Have you ever counted how many separate logins you have for the websites you use in your personal and work life? This answer is usually shocking to most people, as it is often much higher than you’d think. Out of these websites you use, how many contain things that are sensitive and valuable to you? Your bank account, your health records, your private documents, your photos, your emails – all of these things are under “lock and key”, meant for you only. But, unbelievably, a majority of technology users use extremely weak passwords and are leaving themselves vulnerable in ways most do not understand until it’s too late. Are you one of these people? You lock your house and you lock your car. Are you leaving your internet life unlocked? If so, start a new chapter of personal security by using a password manager.
It seems like passwords are needed everywhere these days. Nearly every website and app we use requires us to sign up for an account by choosing a username and password. Fortunately, many of these sites remember who we are and do not ask us to enter it every time we check our email or pull up Netflix. Other sites (like your bank) require that you be more secure, making you enter your password each time you visit and logging you out automatically after a few mins of inactivity.
None of this is particularly difficult, and we usually don’t think much of it – it’s just us, in front of our computer or phone, accessing our Amazon account or opening an email. But how uncomfortable would you feel if someone else, without your permission or knowledge, was accessing your online accounts with the same ease? What if they copied your private photos and uploaded them to the internet? Downloaded your emails? Stole your money through an online bank transfer? Locked you out of your own email address? Impersonated you (through your real email and social media accounts) to scam your family and friends out of money? The list of terrifying scenarios which could occur if your digital accounts were breached is long and gets more terrifying the more you learn about this subject. It’s simply a no-brainer, therefore, that our personal accounts must be accessible ONLY to us.
Fortunately, many professional websites and apps make significant efforts to ensure that your account can only be accessed by entering the correct password.
The problem is, most users regularly make the following two mistakes:
1) using an extremely basic password
2) using this same password everywhere.
By “basic” password I mean your “tried-and-true” password, the one you’ve been using for years. Perhaps it’s [Pet’s name][Your birth year]. Or maybe it’s [Child’s name][Child’s birth year]. Or [Spouse’s name][Wedding date]. Perhaps you’ve even been “more secure” by changing the last few digits periodically, like Roger56 (when it used to be Roger55). Or maybe you’ve cleverly swapped a one for an “i” to make Br1tney08.
Meanwhile, you’ve diligently been using this same password for every website and app you use (or maybe Br1tney09 for one site because you got locked out of your account once and they wouldn’t let you reuse the same password). If this sounds familiar to you, then please, read on.
The issue here is not just the simplicity of the password (“who’s going to guess Vegas808 anyway?”). The issue is, believe it or not, that this “tried-and-true” password of yours may very likely already be out there on the internet somewhere, publicly available along with your email address. Did you know this? It occurs when (in simple terms) someone hacks into a major website and steals data including the usernames and passwords of its users–usually millions of them at a time. These data breaches occur with alarming frequency (multiple times per year, and these are just the ones we know about). These usernames and passwords (and often much more data) are then shared with other criminals or simply posted online where anyone can find it. (As a side note, you can check whether your email address is included in any known breaches by entering it at haveibeenpwned.com) The bottom line here is that if you are using the same password for multiple sites, someone with that password could access your account at any of these sites.
This means that, for security purposes, you should never re-use the same password twice.
In fact, best practice is to create a separate, strong password for every site and app that you use. And by “strong”, I mean something like 47NjQU$9b3r@LgVxV8fFh6ez. Ideally, you’d have something like the following:
| WEBSITE | BEFORE | AFTER |
| Netflix | Buster123 | 47NjQU$9b3r@LgVxV8fFh6ez |
| Amazon | Buster123 | gz*voy7Jof*r6BrDpY62C!yb |
| Gmail | Buster123 | CuuHGkN7DEdjYcH@gF-exYQn |
| Buster123 | Q_y@m2pKF8WEmNQ8pF8yyKt! | |
| Buster123 | uc42fAaio@YZhjoxGWG@Uorw | |
| Your Bank | Buster123 | 8dnsqH668HhTNbwM8gjuQ2-x |
| Your Credit Card | Buster123 | LYCM-7cMMz4HQ2DBxJie!bi9 |
| 𝕏 (Twitter) | Buster123 | xKcXdw*J2Pj6r!s2-7oqH4Yq |
Now, while it may be the most secure to have passwords like these, it would be totally impractical to remember these long and completely random passwords. And that’s how, finally, we have arrived at the title of this article: why you should absolutely be using a password manager.
What’s the solution?
We recommend to all of our clients (and our family, friends, neighbors, postman etc.) to implement the following three basic steps for your digital life:
- Start using a password manager
- Enable two-factor authentication wherever possible
Start Using a Password Manager
A password manager is a software application which securely stores all of your usernames and passwords in a central place (which is itself protected by a master password). While browsing the web on your computer or phone, the software will recognize when you are being asked for login credentials and fill them in for you. Using a password manager allows you to easily maintain separate, secure passwords for as many accounts as you could possibly sign up for. That way, if your credentials used on one site are leaked in a data breach, none of your other accounts are at risk.
I highly recommend 1Password, as it helps manage not only your own passwords but also those you share among family members or associates.
You simply sign up for their service, download the app to your computers, phones, tablets etc. and sign in on all of these devices.
Once you have added your library of passwords, you will be able to access all of them from any of your devices.
Enable two-factor authentication (2FA) wherever possible
For an extra layer of security, I also recommend that you turn two-factor authentication ON for any websites and apps that offer it. This adds a required second step of entering in an additional code after you have entered in the correct password. These can be either texted, emailed or generated using an authenticator app on your device. We recommend using the third option wherever possible, as this is usually the most secure.
Combining these two security steps (a password manager and enabling 2FA) is the absolute bare minimum you should be doing to protect yourself online. Don’t leave yourself at risk to learn the hard way that you should have been using a password manager.
Feel free to contact us through our Public Helpdesk if you have any questions!