Password Manager - Yay or nay?


What is a password?

It’s that thing you must type to get into your stuff; It’s the bane of the Internet civilization.

Per Dictionary.com, a password is
a secret word or expression used by authorized persons to prove their right to access, information, etc.
Passwords were created with good intentions, but they quickly became one of the weakest forms of security in existence on the Internet. Simply having a password is better than not having one, but pretty much no service will allow you to have an account without setting a password.

Where did we go wrong?

Imagine if all someone had to do to gain access to your bank account and siphon money out before you had a chance to notice was to know the name of your favorite childhood pet or your birthday or anniversary? That kind of knowledge would come with relatively minimal effort on the part of the attacker. Most people have their date of birth (DOB) publicly available through one means or another. 

On another note, maybe you weren’t even that creative. Look at Keeper Security’s list of top 25 most common passwords of 2016:
  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

First, if any of your passwords are in this list, please take a moment to slap yourself, but keep reading because I’m writing to show you how to make the whole password thing easier!

For the sake of argument let’s assume that you are smarter than this, and you use a “better” password with letters, numbers, and special characters – bravo! But wait, you use the same password for Facebook, your email, and your bank account. You just lost security points again.

Where people go wrong with passwords is one of a few things:

  • Using the same password or a very similar password across all accounts
  • Using weak passwords like the ones listed above
  • Keeping written password notebooks
  • Keeping passwords in a file on a device
  • Never changing a password once it is set
  • Cycling through previously-used passwords if they are required to change passwords every so often

So what comprises a good password? Read what Google suggests. For someone concerned about security, a lot of thought goes into making a secure password.

Enter the password manager.

What is a password manager?

According to a very reputable source (Wikipedia), a password manager “assists in generating, storing, and retrieving complex passwords from an encrypted database.”

The key word in that definition is encrypted. Rather than relying on your brain or your password file in your documents folder or password journal on your desk, maybe it’s time to consider using a proper password manager to manage your passwords.

What’s wrong with keeping passwords in a document or paper journal? Here are some scenarios to consider.
  • Your computer or phone gets infected with malware
  • Your computer or phone is stolen from your bag
  • Your computer crashes
  • You drop your phone in the lake
  • Your house burns down

Some of the examples are extreme, but they do happen. The last thing you want in the wake of disaster is to have to recover access to all your important accounts.

Here’s some of the benefits of using a password manager.

  • You need to remember one and only one password. (Did I mention one password? Just one.)
  • Generate unique, random passwords for each existing account you have and future ones you sign up for.
  • Simplified login process with autofill – no more digging around to find which password goes with which account.
  • Password auto-change feature – click a button to change your account’s password to a new one.
  • Secure password sharing – no more texting or emailing passwords back and forth.
  • Sync your passwords across multiple devices.
  • Store other sensitive information – not solely passwords.

Here’s my list of top five password managers for personal use. Note that some browsers, namely Google Chrome and Mozilla Firefox, have built-in password managers. You’re one step ahead if you already use one of those; I highly urge you to consider upgrading to a browser-independent password manager.
  1. LastPass
  2. Dashlane
  3. Keeper
  4. 1Password
  5. KeePass

You can also read about some comparisons between several of the top password managers on Tom’s Guide.

Should you use a password manager?

Some people are avidly opposed to storing “everything in one place” because of the risk of compromising all passwords at once by guessing/cracking the password that grants access to the vault. This concern is heightened when password managers are cloud-based. Read my previous article on cloud security for more details about why there is concern with cloud-based services. The password “jackpot” argument has been debated time and again by the security community. Many security-minded people agree that, for the general populace, the burden of remembering more than a few unique, strong passwords is too great.

The makers of LastPass (my personal password manager choice) have a very good explanation of how their technology works to keep your vault secure. For those interested in advanced-level details, read this as well.

Password managers alleviate the burden of remembering individual account passwords and have the added benefit of being an inventory of all your online accounts. With a password manager, you also won’t be as prone to use the same password across all your accounts.

Ultimately the decision rests with you, but be aware of the risks of lax password and account security in a world of ever-increasing breaches and surveillance.


Password Manager Do's and Don’ts

Do:
  • For your “master password”, use a passphrase instead of a traditional password.
  • Enable two-factor authentication
  • Keep the password manager application and all associated browser plugins up-to-date wherever you install them.

Don’t:
  • Use a weak “master password”
  • Forget your “master password”
  • Vault the same password for all sites in your vault

Need help?

Feel free to shoot me a message if you have questions or need help setting up a password manager.

Comments

Popular posts from this blog

Google's "Smart Lock" and Android Autofill

An Important Way to Step Up Your Online Security Game

Spam: Fighting the Machine