No Preaching
It’s one of those things many of use know about but fail to actually do – paying attention to how we create and use passwords.
As many more of us are now working from home, either permanently or temporarily because of the current health crisis, I think it is worthwhile to revisit this issue.
Let me get one thing out of the way – I don’t care what you do about your passwords. No preaching here – no judgement.
If you don’t reset default passwords, or use the same password everywhere, create simple to guess passwords, or write them on yellow sticky notes that you leave on top of each piece of equipment or computer, that’s on you.
Having to deal with almost 1000 passwords (including my own and my clients) I am well aware of the frustration in dealing with a large number of them.
If you’re happy with your current method or solutions, no problem.
If you find yourself tired of watching YouTube, chatting in Slack or Facebook, and want to do something productive with extra “down time”, now might be a good time to invest a few hours in trying out some password management solutions and upping your security game.
Quick Review – The Problem With Passwords
Computer power has grown immensely. It is now takes very little time to guess passwords using straightforward methods.
Computer software can quickly run through a dictionary of common passwords like “password”, “letmein”, all the curse words, etc.
Algorithms can brute force run through every possible 8 letter password quickly – the software will actually just try “aaaaaaaa”, “aaaaaaab”, “aaaaaaac”, etc.
I’m oversimplifying here as there are techniques used to block these dictionary or brute force attacks, but as the defenses increase so do the attacks.
The basic problems:
We use simple passwords because they are easy to remember. We should be using longer passwords and passwords with much more random letters, numbers, and symbols.
We don’t like to use symbols, a mixture of upper and lower case, and other complexities because we can’t remember them and they are hard to type – especially on small mobile phone onscreen keyboards.
Even if put up with this and choose long, complicated passwords, we use them over and over instead of having a unique password for every single different login we need.
The security level of different system is not the same. If you login in to your friend’s online dating service with the same password as your bank account, all the security in the world at your bank doesn’t protect your account from the weak security at the dating website.
Password Managers – The Solution
It really isn’t that hard to let a computer manage your passwords for you. They are good at doing things like that.
There are a lot of password manager solutions – they all rely on a simple premise: They will keep track of all your passwords for you, they will generate complex and hard to crack new passwords, and they will usually help by filling in the passwords automatically so you don’t have to type them yourself.
In return for all these benefits they ask one thing from you (besides maybe your money): You must create one master password that is very secure and you keep it safe.
This master password is used to unlock the collection of all your other passwords.
Now I know what you are thinking – this seems like a big risk since getting ahold of that master password would give a hacker or criminal access to everything.
I’m not a security or cryptography expert, so I can’t explain in detail all the theory and implementation, but these password managers have been reviewed by many experts and they encourage their use.
Ok, in case your are curious – remember, the one master password that you must totally keep safe can be protected using advanced techniques like fingerprint id, retina scan, faceid, or special hardware devices.
If your reluctance to use a password manager is because you think it isn’t as safe, then I can only suggest you do some deep reading to understand how it works and why it is safer.
For the rest of us, the issue is more prosaic – we are set in our ways and can’t be bothered to change that way we operate and learn something new.
Once again, that is something only you can fix yourself.
Free Password Manager Solutions
Over the past few years, we’ve gotten some excellent free solutions.
The first place to start is your computer’s web browser. As long as you are using a mainstream web browser from Microsoft, Apple, Google or another company you trust, you might be all set.
All modern web browsers have the ability to generate random strong passwords, save them on your behalf, and fill them in automatically when you revise the same websites.
A limitation of web browser solutions is that most of them don’t carry over to mobile phone and tablet use. Many apps that we use including communications, financial, and smarthome management, have their own login and password requirements.
Strictly web-browser based password management solutions will not help you there.
Password Manager Apps
I prefer to use a specialized password manager app solution. It’s a paid product, but the prices are quite reasonable given the peace of mind and security that it brings.
There are several to choose from and all are good. I’m used a few different ones, but for the past few years I’ve been using 1Password from the company of the same name.
I’m going to do a full blown review as you can find that online if you want to drill down to all the details, but here’s the features I Iike and the reason I used it.
Focus – It is from a company that specializes in this – not a sideline product
Multi-platform – It supports everything I use – macOS, iOS, Windows, Android, and Linux based computing devices
Browsers and Apps – It works both in web browsers (Chrome, Safari, Firefox) and links up with apps on mobile devices
Web Interface – In a pinch, if I don’t have any of my own devices with me, I can log in to their website from anywhere and retrieve any needed password securely.
Sharing and Segmenting – I can create multiple groups of passwords (they call them vaults) to separate personal from business. Further I can keep passwords separated between myself and my spouse while sharing them between us.
I’ll Give You My Password Manager When You Pry It From My Cold, Dead, Hands
Paraphrasing Charlton Heston, my password manager is probably the single computer tool I cannot live without.
I bet you’ll feel the same way once you start using one yourself!