New data breaches are making headlines
Nearly every week and these breaches reveal a simple, yet troubling fact: many people continue to use weak passwords and use the same weak password across multiple sites and applications. This practice is a hacker’s dream come true as it generally means that once they obtain a single password, they obtain access to multiple data sources. The solution to this is rather simple, which is to create a unique, complex password for every site and service you use. The problem here is pretty obvious, however. Remembering dozens or even hundreds of unique, hard to guess passwords is nearly impossible and too much to ask of anyone. Fortunately, there are solutions to this dilemma and the following 5 tips will help you manage your passwords more effectively and keep you, your business, and your private data much more secure:
Using your browser’s “remember password” feature
While this is a convenient option, it may not be the most practical or the most secure option. Now, if you only ever intend to use a single device, such as a laptop, with only one browser to store all of your passwords, this is a better option than using the same password for all services. However, it’s not foolproof. You still need to protect your machine. Ideally, you would want a strong log-on password for your laptop and another strong password protecting the browser that is storing all of those passwords you’ve saved. The laptop itself should also be secured behind physical locks when you are away from the device. Things get increasingly difficult when you have multiple devices or regularly use more than one browser, so think carefully about how and where you access your secure data and whether this is the right solution for you, as there are other options.
Password variety is key
Password leaks are not a question of if, rather a question of when. Whether it is the wrong person watching you type a password in, a key logger that was silently installed on your device, or the hacking of passwords through third party services such as LinkedIn, there will inevitably be a breach that makes your private data vulnerable to prying eyes. A key counter measure to these threats is to choose a different password for each online account. However, doing this yourself without making them predictable is difficult and that’s where password managers can be the solution to this problem.
Password complexity matters
The more complex a password, the lower the likelihood an attacker will be able to crack the encryption. Websites and other services generally store passwords using cryptographic representations known as “hashes” and depending on the algorithm employed, these hashes can indeed be cracked. Therefore, the best practice is to use strong passwords with 12 or more characters, combining both upper and lower case letters, numbers, and special symbols. Do not replace common letters with symbols as these are known techniques to hackers. Examples are replacing the word “Password” with “[email protected]$$w0rd”. These variants are easily guessed and cracked by hackers.
Master passwords are a single point of failure
If you do decide to use a password manager to store all of your passwords centrally (and I recommend you do) you will still need to set and remember a master password that logs you into the password manager itself. This master password therefore becomes a single point of failure. In other words, if someone obtains this password, they end up with the keys to the kingdom. Many password managers have solved this problem through the use of two-factor authentication. Typically, this means that you put in your master password and subsequently you will be prompted for a pin, or may configure the password manager to send you the pin request via text message to your mobile device.
What are some good password managers to consider?
When it comes to password managers, there are a multitude of options for you to consider. Generally, there are “offline” options such as KeePass, Password Safe, or Enpass, which do not synchronize your passwords across different devices. You instead need to move the encrypted database (with your passwords stored in it) between the various instances of the program that you have installed on each device or use a cloud sharing service like Dropbox to keep the database in sync with all of your devices that you wish to access your passwords from. Alternatively, there are options such as Dashlane, 1Password, and LastPass. I highly recommend you take a close look at LastPass. The free version will allow you to provide you with unlimited storeage for passwords and notes for 1 device. You can fill in forms automatically, and utilize security features like multifactor authentication. For just $12 per year you can very easily sync all of your devices. Check it out at LastPass.com