Protecting Yourself Online - Why You Should Be Using a Password Manager

Security
Written By Josh Davis
cloudsecurity.jpg

Picture of locked cloudEarlier this week news broke on all the major media outlets that Dropbox passwords had been leaked.  It's just the latest in a long string of recent headlines depicting one security breach after another.  Dropbox quickly released a statement noting that they in fact were not hacked and email and password combinations obtained from other services were just being used to attempt to log in to Dropbox accounts.So what exactly does that mean?Basically, hackers were able to pull a list of usernames and passwords from a different service (think Snapchat, Facebook, Google, Twitter, Yahoo,) and then they attempted to use those compromised credentials to try to log into other services. Currently it's unknown which other services may have been hacked to obtain the passwords so my examples above are just possible sources for such a list, and not an indictment of those companies or there security practices.  The key take away here is that this kind of attack highlights why it's so important to never use the same password for multiple accounts.  If one of your accounts is compromised you're no longer just at risk for the one service, but also for every other service you've used with that same username and password combination.  Of course, many of you already know all of this and the common excuse I hear for continuing to use the same password over and over goes something like this...But I don't want to have to remember a gazillion different passwords or my browser already saves my passwords for me!I get it.  Not only is it impractical to try and remember a different password for every service you use online but it's also such a pain to try to think them up!  I know I wasted many a precious moment of my life staring at the "create your account screen" trying to come up with a good solid password.  It's also important that you're not saving your passwords in a browser!  Unfortunately there are quite a few tools out there that allow others to get at browser stored passwords fairly quickly and easily.  For me, at one point years and years ago, I'd had enough.  I knew I needed to protect my online accounts and so I started looking for a solution.  That's when I ran into KeePass.  It was perfect for what I needed at the time.  KeePass is an open source, free to use password manager.  It's sole purpose is to create and store passwords for all of the different services you use in one encrypted database that you then use just one password to open.  This was it!  I'd finally found my solution.  Now I would only have to remember one password and could make sure I had unique, strong and secure passwords on every other account or service I used stored safely and securely in my vault and ready to access whenever needed.  I took the time to update and move all of my accounts into KeePass and soon enough I was up and running and quite happy with my new solution.  On top of that I could now use KeePass' password generation tool to create incredibly strong passwords at the drop of a button.  Hello, super secure online me!Picture of KeePass' Main InterfacePretty soon I wanted more.....After a few years (yes, years!) of using KeePass, I was longing for some additional functionality.  Basically, I wanted to be able to sync my KeePass database across all of my devices (Computer, laptop, phone) and I wanted to have quicker access to my passwords.  At the time, whenever I needed a password to log in to a website I'd have to first launch the KeePass application, open it up, search for the site, then copy and paste the information into my web browser.  It definitely worked, but I wanted it to just auto-fill for me whenever I got to my website (I'm demanding, I know).  So, I started to take another look at other password managers on the market and came across 1Password.  It filled the void for my desire to have cross device syncing as well as website auto-fill functionality.  Of course, those features came with a price, but for me, it was well worth it!  So, I took the plunge and migrated all of my passwords from KeePass into 1Password.  Take heed!  It was not fun at all!  At this point I had hundreds off different saved log ins and the only way to get them into 1Password was to manually add them.  I hunkered down and slowly over the course of a few weeks was able to get everything moved over.  Luckily, 1Password has the ability to prompt you to save a websites log in details whenever you first log in to it so it made making the migration a lot easier as I would just browse to the site enter my log in and tell 1Password to save the account. Done.  The lesson to be learned here however, is to be ready to commit to a solution that has all the functionality you want because if you want to move to a different product in the future it can be quite a hassle.Picture of 1Password Main PageMy online vault!After settling into 1Password, I found it to be great for more than just remembering internet log ins.  I could store bank accounts, notes, my drivers license details and photo, passport, tax returns, pretty much anything digital that I wanted to protect.  It truly is like having a digital vault to secure all your online valuables.  Not to mention, with the sync functionality, I now have access to all of that information from wherever and whichever device I'm working at!  Even cooler, on my iPhone I can now use TouchID to access all of my data in 1Password, with the touch of a finger, ahhh, geek heaven.Picture of 1Password featuresSo what are you waiting for?! Take the dive!Hopefully you're starting to see the value of using a password manager.  There's no longer any good excuse to not be.  The functionality and ease of use they provide allows you to easily take control of your online accounts and will protect you from the headache that comes if/when one of your accounts is compromised.  You'll be able to simply log in and change the password on just the one compromised service without having to worry about which other hundreds of services you've used that same username and password for.  More than that though, you'll start wondering how you ever lived without a password manager, it's that impactful.  Forgot you bank account number?  Your wifi password?  Your credit card number? You'll soon get used to just popping into your password manager to quickly pull up any information you need.Ok, so what are my options?So, you're finally ready to take the jump. Great!  Now it's time to choose a service.  There are a TON of password managers on the market, some free and some you'll have to pay for. I've already mentioned a couple in this post and my loyalty at the moment lies firmly with 1Password, but another great solution out there is LastPass.  A quick google search will return a variety of others, so feel free to check them out and find one that has the features you want at the price you want. The important thing is that you settle on one and start using it!  Also, don't overwhelm yourself in the beginning.  Chances are you've probably got TONS of accounts already, (trust me I know, currently I'm at 289 unique website log ins in my 1Password) that you will have to change and move into your new password solution.  It can seem overwhelming at first, but here's some steps you can follow to get you started.

  1. Research and find yourself a good password manager.  If you don't feel like looking at options, take my advice and grab 1Password.  It's supported on almost every device out there and syncs your data to all of them.
  2. Install the password manager on your computer.  Don't worry about getting it on all your devices at the moment, we'll get to that later
  3. Add a password to your new application.  Pick one of your accounts, your amazon account is a good place to start, change the password on the account and add it to your password manager
  4. Use your password manager to access the website of the account you just added.  You'll be able to see how easy it is to sign in and also see how it works
  5. Once you've used the program a few times and are starting to get the hang of it, set a goal to start adding your accounts into it.  The key here is to start small, maybe adding one or two accounts a day into your new password management solution and grow from there.  It’ll be easy for you to then become acquainted with your new application and it’s a good way to start updating and creating new passwords for all of your important online accounts.
  6. After you've added a few of your accounts and your used to working with the desktop application.  Install the application on your mobile devices and get them syncing!
  7. Soon you'll have all your important accounts protected and all your new log in information will be available on all your devices wherever you go!

Go forth and conquer in a more secure online world!Once you have your new password manager in place, you'll be a lot safer out there and as a plus you'll find some great added value in having a secure online vault to stash other digital things as well!Questions, comments, suggestions?  or need assistance choosing and setting up your password manager?   We'd love to hear from you.  Give us a call at 360.603.9553 or shoot us an email.Want Bellingham IT blog updates to hit your email? Click here to subscribePhoto Cred: agilebits.com, keepass.info, flickr:FutUndBeidl

Josh Davis
Previous

Carvey - Not your ordinary 3D printer