Weak passwords and poor password practices are one of the easiest ways to facilitate getting hacked. When it comes to passwords, most people take the path of least resistance, which becomes the path to a breach. Password managers make it easy to make and manage passwords that are harder to crack, and facilitate the use of unique passwords for every account, which makes for more secure accounts, and fewer opportunities to compromise your security.
Even cybersecurity gurus know what a pain in the butt passwords are. You’ve got however many passwords you need to remember at work, plus all your personal accounts. What do most people do? They reuse a lot of the same password(s) at work and at home. On top of that, they don’t use very good passwords. How do we know this? Sometimes, when hackers break into a system, information related to the break-in is published online. What are some of the more common passwords used by people based on these revelations?
123456 123456789 qwerty
12345678 1234567890 1234567
Password letmein football
Now, if your local bank was robbed, and it got out that the combination to the vault was zero-zero-zero, you’d have a fit. For some reason, however, people seem to think that locking a computer—the thing that is tied to their livelihood, or that stores sensitive personal information—with something as pathetically easy to guess as 123456 is totally okay.
Password managers take the pain out of creating and using strong passwords or pass-phrases (a series of random words rather than random letters and numbers). You personally only have to create and remember one strong password: the one that opens the password manager itself. The password manager creates strong passwords for all your other accounts, based on criteria you set or that is mandated to you by the program or service you’re using (e.g. at least 12 characters, including at least 1 number, 1 special character, etc.). Password managers will also recognize when you are trying to log in to a site that you have a user ID and password for and allow you to automatically enter that data into the login screen (e.g. autofill).
Resources
Which password manger to use? Here are four that have great reputations, in no particular order:
• KeePass - https://keepass.info/ (free)
• Dashlane - https://www.dashlane.com/ (free and paid versions)
• 1Password - https://1password.com/ (paid)
• Roboform - https://www.roboform.com/ (paid)
Have I Been Pwned?
Visit https://haveibeenpwned.com and enter your email addresses (work and home). It doesn’t contain ID/password combinations from every data breach ever, but it has a lot of them. If you haven’t already changed the passwords linked to any compromised accounts, make sure you do so now. The site also allows you to receive notifications if your address (or addresses linked to your company domain) if they’re discovered in a future breach.
No comments:
Post a Comment