In honor of World Password Day, I’d like to share a bit of information.
As much as we hate passwords, we need to access our computers, e-mail, shopping sites, routers, mobile devices – you name it, it probably requires a password to access it. Every week it seems we hear about a new data breach that exposes all sorts of information about us. While we cannot stop the breaches (wouldn’t that be nice?), we can protect ourselves from other attacks.
There are three ways to protect the access to our information:
- using long & random passwords
- using a unique password for each site and/or device, and
- activating the use of 2-factor authentication where available
Security experts have been saying for years that if you can remember a password, it is not strong enough. The reason why is because attackers use large “dictionaries” of common words and re-used passwords when trying to access someone’s account. So, if you can remember it, chances are that it is not unique enough and is already included in those dictionaries. Also, there is a chance that you came up with an easily guessed password from publicly available data about you, such as from social media sites. So, how can you come up with a complex password, unique to each site, but that you cannot remember? Answer: use a password manager and have it generate the passwords for you.
What is a password manager?
A password manager is, at its core, a database of your passwords. Once set up, there’s really one password you need to remember: the master password for your database. This password should be as long as possible – make it into a phrase instead of a password, as it can be several hundred characters long. The hardest part is getting started and entering your current passwords. Once you’ve put them in, you’ll be glad you did. You can change passwords easily and even have the password manager generate random, multi-character passwords for you – and you won’t have to remember them at all. You can even set them up to automatically enter the username and passwords for you, so you won’t even have to copy and paste the information.
There are lots of passwords managers out there and they all do very similar things.
All the reputable commercial password managers are subscription based, but they are worth every penny in the time they save you in the long run and the peace of mind they give you. They typically synchronize through their cloud-based servers, so changes you make from your computer will show up in the mobile version of the password manager. Their prices range from $10/year to around $75/year, though most offer a free tier so you can get the basic service for free. However, I’d recommend using the paid versions – again, they are worth every penny.
The leading commercial password managers are 1Password, LastPass, and Dashlane. However, there’s a new open source password manager that is showing lots of promise, and its name is Bitwarden. It is very inexpensive ($10/year), and has almost all the features that the “big guys” have.
Please, do yourself a favor and try a password manager today.