Why Should I Use a Password Manager?
We repeatedly stress the importance of strong passwords that are unique to every website, but with dozens (or hundreds) of complex passwords it becomes challenging to remember them. This is where a personal password manager can help.
HELP – I forgot my Password!
If forgotten, most sites these days allow you to do a password reset, verified by email or two-factor authentication. While not the most convenient, it’s commonly used by almost all users. Password mangers are able to secure store all your passwords, especially the ones that cannot easily be recovered or reset.
How Do You Remember All Your Passwords?
You never want to store passwords unencrypted on your computer (or in the cloud for that matter). This includes Word/Excel documents, PDF’s or plain text files. Alarmingly, this is what many people do. It’s like making that password Post-it® Note stuck to your monitor available for hungry hackers to find (oh… don’t do that either).
There are a variety of app- and browser-based solutions to password management, many of which are free for personal use. One of the highest-rated and most popular is LastPass from LogMeIn, though there are several others with similar features.
How Does LastPass Work (and is it Secure)?
LastPass will prompt you to set up a strong “master password” to access your account, which is irreversibly encrypted and unknown to LastPass. Your device (phone, tablet, or browser) has a private key to read the contents of your encrypted password vault upon authentication with the master password.
While some users are happy enough to use LastPass solely as a password-protected list of logins or secure notes when needed, others may want to grant the app access to interact with other apps and websites, which LastPass recommends. Doing so allows you to auto-fill login credentials and contact information from profiles you create. Another nice feature is the automatic generation of unique, secure, complex passwords with various options for use in the websites and apps you use. Since you are only remembering your LastPass master password and letting LastPass fill in the login for you, it is to your advantage to make stored passwords as complex as possible so they are not compromised by brute force attacks.
How to Pick Strong Passwords
As a reminder, here are some best practices for picking strong passwords if you continue to pick them manually:
- A password should be complex. Use a combination of mix-case, non-dictionary words, numbers, and symbols.
- A password should be long. Complexity is important, but length matters most. Powerful computers can brute-force guess tens of millions of passwords per second. A ten character password is significantly simpler to guess than a fifteen character password. Consider using a three to five word phrase that’s easy for you to remember but hard to guess.
- A password should be hard to guess. Do not use common passwords (“password”, “12345”, etc.), your username, birth date, Social Security number, phone number, or names of pets or family members.
- A password should be unique to every site. A password breach on one website gives easy and immediate access to any other sites using that same password. It is especially important not to reuse your email password anywhere. If that is leaked, your email is compromised and hackers have access to personal communications and this gives them an easy way to find out what other websites you have accounts with (banks, credit cards, insurance sites, e-commerce sites, etc.).
- Please feel free to contact Copeland with any questions or concerns regarding password security or personal password management.
July 17, 2018
Cybersecurity is for every company. Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information. Every company that relies on the internet must be aware of… Read more