The vast majority of us are using weak (or potentially even worse – reusing) passwords across our many online accounts. This behavior makes a great target for cyber attacks. Criminals can use your compromised information to open bank accounts in your name, take out loans, ruin your credit rating, lock you out of your own data…it’s a real grab bag of nightmare scenarios! I know safety and diligence are boring and tedious, but the reality is cyber crime is on the rise – and these criminals are only getting more sophisticated. If you haven’t taken your cyber security seriously before, now is the time.
A huge step in securing your information online is taking a good hard look at your password habits. Last week, we talked about why you probably shouldn’t save your passwords in your internet browser. As an alternative, most security experts recommend using a standalone password manager. Let’s dig into the details of these services to help decide whether they’re right for you.
The Basics
A password manager is a type of software application that stores and manages your online login IDs, passwords, credit card numbers, PINs, answers to security questions, etc. These types of applications can even generate super strong passwords for you – since you won’t be tasked with remembering them, you can afford to get a little wild with the special characters and random letters/numbers. In addition to storing your passwords behind extremely strong encryption, the password manager itself does not have access to your passwords. Only you have the master password to access them (also meaning if you forget your master password, you’re out of luck).
When choosing a password manager, you will likely choose between a local/desktop-based system and a cloud-based one. The main difference between these two systems is how and where your information is stored. Local applications store your encrypted database in a local “vault,” which lives only on your device (and isn’t accessible over the web). Cloud-based systems store your information in the password manager’s servers, meaning you can access it from any device with the proper login information and authentication. The local application is the most secure, but it sacrifices some convenience and usability. Cloud-based is more user-friendly, but requires a level of comfort with having less control over where your information is stored.
The Good
- The features that make for good passwords – at least 12 characters made up of a random variety of letters, numbers, and special characters – also make them very difficult to remember. A password manager generates strong passwords and remembers them for you.
- Many password managers offer to scan your passwords and provide a security checkup. You’ll receive alerts if you are reusing passwords anywhere, if any of your passwords aren’t up to snuff, and if you have accounts on sites known to have had security breaches.
- Some password managers offer a password auto change feature. The application will log in to your accounts with your saved credentials, update your password and save the new login information. Security experts recommend that we update our passwords at least once per year – a very time-consuming process to do manually. Password managers take a lot of the work out of this task.
The Bad
- Switching to a password manager takes significant effort on the front end. Depending on how many online accounts you have, it could be a decent time commitment to get all of your online credentials saved to the application. The good news is that once you’ve done it, you’re set (and likely much safer) for a while.
- Putting all of your password eggs in one basket can be a tough pill to swallow for some. If there is a security breach (not unheard of), the worry is that all of your passwords could be compromised. That being said, password managers are extremely secure baskets. We mentioned last week that browsers don’t make the best password managers because their chief concern is not security. The same logic applies to standalone password managers – these companies are in the business of cyber security first. As long as you choose a reputable company and create an extremely strong master password, you’re likely a lot safer than you would be without a manager.
The How
- Do your research. You will first want to pick a reputable password manager. Experts recommend any of the big name applications (LastPass, Dashlane, and 1Password have the best reviews), but from there it will be depend on your preferences and needs. Wirecutter recently published a great review to help you decide.
- Create a master password to end all master passwords. Your account is only as secure as your master password is strong. Go crazy with this one – it’s the only one you’ll need to remember. Once you’ve created an account, you’ll need to install any browser extensions and/or mobile applications.
- Clear your schedule. You’ll need to work your way through adding all of your online accounts to the application. This is the time consuming bit. It may be helpful to keep a running list of your accounts as you think of them. I highly recommend using the password generator to change all of your passwords as you go.
- Destroy the evidence. Purge your phone/browsers/desktop of any saved passwords. Throw out the post-its stuck to your monitor, delete the notes file in your phone, turn off password saving in your browser. If your application doesn’t offer it, set a reminder in your calendar to change your passwords again in a year (it’ll be a lot easier next time!).
Patient Computer Help for Grown Ups assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.