Password Management

What is a Password Manager and Why You Should Use One

Bitwarden

  • Store, share, and sync sensitive data.
  • Bitwarden does not store your passwords. Bitwarden stores encrypted versions of your passwords that only you can unlock. Your sensitive information is encrypted locally on your personal device before ever being sent to our cloud servers.
  • Bitwarden is 100% open source software. The source code is hosted on GitHub and is free for anyone to review.
  • Bitwarden is audited by reputable third-party security auditing firms as well as independent security researchers.
  • Free version works across multiple platforms. e.g. PC, mobile
  • Make sure to:
    1. Export your encrypted Bitwarden data on a regular basis: Tools > Export To > Encrypted File
    2. Download and keep a copy of the current Bitwarden executable. This will allow you access your exported data, if Bitwarden.com is not available or you don’t have Internet access.

LastPass

LastPass Configuration

  • On the Login screen: Uncheck “Remember Email”
  • On the Login screen: Uncheck “Show My LastPass Vault After Login”
  • Under: Preferences > General: enable “Automatically Logoff when all browsers are closed for (mins)” and set the time to 1 min
  • Equivalent Domains: These are different domains that belong to the same entity. Also some Web sites my switch to a different domain for authentication.
    • Go to: My Vault > Account Settings > Equivalent Domains
    • Some “Equivalent Domains” to add to LastPass are:
      • comptia.org, certmetrics.com
      • nysed.gov, ny.gov
      • apple.com, icloud.com, itunes.com
  • Make sure to:
    1. Export your encrypted LastPass Vault data on a regular basis: Tools > Export To > LastPass Encrypted File
    2. Download and keep a copy of the current LastPass executable. This will allow you access your exported data, if LastPass.com is not available or you don’t have Internet access.

1Password

Multi-Factor Authentication (MFA) / 2FA (Two Factor Authentication)

Make sure to enable MFA/2FA on all your important accounts.

  • Authy is a free mobile / desktop app for two-factor authentication, as well as security partner and SMS delivery service of many websites that want to make two-factor authentication work better for their users.
  • Google Authenticator