Good Economic/Ecological Practices for Consumers

The scam email (below) that I just received this morning is a great reason to use LastPass or any other reputable password safe so you can have a unique password for each and every account. I have somewhere around 800 different online accounts. The person behind this email is trying to blackmail me.  https://haveibeenpwned.com/ helped me locate which accounts associated with "tim@oey.us" username/email have had known hacks with the data sold. "LinkedIn: In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data." (information from https://haveibeenpwned.com/ ) See also: https://www.troyhunt.com/observations-and-thoughts-on-the-linkedin-data-breach/...

These days many accounts are getting hacked, especially email, because the password was weak (too short), the computer was infected, or someone was fooled by a phishing attack -- going to a site that looked real, so they entered their password, but the site was actually fake. Plus many use the same password repeatedly -- so one compromised password can give access to many systems. Your email account is especially sensitive because it often contains records for many of the systems you use, as well as lots of other confidential information about you and others. And your email account is how many other systems verify your identity. Here are a few of the things that could happen if your email is hacked: personal (and possibly sensitive) information is revealed, your other accounts get broken into, you send dangerous infected emails to your friends, and all your email history and contacts are deleted. It just takes once and most of you probably don't want strangers to have access to all...

I've been searching long and hard since 1997 for a good way to manage hundreds of online accounts and passwords securely. Everyone who has been on the internet for any length of time has the same problem. It is impossible to remember all your account names, IDs, and passwords let alone use different strong passwords for each account (so that if one is compromised the rest are not). Yet if you write them down, that introduces other security risks. Having your browser remember them is also very insecure. Roboform and many other password safe solutions were inadequate (not cross platform or too hard to use). Bank of America's My Portfolio and Yodlee provide interesting solutions but have flaws depending on your perspective. By far the best cross platform solution and the one I now use is LastPass ( http://LastPass.com ). In a nutshell, it locks all of your account information into an AES-256 bit safe that only you can open. That safe moves wherever you want it to go. LastPass mak...