Computer Security 101: Password Managers

Computer security is one of the most important things of this generation. I’ve tried in the past to address the different parts of computer security. I wrote a post once about creating a strong password and one about using a VPN.  I created a Youtube video with instructions and methods to help create secure passwords. If you search the internet there are many other posts about the reasons to create a secure password and how to do it. Yet every year the list of most commonly used, insecure passwords is put out and the same top passwords like ‘123456’ and ‘password’ are always on the list.

The reason is because a lot of people think making a secure password means it’s hard and they are going to forget it. Then you add in the proliferation of services today and it means having many, many, many “secure” passwords. Proper password etiquette dictates that you should have a different password for every account. This increases the likelyhood that a user will forget some of their passwords even more. Which is why most people just make a simple password that is easy to remember and then re-use it for everything. Unfortunately that makes things easier for hackers. I’ve always said that your password should be as secure as whatever it is protecting. If your bank account, emails or data stored in the cloud is something you would like to protect. Well your passwords are the first hurdle. Creating a simple, easy to remember password is like buying a front door lock at a garage sale for your million dollar mansion.

OK so what do we do to make things a little easier on ourselves? password managers! Instead of starting out by trying to show you how to create secure passwords. I’m changing up the order of things so it’s a little easier on you. Password managers are software that users can store their password info in. This allows the user to only need to remember 2 passwords. One for the computer and one for the password manager. This makes the whole thing a little more manageable. There are many password managers out there so there is lots of choice. Some you have to pay for, some you have to pay a monthly subscription for and others are free. Now before you think “free” great I already know which one I’m choosing. Again remember that the password should be as strong as whatever it is protecting. Companies are in business to make money and free does not make money. So the first thing you need to ask is “how do they make money from free software?” Again you are handing over the keys to your most valuable posessions so you should be able to trust the company behind the software. How much is the security of your data worth to you? This is the price you should be willing to pay to keep it safe. Maybe in another post I’ll go through the different password managers out there but for now please do your own research before choosing one.

Like I said there are many password managers out there. 1Password is what I’ve used on my computers, iPhone and iPad for years. There is also Dashlane and Keypass X just to name a few. They have different features, services and work on different platforms. But most if not all offer the benefit of being able to generate random passwords for you. Which takes some of the work/fun out of creating different, secure passwords for all your accounts. The next step goes back to the only 2 passwords you now need to remember. Storing all your secure passwords in a password manager and then using ‘green123’ for your computer and ‘red345’ for your password manager is just slightly better than using the same easy password for all your accounts. Now that you only have to remember 2 passwords please make them secure. The password I use for my password manager is 30 characters long and pseudorandom.

There are also other tricks a user can employ while using a password manager to maximize their security. It all depends on how secure you want to be. Security and Convenience are on the opposite ends of the scale. The more secure something is the less convenient or easy it will be and vice versa. So keeping this in mind and depending on how security minded a user is will determine which of these tricks they put into practice. A username goes hand in hand with a password. There are so many social networks, email services, online services, banking services, etc. That without vital information like username and what service it belongs to the password becomes a needle in a digital haystack. Password managers store that basic information along with other optional information. Usernames are generally easier to remember and in cases like your bank account it’s usually your debit/credit card number.

So one trick is to leave out easy to remember information like usernames. Another is to label the entries in short-form and leave out any site links. The more information you leave out the harder it makes any hackers job to try and get into the account. Password managers can generate passwords of any length, using random characters of all types. I would suggest using this to your benefit and generating as long a password as the service allows. All password managers allow you to copy and paste the generated password into fields and the longer it is the harder it is to crack. Hackers are like car thieves when they get to a password that takes a large amount of time and effort. They just move on to the easier ones of which there are plenty. Just be aware that some services will not let you copy and paste a password into the password field. Some also do not allow special characters. Keep this in mind when generating the password’s length and the rules the program uses to create the password.

Now get out there, do your research, get a password manager and secure all your account passwords. I’m going to cover secret questions and email phishing next so stay tuned.

Advertisements