Protecting Your Info 101: Using a Password Manager
Protecting Your Info 101: Using a Password Manager
We’ve all been through it, attempting to log into our email, banking or social media accounts only to find receive an error message that the password is incorrect. “Forgot your password? Click here.” The nonstop resetting of account passwords due to failure to record or store the information properly in a secure location, is less than ideal and downright frustrating! Today we’ll be discussing how using a Password Manager can relieve the stress of losing or forgetting your passwords, while also keeping them secure from prying eyes.
Why Use Password Managers?
Password managers are useful for the security, organization and storage of account information. You may be thinking, “Well if I store all of my account details in one place, I’ll still need to remember a password!” This is 100% true, but by utilizing one master password you memorize (remember to keep backups to the backups of the backups), you can properly secure and manage all of your accounts.
You’ll also have access to all of that information fast. In fact, some services allow syncing across multiple devices, making it even faster and easier to pull up your login details. Again, remember that you must only remember one master password as opposed to all sorts of different ones with separate character limits and rules. To me, that’s an excellent trade off.
In today’s day and age, information security has become a big part of our daily lives and an incredibly important one at that. With the use of password managers, the user can incorporate more extensive, unique and secure passwords across all accounts. Too many people are using the same password for every one of their accounts.
In addition to this, password managers allow a user to update their passwords more frequently and with ease. Why increase your attack surface when you can instead decrease it? With the use of a password manager, users can ensure that if a password becomes compromised, only one account will be affected. With proper implementation, a user can constantly monitor, update and edit not only account passwords, but also usernames or email accounts associated with a specific organization. Many also offer a “secure notes” functionality that allows a user to record things like security questions and answers for accounts.
With the popularity of password managers growing, options range from open source, locally stored password managers to more “mainstream” cloud based varieties such as 1Password or LastPass. So which one do you choose? That’s mostly up to the user, but it’s also dictated by the devices that you’ll be using to access this manager. (Apple/Android/Linux.) Personally, I like to use multiple password managers, while also backing up locally stored account information to avoid data loss or an accidental account lockout.
Password Manager Account Security
After you’ve selected a password manager, your next step will be properly securing the account. The order in which I do this is as follows:
Create a unique username. Alternatively you can create a pseudo-anonymous email address.
Create a strong, complex password. For example, Ferrari1597Moose10302<??>. For something easier to remember, consider a string of words or phrases to use as a password, rather than numbers, words and characters. (fragile car magic vehicle stairs relic) This might seem easier to crack than the first password, but it’s actually more of a challenge for something like a brute force attack.
Activate Device Biometric Security. Many devices allow a user to activate a biometric scanning device, like Apple’s TouchID or FaceID. These systems offer yet another level of security to your password manager.
Enable Two-Factor Authentication. This security feature requires a separate code be entered after the password. This code can be sent through an SMS message or be generated by a separate hardware/software generator.
The Importance of Two-Factor Authentication
Turning on additional security measures to keep out bad actors is always a great idea when using any product or service. Nothing is 100% secure, but by adding additional layers, users can keep attackers at bay for a longer period of time. You might even push them away to another less security-conscious target. Two-Factor Authentication adds a security layer and increases account security exponentially.
There are various types of Two-Factor Authentication, one of which uses SMS messages with a code enclosed sent by the account service provider to the user. There are also mobile phone apps that turn a phone into a token generating device, providing codes which must be entered after being prompted by the log-in service. Finally, there are physical hardware devices that use the touch of a button to generate a long random string of characters.
With any of these options enabled, an attacker must not only have the username and password to the account, but also the additional code from the SMS, app code generator, or piece of physical hardware. So what’s the best choice? A lot will depend on the service being used, but if possible, stick with the app code generator or physical hardware generator. SMS messages might be convenient, but the service definitely isn’t encrypted and is susceptible to intercept.
Password managers are a key component to personal account security and management. Not only will a password manager assist with remembering account information, but it will allow the user to maintain their access and avoid account lockout or data loss. If you’ve fallen into the habit of using similar passwords across a majority of your accounts, it’s time to rethink your approach.
Editor-in-Chief’s Note: Please join us in welcoming Chris W. as a contributor on ITS. Chris has a love for personal privacy as well as physical security. While not a digital guru, he enjoys spreading the word on proper security and personal information management.