One of the top tips from security experts is to use a password manager. These can help create, store, and manage unique and strong passwords for every online account. Password managers can also store other sensitive information, such as PIN numbers, credit card information, and some even allow secure notes. Some browsers have built-in password managers but these will not work across devices or other browsers, making it difficult to log in to your accounts if you use a different device.
Creating unique and strong passwords for every online account is vital in today's internet security landscape. With the sheer amount of data breaches that occur every year, it's likely that your username and password for certain online accounts have already been compromised. Hackers know that most users will use the same login credentials for multiple websites, so they will try other online accounts until they find something. Once they have access to your account, they could access your personal information, such as credit card or banking information, home and/or shipping addresses, etc.
Choosing A Password Manager
To choose a password manager, you should focus on privacy, security, and ease of use. Password managers should be hardened against hacking attacks and some can alert you if your passwords show up in a data breach. Some password managers may collect personal data for their marketing purposes.
There are many paid options for password managers but these typically also come with a free, limited version or a trial. The free versions are missing features such as data breach alerts, tools to identify weak or reused passwords, browser extensions for easier use, or a web vault to store your passwords online. If you find a password manager is missing features you want to use, you can always import your passwords to a different service and try again.
When using a password manager, you’ll likely have to create an online account and a password. As this set of login credentials will provide access to all of your other passwords, it’s important to use a secure, randomized password that would be difficult to guess. The password would be difficult to memorize, so it’s wise to write it down and store it in a safe location that other people won’t have access to. If you store it at your office, do not write it on a sticky note and leave it somewhere accessible to your coworkers. Store it away in a safe or other secure location.
It may seem counterintuitive or risky to store all your passwords online with a password manager service but the information is protected with strong end-to-end encryption. This means that your sensitive data is encrypted locally on your own devices and only the encrypted blob is sent. If there is a data breach at a password manager company, assuming they've taken the proper steps to secure your data, it's unlikely the hacker would be able to recover any sensitive information.
Installing Additional Software and Apps
Depending on the password manager of your choice, you may have the option to install browser extensions, software local to your computer, an app on your smartphone, or any combination of these options. These will provide you with convenient access to your passwords and other stored information. You will need to log in to each of these to get access to your data.
Creating New Passwords
Once you're all set up with your account and additional software, you are now ready to create new strong passwords or store your existing passwords. If you've installed the browser extension, the password manager will detect when you're on a login page. If you've already stored login credentials for this page, it will provide quick access to it. Some will even auto-fill the username and password section for you. If this is a new account, the password manager can generate a new, strong password for the account. You will typically have the choice of how long the password will be and the types of characters to put in (upper and lower case, numerical characters, and symbols). The password manager will then store the password once you proceed past the login page.
This is where we should add a word of warning. Some password managers are designed better than others, and some will not be able to detect when you're at a login page, or will not offer to auto-save the password it generated. The passwords generated are nearly impossible to remember and cannot be cracked in a reasonable amount of time if it is long enough. It may be wise to copy the password generated to a separate offline document, such as Wordpad on Windows or Notes on Apple, and then create the account as you normally would with the generated password. After the account is created, make sure the login credentials for this account are in the password manager. If it's in there already, delete the password from Wordpad / Notes and now you're ready! If it's not in there, you will have to manually create a new entry in the password manager to ensure it's stored safely and synced across your devices.
Focus On Your Critical Accounts First
The process of moving over to a new password manager can be tedious and annoying, but you don't have to do it all at once. Start with your most important accounts, such as your email and banking / financial accounts. If you've been notified that your account has been part of a data breach, you should immediately change its login credentials. If you've reused this password anywhere else, even if you've used a different username and/or email, you should still change the password as it's easy for hackers to link your various usernames and emails.
Some password managers can also analyze your passwords and point out the ones that are weak and easy to crack. Even though these may not be a priority, you should change these as soon as possible.
Comments