A few weeks back I talked about how I’m struggling with what to recommend to my in-laws for password management. To recap, they’re highly motivated and very concerned about security so I don’t have to sell them on that part, but my father-in-law in particular has a high degree of difficulty with the computer when it doesn’t act consistently. For that reason I was concerned about recommending either LastPass or 1Password because often websites aren’t designed in a way that these tools can recognize the fields in which they should auto-fill passwords. That would drive him bonkers, and I’d hear about it every time.
Listener Ralph wrote me a thought provoking letter on the subject. Let me read you a few bits of it.
The typical evolution of password management is an journey from the basic to the sophisticated ……. from relying on memory, to Post-It notes on the monitor, a list under the keyboard, a field book in the pocket, and then the big leap to an unprotected text file on the computer, a protected text file on a computer, a basic app that does one thing and does it well, to the robust solutions like 1Password, LastPass, Roboform etc. We need to keep in mind that moving too quickly on this continuum can be like drinking out of the fire hose ……. Overwhelming. Managing the evolution is much more important that picking the tools
I think this is a brilliant observation. Maybe when we work on this for other people we need to assess first where they are in their journey and judge how far we think we can pull them along each time we work with them. I think he’s onto something. With my in-laws it’s a little tough because I’ve already been working with them and we’ve jumped all over the map. While they are still concealing their passwords, they are using very complex and long passwords on my advice. Because I didn’t pull them along on the journey in a logical way I’ve gotten myself into more of a pickle, but maybe his advice can help you with others.
He agreed with Bart’s suggestion to get them a powerful password management app, and to take small steps. He suggested this path:
- Buy a powerful password management app (1Password is Ralph’s app of choice) and take small step
- Enter all existing passwords in the app,
- Lock it up with a secure password.
- Set up syncing as required for the devices in use
- Print out a paper copy of the passwords, store it in a safe place and destroy all the post it notes and hand written notes. (Provide the blanket and Burn the Boat!)
- Let the parents decide if they want the sense of control using copy and paste, or the efficiency of auto fill.
- Allow time to get familiar with accessing and or adding passwords from/to the app. This is a key building blocks
He pointed out that there’s no sense going any further until the parents have a firm grasp of the basics of storing and retrieving passwords. After they’re comfortable with the basics, it’s time to take the next steps.
I like this and I’m going to use his steps for sure. I am still struggling on whether to get the 1Password that I don’t use, and don’t know well, or to have them use LastPass which I know extremely well but may not be as easy for them to use. When people ask me if they should get a Mac or a PC, I ALWAYS tell them to get the computer that the person they’re going to call when they get stuck told them to get, because if they don’t they won’t get any help. I’m inclined to use that same maxim here.
I do own an old version of 1Password so I’m fooling around with that to see how it feels, and I think I’ll make a dummy account on LastPass just to see how it would feel for a newb. Been using LastPass so long I can’t remember what it feels like to start with it. Anyway, thank you so much Ralph for the interesting and useful perspective on this. If anyone else has advice for me on this I’d sure appreciate it!
[…] gives me some great advice on how to approach password management for unsophisticated users. I ask the question why Microsoft would choose to compare the Surface Pro […]
Go with what you know is always a powerful decider in supporting others. Also, check the Lastpass forums. There are a lot of folks with odd sites that don’t seem to work right and they offer workarounds. I haven’t looked hard at 1Pass but I think everything it does can be done in LP as well. The other consideration is like what made a coworker switch from 1p and that is somewhat expensive upgrades to access important features versus a nominal yearly fee for the latest-greatest version with LP. Both have their strengths so pick the one that feels like the best fit.
I like Ralph’s evolutionary progression, but wonder if we can skip several steps with mentoring our less advanced family and friends.
Perhaps you should consider changing to 1Password, get used to it yourself, then give it to the in-laws?
I’ve thought about that, Bruce but it’s expensive and it would also wreck my ability to share passwords with Steve since we’re both on LastPass. I do have an older version that I’m playing around with so maybe I’ll be able to use it to help them if I put them on 1P.