Completing a yearly password audit is a great habit to adopt in order to keep your digital life organized and secure. Join me as I complete my audit using the LastPass app!
Over the years, I’ve incorporated a series of routines into my days/weeks/months to keep my physical spaces organized.
When it comes to organizing my digital life (and maintaining that organized system), I’ve found that the same principle holds true.
Routines are your BFF.
In previous posts, I’ve honed in on key routines for maintaining various parts of your digital world, including your:
Today, I wanted to share the basic process I go through at the beginning of each year to keep my passwords organized AND secure — I call it my annual password audit.
This post contains affiliate links for your shopping convenience (which means if you make a purchase after clicking a link I will earn a small commission, but it won’t cost you a penny more)! Click here to read my full disclosure policy.
As I reviewed in a previous post, there are basically three main methods for organizing passwords. My personal method of choice is an online password organizer – the LastPass app. The truth is I really don’t have a choice. Between my personal and business-related passwords, I have almost 400 that need managing 🤯.
Even if I did have a choice, I would still choose LastPass (you can read all the reasons I’m obsessed with LastPass in my password organization post).
I’m not going to offer up a lengthy LastPass review in this post (you can find a helpful LastPass app review here). This post also will not cover the basics of how to use LastPass for storing your passwords. Instead, I’m going to outline the steps involved in my annual password audit process.
My Yearly Password Audit Process With LastPass Password Manager
Step 1 – Organize Passwords into Category Folders
One of the really useful features of LastPass is that it enables you to organize your collection of passwords by category into various folders. You can customize your folder system structure in any way that’s most helpful for you. In my case, I have two main folder categories:
I have many subfolders within those two main folders. Here’s a snapshot of what the subcategories look like within my Personal folder:
As you can see in the above screenshot, LastPass has a default Uncategorized folder for new passwords that you add but don’t initially file into a new or existing category folder. I usually try to file away newly added passwords into existing folders as they are added into my password vault. But sometimes I’m in a hurry (or just plain lazy) and bypass this step.
So the first order of business during my annual password audit is to file any passwords in that Uncategorized folder into the proper folder within my existing category/folder structure. My goal is for that Uncategorized folder to be empty.
Step 2 – Declutter Passwords – Delete Obsolete Accounts
In step 2 of the audit process, I drill down into each of the organized password folders with the mission of decluttering passwords associated with obsolete accounts (i.e., accounts that no longer exist or I don’t need to access anymore).
Here’s what the inside of my Personal Services folder looked like after I completed step one:
I noticed right away that there were passwords for several services that I no longer use (Hallmark eCards and the home warranty account). Those password entries were deleted.
Step 3 – Identify At-Risk Passwords Using the LastPass Security Dashboard
During the next step of the password audit, I utilize LastPass’s Security Dashboard to identify and fix any at-risk passwords.
Even though I try to be vigilant about password security, LastPass makes me humble by letting me know that I still have a ways to go. My overall password vault health was classified as “Somewhat Safe”, and 257 of my approximately 400 passwords were at risk.
What constitutes an at-risk password in the LastPass Security Dashboard?
- Weak passwords (think “mypassword123”)
- Old passwords (i.e. over a year since it’s been changed)
- Reused passwords (ones that you’ve used repeatedly or merely more than once)
Passwords that LastPass has given a “thumbs up” to are identified with. a green checkmark. You can breeze right past these:
The at-risk passwords are flagged with a red button that indicates the specific password issue to be fixed:
Step 4 – Change At-Risk Passwords Using the LastPass Generate Secure Password Tool
In my particular situation, weak passwords were not an issue. But I did have quite a list of old and reused passwords to contend with.
In step 4 of the process, I rolled up my sleeves and generated a new password for each at-risk password. I used the Generate Secure Password tool that’s built into the LastPass Chrome extension:
You can specify the desired password length and character type (numbers, letters, symbols) in order to tailor the password to the website’s password specifications. It’s a super-handy tool that makes swapping out passwords as easy as possible.
This process can be really tedious, especially if you have a large volume of at-risk passwords to work through. I’ve found that it’s the perfect mindless task to work through in chunks while watching t.v. at night!
Step 5 – Export and Print the Password Vault
Once all of my passwords are current, organized, and secure, I like to create a printout of the contents of my LastPass password vault. I tuck this print version of my password vault away in a secure place in our home as a backup (you know, in case anything catastrophic should happen to LastPass’s servers). This is similar to my practice of printing digital photos as a form of backup.
I should mention that LastPass gives the option of granting emergency access to your password vault to a designated person, should the need arise.
Step 6 – Change Master Password and Review Account Settings
In this final step of the password audit, I take a moment to review the general settings in my LastPass account to confirm that they still make sense to me. If not, I tweak them accordingly.
This is also the time when I change my master password (that really important one that I need to remember in order to access my vault). It probably goes without saying, but your master password MUST be super-duper secure (like 30 characters of gobbledygook secure).
And that’s my annual password audit process in a nutshell!
LastPass Password Manager
If I’ve piqued your interest in digital password management, why not give LastPass a try?
It really is one of the core tools in my digital organization tool belt. You can check it out using the links below:
Prefer a paper password management system?
Fill out the form below to download a free printable password tracker. The password audit process will be a bit more cumbersome using a paper system, but it’s no less important to incorporate this annual routine into your schedule.