www.amazon.com/author/paulbabicki
====================================================
Why you should use a password manager
19
JUL 2016
Maria
Varmazis nakedsecurity.sophos.com
For
years, I read many, many articles about password managers – much like this one
– and despite the fact that I’ve been working in the information security field
for about a decade, I still resisted trying them out. It seemed like a lot of
hassle, and who needs more of that?
Instead, I
kept an arsenal of passwords in my head: A few “disposable” ones for sites
I didn’t care much about that I reused constantly, a couple other slightly-more
complicated passwords that I used more sparingly, and for a few really
crucial sites (mainly financial ones) I had long, complex, and unique passwords
that I managed to remember due to sheer repetition and stubbornness.
While
on a long vacation abroad a few years ago, I found myself needing to
send an urgent message to family, and my email account was one of
those accounts using a long, complex password. Since it had been several weeks
since I’d logged in, no matter what I tried I just could not remember my
password. I tried to log in so many times I locked myself out of my account.
Mea
culpa.
When I
got back from my trip, I knew it was time to stop this madness and use a
password manager for once and for all. Now I’ve been using a password manager
for several years, I can’t imagine still trying to juggle a few weak
passwords in my head.
If my
story about juggling a few sets of passwords in your head sounds familiar, I’m
here to convince you to take the plunge and use a password manager once and for
all.
Here’s
why:
They’re
simple to set up and easy to use
Before
using my first password manager, I imagined I’d have to sit down for hours in
front of a big spreadsheet, recounting every username and password for every
website I frequent. Nobody would look forward to that kind of chore.
Thankfully
that’s not how it works. Password managers work to capture your existing
username and password credentials the first time it sees you enter them on a
website, and then it stores them in a secure password vault for recall next
time. The idea is that the only password you’ll ever have to remember once you
set up a password manager is the vault’s master password.
As you
go about your business online – for example, as you log in to your email
account – the password manager will notice that you’ve typed in some
credentials and will offer to save them in the password vault for you. Next
time you log in, the password manager will enter your credentials for you
automatically, easy as that.
And
when you change your account’s password, which you really should if it’s one
you’ve reused somewhere, the password manager will detect the change and update
the password on file for you.
They
make sure your passwords are unique and strong
I can’t
emphasize it enough: you really should be using unique, strong passwords on all
websites you use. Why? When a site gets hacked, hackers will often
take the credential data they’ve mined – usernames and passwords – and try that
data out on other websites to break in to accounts there, too. Sadly, it
works because so many people reuse credential information across many
websites. (You can check to see if your information has been
used in an attack like this via haveibeenpwned.com.)
But
as services online proliferate, creating – let alone remembering – a
unique password for every single one
becomes practically impossible. Thankfully, password managers can
step in and help here by generating unique passwords for you.
A
strong* password should be of decent length, contain a good mix of upper and
lowercase letters, numbers, and unique characters. That means a good password
could look something like this: Vp$lskFOyS4h^oqI.
It’s
hard enough to try and think of dozens of passwords that look like that, let
alone trying to remember them. Thankfully, the password manager takes care
of both of these tasks for you.
So in
the worst-case scenario, if your account is involved in a website breach, if
you’re using a unique password, the hacker only gets access to that one
account, not a treasure trove of all your other ones.
Seriously,
you can’t remember all those passwords
When
you use a password manager, your passwords can be mobile yet still secure. Most
password managers allow you to sync your account from multiple machines (so you
can have access at your home and work computers, for
example). Others in addition offer a phone app (LastPass), or
for you to export your encrypted key information to a secure file or to
a USB key (KeePass) – either option allows you to access your secure
password vault while on the go.
One of
my favorite use cases is for securely sharing credentials to an account used
by trusted parties. For example, while my spouse and I both have our
own personal password manager accounts that we keep private, we can opt to
share specific credential sets between our two accounts so we can both
securely access them, and keep those credentials synced.
This
makes things like accessing the monthly electricity bill or joint banking
accounts much, much easier. Plus, if one of us changes the password to one
of these shared accounts, since the password manager keeps track of the
changes we both automatically have the updated credentials.
It
might make you feel a bit wary to have all your passwords stored in one central
place, but any password manager worth its salt uses heavy-duty
encryption to keep your information safe. In addition, many offer two-factor authentication (2FA)!
Ready
to try a password manager? Great!
If I’ve
convinced you to give a password manager a try, the best way to get
started is to dive right in. Most have a free version you can use, with some
premium features you have to pay to unlock. Below are the four I’m
most familiar with, but there are a lot of options available to you.
·
1Password
·
Dashlane
·
LastPass
·
KeePass
So how
about it, are you going to give a password manager a try or are you still not
convinced? Are you already a password manager fan?
================================================================== Good Netiquette And A Green Internet To All! =====================================================================
Tabula Rosa Systems - Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value. TRS provides product, design, implementation and support services on all products that we represent. Additionally, TRS provides expertise in Network Analysis, eBusiness Application Profiling, ePolicy and eBusiness Troubleshooting. We can be contacted at:
===============================================================
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
Anyone who would like to review the book and have it posted on my blog or website, please contact me paul@netiquetteiq.com.
In addition to this blog, I maintain a radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
Additionally, I am the president of Tabula Rosa Systems,
a “best of breed” reseller of products for communications, email,
network management software, security products and professional
services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology market.
No comments:
Post a Comment