In 1998 I started actively being more cautious with my user name and passwords that I used for all my internet sites. I started off with a few different levels of passwords, one for sites that required me to enter credit card information (Amazon, Microsoft Live, Playstation) or for me to store any documents (DropBox, SkyDrive), one for sites I wouldn’t want people to know the password of and impersonate me (Facebook, Twitter, Instagram, etc.) and then another for sites that needed a user name and password but I wasn’t too worried about.
The concern I had that is if anyone of the different level sites got hacked…like Twitter or like Playstation, technically they could try that password with my user name (which most sites force as your email) to get into others. About six years ago I started using a password vault called eWallet to Go to store all my user names and passwords in DropBox and this allowed me to get access to them with a master password on my computer or smart phone. I started creating unique complex passwords for EVERY site which became time consuming if I ever need to access them on another machine as I typically save the password on my main PC.
In October last year I decided to give Last Pass a try which essentially does the same thing but has browser add-ins to fill in the passwords rather than store it in the browser and can also easily recognize you logging into sites it wasn’t aware of before and ask if you wish to save them.
My only concern with both of these approaches was that if someone got my Master Password I was screwed potentially! So I read that I could use Google Authenticator with LastPass. Basically every time I logged into LastPass, which is every time I start a browser session with the add-in, it will ask me to log into LastPass with my user name and master password…then it asks me to enter the Google Authenticator code. Which gives me a two factor login which is much more secure. They’d have to steal my phone and know my user name and password to get in
The other nice thing about LastPass is that it can generate you random secure passwords so it becomes really easy to regularly change different sites passwords.
I already have two factor set up for Microsoft Live, so anytime I log into SkyDrive, Xbox etc. I have to enter the Microsoft Authenticator code. I would recommend you guys start enabling this on your logins too!
I hope this helps you to keep your logins secure