I know some of us may default back to using the same password on all of our online services, (Facebook, Emails, Banking, etc.). As we create more accounts for the ever increasing amount of services that we sign up for, it becomes more and more risky that one of those services might leak or get hacked releasing your password out to bad actors.
Creating a separate password for each and every service can be difficult to keep up with and remembering all those passwords can be time consuming. Thanks to password managers you can keep on top of all of your new services and assign each one a seperate, highly secure password.
What is a Password Manager?
Simply put a password manager is a database that can:
Assist you in creating secure passwords
A Password manager will normally have the ability to generate a Password/Passphrase for you. Using these tools can assist you in creating complex passwords including a random set of letters, numbers and symbols.
Store all your passwords securely
A password manager will have the ability to store all of your passwords for your different online services securely in its database behind one master password. It will also have options to add additional security such as Multi Factor Authentication.
Give you access to all your passwords on all of your devices
Some password managers will allow you to install companion apps/extensions within your browser and mobile devices, this will allow the password manager to auto fill your username and passwords on websites and apps.
Storing associated & Important information
Some password managers will allow you to store other important information such as credit cards or notes as well.
Why should you use a password manager?
Using the same password everywhere is unsafe
Reusing passwords across multiple services places a lot of trust in the service to keep your information secure. If you are reusing the same password online all it will take is one of your online services to get hacked and your password will be leaked. The hackers will then have access to your username and password to try on other services.
Keeping a physical password book is unsafe
It is never recommended to write your passwords down. A password manager will allow you to store your passwords behind authentication so if anybody ever tries to get access to your password list it will need to be unlocked before they can view any of the information.
Password breaches happen, often
Unfortunately while companies & services normally try their best to secure your account, breaches and leaks happen.... often. As of the day of writing this Have i Been Pwned is listing 11,757,935,856 compromised accounts.
Okay, How do you get started with a password manager.
There are a few options for a password manager out there, including free and paid options such as 1Password, LastPass and Bitwarden.
I personally would recommend Bitwarden. They have free & very reasonably priced paid personal plans. They also have paid business plans that allow more sharing between accounts.
How to get started:
Bitwarden has a great how to video series on the steps needed
Create an Account
Install the Extensions & Apps
Generate New Passwords
Store Existing Passwords
How to use desktop and mobile apps
You can visit this link to watch the videos Bitwarden 101 Video Series - Getting Started
Worried about using a password Manager?
I do understand that trusting all your passwords to an online password manager may seem risky, but honestly it is very secure. I use Bitwarden as it is frequently audited by third-party digital security auditors as well as independent researchers, that look into the security and safety of the product.
Better password practices.
Use Multi-Factor Authentication
A lot of online services will allow you to use multi-factor authentication. This will add an additional layer of security on top of your username & password as it will provide you with a temporary key that is only valid for a short period of time. This key will be sent to your mobile devices via an SMS or available in an authentication app. Visit https://twofactorauth.org/ to learn more about multi-factor authentication.
Never reuse passwords
Using the same passwords on multiple websites leaves you vulnerable to hackers using breached passwords to log into other services
Try a passphrase
A passphrase is using a sentence or string of words used for authentication instead of a traditional password. An example of a passphrase would be "i see 12 happy lamas sitting in a field" (I recommend not using this as your passphrase). This is much longer than a traditional password, but it is much easier to remember.
Do not use personal information in your password
I know your children's names, or the year of your birth make it easier to remember your password, but it also makes it easier to guess. Don't use personal information in passwords.
Change your password
If you are ever notified of a breach, change your password as soon as you can and if you happen to use the same password elsewhere change it there as well.
Don't share your password
It's best to keep your passwords to yourself, don't share them with other people. Please note that the company you have an account with will never ask you for your password over the phone or email.
How do I check if I have been hacked?
There is never a way to 100% know if your personal details have been hacked or released online but a good place to start is Have I Been Pwned. This service was created by an Australian web security consultant by the name of Troy Hunt.
They have compiled a data base of all known breaches and allow users to look up their email address or phone number to see if they have ever been listed in a known breach. (You can check your email address by clicking here)
Comentários