One of the benefits I’ve found of going paperless is that it becomes much easier to automate things when the data in question is in digital form and not scribbled on a yellow notepad sitting on your desk. Since I am entirely paperless now, except that paper that comes in over which I have no control, I have been focusing my attention more and more on automating things in my life that shouldn’t require my time. I’ve done this a few time. I’ve automated how I captured data from my writing. I’ve also automated a daily almanac that tells me what I managed to do each day.
Now I am moving into more practical automation. The most practical kind of automation, for me, does a couple things:
- It automates something that I do frequently so that I don’t have to do it.
- It frees up the time I spend doing #1 so that I can do other things.
- It sometimes comes with added bonuses.
In thinking about what to automate next, I tried thinking about what I do during my day, and looking at those things I do frequently. One thing I do frequently is use a lot of online sites and services, each of which has a different account, password, etc., and that means that I am entering various passwords multiple times throughout the day. It also means I have to remember a bunch of passwords, and if I get lazy and reuse passwords, I do so at the risk of compromising my online security.
So I decided to spend this weekend automating my password entry and at the same time, improving my overall security. Below, I describe what I did, but I warn you now, this is not for the faint-of-heart. I probably spent 6-7 hours this weekend doing all of this. I fully expect to recover that time through the automation it allows. But it did take an investment of time.
I track all of my online account usage in a spreadsheet. I track the website, the login I use, a code that represents which password I use, when I last changed the password, etc. On Friday, I had 107 sites on my spreadsheet. These represented all kinds of online services, from streaming services like NetFlix to email and productivity services like Google Docs.
Before the weekend, my strategy for passwords was to use about half a dozen of them, and scatter them across all sites by differing levels of security. For sites that required high security, I would use one password; for very low security sites (that I didn’t care much about) I’d use another. This grew to about 6 over time and they were divided up so that if my password was compromised for, say, my social networking sites, it would not be compromised for my email.
I found that despite things like remembering passwords on my home machines, I was still entering passwords a dozen or more times a day. In many of these cases, it was for sites I didn’t access as frequently, and I was constantly checking my spreadsheet to see which login and password to use.
My goals for the weekend were as follows:
- Create a unique, strong password for every site. Put another way, never reuse a password. This is the highest level of password security you can get. If someone gets my password for, say, Twitter, that password is only good on Twitter. It won’t work anywhere else. What’s more, it’s a long, randomly-generated string that includes all four classes of password characters (upper and lowercase letters, numbers, and symbols).
- Use 2-factor authentication wherever possible. This adds a little overhead to some sites, but it greatly enhances security. What 2-factor authentication means is that when you log into a site, you put in your password, you are then prompted for a code, which is sent to you directly by another means–text message to your phone for instance. You enter the code texted to your phone and then you are allowed into the site. Usually, you only have to do this once per access point. It makes things much more secure because even if someone got my password, they’d be asked for a code and that code would be texted to my phone.
- Find a tool that would allow me to automatically log into sites using these passwords. There is no way I am going to memorize 107 unique, long passwords, but there are tools out there that can do this for me. What’s more, they do it securely, and can be added right into my browser so I don’t have to think about it.
After some research, the tool I picked was LastPass. LastPass is a cross-platform browser plugin that does everything I describe above. It manages all of your passwords, it provides a security assessment of your passwords. It can generate passwords for you on the fly, according to a configurable set of rules. It stores the encrypted version of the password in the cloud. But–and this is important–the encryption and decryption is done locally as opposed to LastPass’s servers–making it much more secure. There are apps for the iPhone and iPad, and it works on my Google Chromebook.
How I automated this process
1. I downloaded LastPass, watched the instructional videos and read through some of the documentation. (I am a documentation-first reader.)
2. I installed the LastPass plugin for Google Chrome on my iMac and Chromebook.
3. I created my LastPass account. This involves creating a master password which unlocks everything else.
4. I opened up my spreadsheet, and for each of the 107 accounts/sites listed, I went to the site, logged into the account with my old password, changed the password to one randomly generated by LastPass, updated my spreadsheet and tested out the site to make sure I could still get into it. This took a long time. I think the bulk of my weekend was spent doing this.