It’s time to get a Password Manager
What if you could get into all your accounts with one click, using any of your devices, and have a unique, very long complex password for each account? Does this sound too good to be true?
A password manager lets you follow the best security measures without having to remember unique passwords for each site or coming up with exceptions for those sites that don’t work with your password formula.
Don’t let headlines you may have read about LastPass being breached scare you away from a password manager. Just pick a more secure one. Details in the article.
Please read this article for a simple solution for this real-world problem.
TAKE HOME MESSAGES
#1 You may have read about LastPass being breached and this may scare you away from password managers. If I were using LastPass, I would be changing all of my passwords, and working to move them to a different password manager ASAP. I use 1Password as my password manager, which is much more secure than LastPass (and most others). We will go into the security differences in a future InfoLine article. If you don’t want to take my word for 1Password being safer, then contact me and I will explain the differences before you choose one.
#2 Not all password managers offer the same level of security. I recommend 1Password because it has extra measures to protect your data.
#3 Some browsers claim to offer “Password Manager” capabilities. They do not offer the highest level of security.
You can try 1Password free for 14 days. I am not affiliated with 1Password, but if you have any questions about using it, please reach out to me.
We’ve all been told that each of our accounts should have a unique, complex password… but you haven’t been doing that, have you? You know that it puts your accounts at risk, but following the “rules” is just too time consuming and complicated. With an average of almost 100 accounts per user today, it’s impossible to remember that many unique passwords.
Perhaps you’ve been using a password formula, but you’ve been frustrated by the number of sites that don’t work with it (one site requires special characters, another site won’t allow them, still another site requires a longer password). What are you supposed to do?
COMMON BAD PASSWORD HABITS INCLUDE:
|Using the same password for multiple accounts||This puts you at risk of credential stuffing attacks, where your credentials from one data breach are used to log a hacker into other, unrelated, sites.|
|Using simple passwords||Passwords which meet just the minimum requirements are easier to hack than longer, more complex passwords.|
|Using guessable passwords||Using your children’s or spouse’s name, your birthdate, school mascot, etc. leaves you vulnerable to someone who can take a little time to google you and review your social media accounts.|
|Using a handful of passwords (one password for all banking sites, another password for all work-related sites, etc.)||This is a little better than using the same password for all accounts, but still leaves you vulnerable to credential stuffing attacks. You may feel comfortable using the same password for inconsequential accounts, but you would still need to change all of your other “inconsequential” accounts following the breach of one (that is, if you are made aware of the breach quickly). This is still a very bad idea.|
|Reusing passwords by just incrementing the last digit||Hackers have figured this one out, since so many people do this. If a hacked password does not work, and it ends in a digit, then most hacking bots will increment the digit and try to log in again.|
How can you banish these bad habits without driving yourself crazy trying to memorize 100’s of unique passwords? The answer is to use a Password Manager. It remembers all your unique, complex passwords and lets you be as safe as possible without the mental challenges of doing it yourself.
WHAT IS A PASSWORD MANAGER?
A password manager is a cloud-based service that stores all your passwords and gives you easy access to them from all your devices. It encrypts the passwords to protect them and securely fills them into your websites for you with a single click.
Your password manager can also help you fight against phishing scams. Even if a phishing attempt could trick you into clicking on a malicious link, it won’t trick the password manager. Your password manager associates your credentials with the correct URL of the site that uses them. It will detect that the URL of a phishing site is different than the URL of the site you usually log into — regardless of how similar it may look to the human eye.
BENEFITS OF A PASSWORD MANAGER:
- You only have to remember a single master password.
- You can fill in your credentials with a single click (you don’t even have to type in your username or password).
- You can have access to your credentials from each of your devices/browsers (home computer, phone, tablet, etc.).
- If you’re not sure how to create a strong password, or if you don’t want to come up with one on your own, your password manager can create one for you.
- Your data is secure, even if someone gets your single password (they need your security ID as well to get into your account).
- Your data is secure from the password manager company/employees, since your data is encrypted both in transit and at rest. The decryption key remains with you, and even the employees of the password manager company can’t decrypt your data.
- If someone *were* to hack into the password manager’s cloud database through a backend, they would only be able to gain access to your encrypted data. Your data is only ever decrypted when it’s on your device(s).
- Some password managers include a feature that checks your passwords to see if they have been compromised or if you are reusing them.
- The password manager can help protect you from phishing attacks by comparing the site URL with your database.
- Some password managers allow you to use a family plan and easily share selected passwords with family members.
- When shopping online, you can easily fill in your credit card information to make purchases without needing to have your physical credit card on hand.
- You can store other data, not just credentials: your passport number, credit card numbers, etc. Some password managers allow you to upload scanned documents.
HOW SECURE IS A PASSWORD MANAGER?
OK, so a password manager is easy to use, but how safe is it? You’re asking me to put all my secure data in one place and store it in the cloud? Are you nuts?
This is a very valid concern, and the main reason that I have kept my data out of a password manager for so long. The insight that gave me the final peace of mind to embrace a Password Manager is provided below, but even without that extra security, I feel safe using one because of the built-in safety measures in 1Password. The data is encrypted with two keys that, working together, are required to open your vault: a master password, and a digital “seed”. One or the other alone will not provide entrance. The 1Password database never holds either your security seed nor your master password, so if their site is breached a bad actor could not retrieve either. Your data is encrypted before it leaves your personal device and remains encrypted in transit and while stored in the cloud. Even the password manager company cannot access your data, and if they can’t then neither can a hacker during a data breach. These security measures in 1Password do not exist in all password managers, so please do some research if you want to be safe with a different one.
My extra security tip:
This is the insight that gave me the “sleep at night” confidence to start using a password manager: Don’t save your entire password in the password manager. Save most of it, and then type the remaining characters each time you need to log into the site. For instance, say you want extra security for your bank account login. Your credentials for the bank are:
In your password manager, save the password as: 7s99dHHjgkkj%gsjjh-. When you log into your bank account, use the Password Manager to automatically fill in the credentials, then type “BLUE” at the end of the password.
This will log you in easily. If somehow someone were to get into your Password Manager, they would still be missing the final piece of your password, which only you know.
I’m not suggesting that the Password Manager is vulnerable and that you need this extra level of security, but if you are feeling unsure about putting all of your passwords in one place in the cloud, then this tip may give you peace of mind.
If you have questions about this, please let us know and we will be happy to assist you.