If you have read any of my previous posts about online security, you will know that I am a big advocate of everything related to online security.
What surprises me is how we go out of our way to make sure that everything offline is secure (house, cars, etc.) and we take extra care with them.
But the same cannot be said for non-tangible, online “products” like our passwords. And this is despite having more and more personal information online, from bank details, to addresses, to medical information and even your place of work.
It’s a goldmine for hackers who can disrupt your life and steal valuable information about you.
It’s almost impossible to be completely protected online, but the least we can do is to make it as secure as possible to prevent anyone having access to extremely private information.
At the end of the day, if anyone has access to any login details that you have used in multiple places, just think of the consequences.
The fact that people store their passwords on their browser, save it on an Excel spreadsheet or buy a book just for writing passwords scares me.
That’s right, people actually do that:
— Ahmed Khalifa (@IamAhmedKhalifa) April 4, 2017
One of the first things that I recommend anyone do is to sign up for a password manager as a way to keep it safe, secure, unique and complex.
It’s without doubt one of the most important things you need to do if you login to multiple places (among many other recommendations)
What is a Password Manager?
Also known as a “password keeper”, “password vault” or even “password saver”, the best way to describe them is a software application that is used to store, manage and create complex passwords for various online accounts.
The powerful thing about password managers is the ability to create strong and unique passwords for every single account that you have online.
Think of it of as an online library with very strong and complex passwords, which is only accessible by a strong master password.
How Safe is a Password Manager?
This might sound scary – one place to store your password?! What if someone has access to that?
And these are good points.
As well as having various security features, such as encryption and multi-factor authentication options (like 2-Factor Authentication or 2FA), all you need to do is to create one ultimate master password to access the rest.
This will act like your gatekeeper.
That master password will not have been used anywhere else (actually, no passwords should be reused anywhere else). It should be long, complex (small letters, capital letters, special characters, numbers…the whole lot!) and unique.
From there, you will have access to the rest of your passwords, which are also complex, and the password manager will make it easier for you to login to your online accounts.
By revisiting your existing online accounts to solidify the passwords and also for future accounts, your passwords have strengthened…like a Mark Ruffalo turning into Hulk.
Why Use a Password Manager?
When you consider that the most popular passwords are below, you will realise that there is a desperate need for everyone to get serious about getting better at setting passwords.
Not only that, password reuse is a serious problem.
As I have mentioned earlier, if someone has access to your login details, and you have used the same details multiple times, it’s very easy to login to your other profiles, change the login details and lock you out permanently or abuse your data.
Doesn’t that sound like a scary prospect?
And with password leaks becoming more and more common every year, even on larger (supposedly) well-maintained sites, you are in a very vulnerable position if you reuse passwords.
If you are asking how you are supposed to create long, complex, unique passwords for every single online account, the solution is simple: a password manager.
All you have to do is to have a “master password” and combined with 2-factor authentication, you will have a solid encrypted list of passwords for every single online account that is very difficult for hackers to access.
Password managers don’t need to be perfect, they just need to be better than *not* using them, which they unequivocally still are https://t.co/nVG5G6RAWx
— Troy Hunt (@troyhunt) April 1, 2017
On top of that, password managers tend to have additional features such as automatic form filling and the ability to share login details to e.g. your colleagues or employees, but without revealing the actual login details.
This makes it easy to stay on top of your passwords if that person eventually leaves. Because you only need to withdraw access to the login details in just a few clicks instead of manually changing every single password every time an employee leaves the company.
Can I Not Just Use My Brain to Memories Complex Passwords?
Of course you can.
We’ve all seen people who can memorise a whole deck of cards in seconds.
And we’ve all seen someone who can look at a Rubik’s cube and solve it in seconds…blindfolded…oh, and a 7-year-old can do that:
And there are various techniques on how you can train yourself to remember and memorise better.
But unless that interests you, why make it difficult for yourself?
It is said that an easier way to remember passwords is to turn a phrase and use a combination of small and capital letters, symbols and numbers. For example:
- ilovetoeatpizza > [email protected]@
- letsgotonewyork > L3tsG02n3wy04k
- [email protected] > [email protected][email protected][email protected]
But you could spend a lot of time training your brain and memorising skills, or trying to think of a long phrase to convert, or even trying to to remember which passwords you have converted that you used for a particular website.
And imagine if you have dozens of online accounts too?!
So aren’t you better off just using technology, which is a stronger method of memorising and generating very difficult passwords?
Feel free to memorise the passwords below:
How did I create them? No, I didn’t bash the keywords. I use a password generator via LastPass.
And no, I’m not using those passwords (nor should you!).
On the other hand, you can still use a password generator to create pronounceable but still difficult passwords. I just did that below:
So keep it simple for yourself.
Which Password Manager Should I Use?
There are so many reputable and well-designed password managers out there that you can use.
Of course, you are more than welcome to do your research, but if you are looking to get started straightaway, I recommend LastPass.
As I have been using it since 2010, it is one of the most essential tools in my resources and I have never come across any issues when using it.
Even though you can use it for free, I have started to pay as it gives me access to additional security features. One of them is the ability to give permission to share access to login to online accounts without the other person viewing the password. You also have the power to withdraw that password access in just a couple of clicks.
And at $24 a year, it’s a very reasonable price to pay to protect your private and sensitive data, which is priceless.
However, you can also do your own research to find one that suits you.
How to Check or Receive Notifications if My Login Details Have Been Compromised?
This is a good question that we should all be asking, particularly as the number of cyber attacks is expected to increase year-on-year.
In order to check whether you details have been compromised in a data breach, you can register at Have I Been Pwned.
It was created by Troy Hunt, a well-known security expert who shares his knowledge and advice on protecting your details and calling out the brands who don’t.
Big congrats to @tmobileat for scoring themselves a news headline today! Security incompetence + being a dick on the corporate social media account is a great way to get the spotlight shone on you: https://t.co/HmQ8AuFcYg
— Troy Hunt (@troyhunt) April 7, 2018
You’d think that we can rely on brands to look after our data, but the above is an example of how careless brands can be with your data.
If you are depending on them to protect your data, it is an accident waiting to happen.
One of the most common reasons why hackers manage to get access to your online accounts is because of weak passwords and reusing passwords.
There are many good practices you can follow to protect yourself online. But let’s get started on getting protected online, either by researching for the best password manager around, or just go for LastPass as I have recommended.
But I know that some of you reading this will have your concerns about doing this. If that sounds like you, leave a comment below and let me know why you are worried.
Latest posts by Ahmed Khalifa (see all)
- ‘Atomic Habit’ – Book Review on How to Create Good Habits & Remove Bad Habits - 5th October 2019
- Why is My WordPress Site So Slow & How Can I Fix it? - 1st October 2019
- How to Critique Your Own WordPress Website Effectively Without Being Biased - 27th August 2019