So, today is the first day where BOTH my kids are at school for the WHOLE day! Our little one started two weeks ago, but was on half days. In The Netherlands, you start the schooling around the time that you turn four, so it is a staggered start through the year. Anyway, finally having both the kids at school means that I have much more time to try and get some of the things done that have been piling up over the years...
... chief amongst these tasks is the tidying up of our LastPass cache of passwords and logins and all the good stuff that a password manager handles. I'm generally okay with my own online security and hygiene, better than most... but that tends to be a pretty low bar to clear. I've mostly been able to get my wife onboard with the password manager and the avoidance of password reuse.... however, there was a time when she was adamantly against it.... and thus has some accounts that reuse passwords (thankfully nothing critical...) or are just weak.
So, I figured this week would be a good time to weed out all the horrible account details and update them to something more secure. Especially now that my wife has managed to master the Lastpass manager and is comfortable using it on a regular basis.
Lastpass does have a security scan for your vault, which indicates the rough strength of your combinations. Although it appears that here are a number of at-risk combinations up there, the number is the TOTAL number of logins, and not the AT RISK ones. Furthermore, the "at-risk" classification relates to Weak (bad), Old (ok... but not good) and Reused (bad).
Most of these I will just update and change... and some of them are unfortunately details to now dead services. It should be a fun couple of days of getting notifications about password resets and all of that stuff... I already let my wife know so that she isn't freaked out by it!
First one off the rank... Zalando... a shopping website in The Netherlands. Updated to a secure password from a weak one. This must have dated from a time when my wife was just making up passwords rather than using the random generator. I have a feeling that I will be seeing more of these shopping websites and other things... most of them have pretty annoying or obscure security pages and settings. These things should really be easier to do... and front and centre. I've already had one which DOESN'T allow Lastpass to fill the password fields in the password change AND doesn't allow me to copy-paste in. This is terrible behavior, as it incentivises weak password generation or password reuse. Sigh...
I'm also getting a bit of a laugh out of some of the password entries in the vault as well... obviously, some of these were created by a very annoyed and frustrated person!
Account banner by jimramones