serves Michigan lawyers and law firms.