Like most people out there I have way too many accounts in more place that I know about. And like all these people I have fallen into the same trap by using the same password in all these different sites. Bluffing my self by thinking I am rotating between a few passwords, nobody will ever know, right?
Well even though this is not the worst mistake I have done this is a very big deal.
Let’s put this in perspective. Imagine every key you own, your car, house, office, safe, etc…They all now use one key, the Exact same Key.
None of this bunch of keys anymore. Life is Easy. Then the key falls out of your pocket one day never to be found again. Except somebody has it and can potentially get into every place you try and keep safe. This is exactly the same when you use the same password of all your online accounts. Regardless if you have a different password for your social media than your finance. If you use a password or a similar password more than once you can potentially put yourself at risk.
Let’s do a quick test. Go to the site HaveIBeenPwned. Do a search for your oldest email address you own. If it comes up Red, know that you are at risk.
Now look at each site and read exactly what data was compromised. If even one of them shows your password has been compromised then you are compromised. Have you used this password before? Do you even remember the password you used for this site?
Some of you might think let me go change my password quickly to make it safe again. It does not work like that. Yes, Agreed! Change your password this will protect that specific site. Regardless your password is now in the possession of somebody else and they can use it on every internet-based platform you are on. Your Bank, Your Social Media, Your Privacy exposed.
Well luckily for us there are services out there that saw the struggle and came to our rescue.
These services are called Password Managers and if you use them correctly it can make your life much easier and safer. I CAN NOT OVERSTATE THIS if you use the Service Correctly. This means in conjunction with other common best security practices.
What are these Security practices?
- Don’t leave your device unlocked
- Don’t Click the Remember me option
- Sign out of accounts when using an untrusted device
- Where possible encrypt your devices
- Above all be Security conscious
Security practices should be a daily practice. Prevention is easier than Exposure.
How does a password manager work?
A password manager is a single location where you store all your account details and passwords. These passwords are encrypted in a secure location that even if it should be breach it can not be read unless it has the master password which it was encrypted with. Thus every single person that uses these services will have different encryption.
Unlike browser password managers that saves your password unencrypted.
Depending on the Password Manager you use there are options to Trust certain devices and login automatically. Again bearing in mind you have another security setup on the device. Like hard drive encryption and Automatic screen locking.
MFA is an additional option I would suggest you activate on all online services you use. Basically, MFA is the second step of authentication when you login into a service. This is either an email you receive asking you to confirm you are trying to login. An SMS to your phone with a One-Time-Pin or an Authentication app that changes codes every 60 Seconds. Although not limited to the above this makes it much harder to get into your account.
When enabling this on your password manager as well as your accounts are safeguarding. You basically have four steps to take before accessing your account.
- Password Manager password
- Password Manager Two-Step Authentication
- Service Password
- Service Two-Stop Authentication
Now you are thinking this seems like a lot of work. But what you need to know is you can Authenticate on a Device once Every 30 Days. Meaning if you choose to you only have to authenticate on the device you trust only 12 Times a year. Compared to what you are currently logged in permanently when your device is Stolen. Secondly, password Managers remembers your passwords and has the ability to generate it for you. So if your Device is compromised the password will always be completely different to all other services and you don’t have to remember it. Lastly like most services out there now you have the ability to sign out all devices using the services (If it connects to the internet(Something they never say)).
Which Password Manager is Right for you
I have not tested every Password Manager but rather did some research on what different Password Manager has to offer and chose to use LastPass…
The reason I chose LastPass is it gave me the ability to keep my passwords over multiple devices from the start. It is an online manager and immediately assisted with MFA. I installed the chrome plugin and as I register or LogIn it automatically gives me the option to add the details to my database. Then I was able to Sort the passwords in groups depending on what I use it for.
I could add non-online details to it as well, for example, Wireless Passwords and am not limited to the number of passwords I can save as a free user.