Cybersecurity has been big in the news lately; it’s enough to make any internet user paranoid about the safety of their online accounts and stored data. Wishing to stay one step ahead of any would-be threats out there on the web, this blogger cast aside the excuses and committed to shoring up his digital defenses with a strong password manager. I’m here to tell you why you should as well.
1. You don’t want your identity/money stolen
The ubiquity of the internet often leads us to not put much thought into the type of data we share online. How many online storefronts hold saved payment credentials? How much personal data do we have stored in our various cloud lockers? How far and wide are sensitive items like social security numbers, bank account access codes, addresses, and telephone numbers spread across the net?
We need only look back to the recent Sony hack or any number of high profile password leaks from companies like Google and eBay to recognize the importance we should place on protecting our digital data. In fact, it is suspected the Sony hack was the result of targeted phishing attempts used to gather the passwords of lower-level employees, which in turn provided hackers with an easy means to breach the system more widely.
A breached password is the one thing worse than losing your Android phone. It only takes one compromised account for a person with malicious intent to gather enough data to give you a real headache when it comes to unauthorized purchases or identity theft. It’s even worse if you use duplicate usernames and passwords. While it might be a bit more time consuming upfront, choosing strong passwords and updating them regularly is one of the easiest steps you can take to avoid facing larger problems down the road.
2. Your pet’s name is in your password
Take a look at the most recent list of the internet’s worst passwords as compiled by SplashData. Are you guilty of using a top-10 no-no like ‘123456’ or the always strong ‘password’? We get it. A good password can be as difficult to break as it is to remember, but that’s no reason to avoid creating one.
A good password will use a variety of letters, numbers, and symbols (if allowed), as well as lower-case and upper-case letters. The best passwords are truly random, and therefore real words should be avoided. Longer passwords are also better, so if the max length is 40 characters, by all means use each and every one. You can see how things quickly become complicated. Good for protection, but, again, bad for ease of entry.
Hackers aren’t the only individuals that might want to access your accounts, however. Despite how much you trust your friends and family, there might be a bad banana in the bunch that wants to snoop around where they don’t belong. Avoid using passwords that reference the names of pets, family members or loved ones, and other personal interests.
A password manager like 1Password, LastPass, or DashLane takes the hassle out of creating truly random, near-uncrackable passwords. One click will generate a password based on a recipe modified by you (character length, types of characters to include, etc.) and use it to automatically fill in web forms. For existing passwords, management software will analyze strength and recommend when credentials could be stronger.
3. You use the same password for everything
We are far too often willing to sacrifice personal security for convenience. A single password that works like a utility knife across accounts is great if you can’t be bothered to come up with a unique password for each individual service. It’s also great for hackers who only want to waste their time figuring out one of your poorly devised passwords.
A ne’er-do-well cracking the login to your Twitter account might have limited repercussions. Unless, of course, you use the same username and password for your bank account login or PayPal. Then it’s a field day for data thieves. Again, a password manager is your friend here, making it easy to store and sort individual, unique logins for all the services you use.
A good password manager offers the ability to audit your database of stored login information to pinpoint any weak spots, particularly when it comes to using username/password combinations that are similar across sites and services you use.
4. You’ve been using that password since you were 13
Not only is your password weak, not only do you use it for every account, but you have been using the same one since you first logged on to the internet. For some, a single password has been in circulation for two decades or more. It’s always a smart idea to update your passwords at least once a year — more often for accounts holding particularly sensitive data.
Most password managers offer security monitoring that will alert you when a password is nearing its expiration date. In most cases, you’ll have to go through the additional step of logging in to the individual service and changing the password, but some services like LastPass are starting to offer the ability to automatically update and change passwords in the event a service you use is hacked or compromised. It’s worth it when it means being one step ahead of a costly security breach.
5. Memorizing 46 characters of random garble is hard
A 40-character password consisting of completely random characters is great for security, but unless you are a superhuman there is really no possible way to remember one for each and every site or service you use. You could rely on the tried and true method of jotting down passwords on a piece of paper or in a notebook. Worse? You could save a list passwords in an unencrypted text document on your computer.
At the very minimum a good password manager will solve this problem, storing detailed account information in a sortable, searchable list protected with some of the strongest encryption out there. You will only need to remember one master password in most cases (make it a good one) to grant access to your locker of stored login credentials.
6. You have numerous devices
We live in a multi-device world, so having your uber-strong passwords stored locally on your computer or mobile phone won’t do you much good when you need to access services on a different device. Once again, a password manager has you covered. With numerous cloud connectivity and wireless sync options you will never be without easy access to your master list of passwords.
SafeInCloud is one manager that utilizes cloud storage via the service of your choosing (Google Drive, DropBox, and OneDrive are all supported) to store passwords remotely for access from a mobile device or remote computer. We recommend protecting your cloud storage with two-step authentication in combination with the strongest of passwords if you plan on storing such sensitive data there, but we don’t need to tell you that again.
If the idea of uploading your database of passwords to the cloud is a bit unnerving, 1Password offers the ability to perform a local sync over your WiFi network. Your data is only briefly transmitted across your local network, never reaching the internet at large, and is then stored directly in the memory of your devices. 1Password also offers the ability to share a password “vault” with a family member or coworker in order to share login information in a safe and secure manner.
7. You have a lot of other data that needs safekeeping
As password managers have matured they have become bastions for plenty of other sensitive data worth protecting. 1Password is especially good here, allowing you to safely store everything from your address and credit card info to social security and passport numbers. The data can be used to quickly fill out web forms or be kept for quick reference offline.
8. The benefits far outweigh the hassle
The biggest hurdle to using a password manager is initial setup. LastPass makes things easy by scraping your stored passwords from your browser, but this only takes care of half the issue. At a minimum you’ll need to do some cleaning up, but you should really plan on taking an afternoon to completely overhaul your password game. It will take some time up front, but after you are done the convenience of a password manager shines through with features like browser plugins for one-click login to your commonly used services.
If it seems intimidating, start by updating passwords for sites and services that store your most sensitive data. You can then slowly add the rest of your passwords over time, using security auditing tools to decide which ones need to be updated and when.
The other thing that keeps many folks away from password manager is cost. Most offer some version of a free service, but these often leave out must-have features like cloud sync. In nearly every case shelling out some cash for the premium or pro version is well worth it. Some password management services charge a yearly fee as low $12, while others ask for a one-time upfront payment (ranging from $10-50 for a single-use license). Free, open source options also exist such as Bruce Schneier’s Password Safe.
Take action now
It should now be totally clear why you need a password manager, so which one do you choose? All share plenty of common features (the most important being strong security), but we’ve narrowed it down to a few of our favorites. Below are our recommendations for wrangling that out of control herd of passwords now.
Do you use a password manager to protect your login credentials? What’s your favorite? Let us know in the poll below.