What is password management and why should you care?
We all have tens of online accounts where we’re identified by an username/e-mail and a password. Managing all of them can be a hard task. Nothing is hard when you want to keep your information secure and don’t want someone to steal your identity, forge documents in your name or deplete your bank account!
What’s wrong with using the same password?
Hopefully no one is using the same password for multiple accounts. I can hear your thoughts, you are using the same password or variation for multiple accounts.
Yes password management can be very simple and easy but when misused it causes problems.
Congratulations. You’ve just made it much easier for the Bad Guys ™ to hack into your accounts.
If there is a breach, your data will be sold the next day on the Dark
Web. Then the first thing the mallicious people who buy is to verify
accounts that are using the same password.
Then they view all the alternative e-mails you’ve set up, and try the
other accounts. This goes on untill they have access to everything..
Then they’ll start using your creditcard, start placing bogus orders,
posting spam or porn online. Getting you in trouble, banned and even
with the police at your doorstep.
Identity theft is just some steps further and could be use for many illegal activities. Or you will find out .
Some even go as far as phishing your friends or coworkers. There have been cases when
All these things happen without you even knowing.
If you’re curious review your e-mail account here to see the breaches that occurred on accounts you use: https://haveibeenpwned.com/
Guide to password strength and security
Password strength is the thing that annoys protects you the most at work or on some "highly secure websites" where you need to have a password containing almost any type of character and of a greater length than 10. Those programs won’t be satisfied until you have a secure password. There are other websites that don’t even care. Is it simple for the user? Is it easy to implement?
What you should know is that it doesn’t matter if you use all kind of weird characters. The reason behind this is that most websites block unauthorized attempts after about 10-20 tries. As long as your password is longer than 20 characters you won;t have a problem. Let’s say making something up like a story.
Imagine the attacker knows you only use lowercase, uppercase, numbers and 8 other characters. This provides a possibility of 70 possibile choices per character for each of your 20 characters long password. Making it a 70^20 of choices (7979226629761200100000000000000000000) before anyone can brute-force your password. If you use 8 characters for your password all lower-case letters then you aren’t very secure.
Even by using ordinary dictionary attacks or if the attacker knows a portion of a password you use (but you modify it 20 to 30% every time) he’ll still have a long game ahead.
You only need to add a number and some type of special character # $ %
^&*(_+=?> …
Creating them in sentences that are easy to remember but that are
totally unrelated to you, your family, friends or interests is the best
option.
Examples:
BuyingStampsSince2005
9TheHorsePaintsTheHouse7
Bugs13BunnyIsFunny-
Notice that they contain , lowercase, uppercase and a number. You can also add a special character depending on your preferences.
When creating a new password you could be using something way too simple or known. It’s always a good idea to to review the most known passwords from diverse security lists which contain millions of passwords from breached services.
Take a look at these lists of most widely used passwords so you KNOW what to avoid.
Password mangement
Managing your passwords is the next most important step.
Like anyone you have more than 10 accounts online. How do you keep track of your data?
74% of the people save their passwords in a .txt, .xls or .doc file which is VERY BAD. If someone ever gains access to your pc your data is captured instantly.
Think no one can gain access to your pc?
Ever installed an application on your pc? All mallicious apps have the
possibility to find such files and upload them somewhere else.
If you run a free "USB" it can contain such software to search for
password files and provide them to the bad guys.
Other people use text file or an agenda for passwords, this is a better step to security, but it’s also a little unsecure..
The best way to protect your passwords, keys, usernames.. is to save them with a password manager.
There are plenty of password managers that are even web based, cloud based (I’d like to keep my own data, thank you very much!), mobile based and desktop based
I would recommend the one I recommend to most of my clients: Keepass
It’s cross platform and generates an encrypted file with a password. But you can use another file as a password.
You can organize your data pretty well.
It has a autotype function which you click and it logs you in automatically to websites.
You can generate very complex passwords which you don’t need to remember yourself
It can even set expiry on some passwords if want the mega security structure required by most enterprises changing it every 30 to 70 days.
Personally I avoid saving passwords in the browser, you should too, there are a few reasons for this:
Browsers are insecure by default
passwords are stored unencrypted , malware loves this
If you let someone use your pc.. they can review passwords, login to your accounts.. you name it
Summary:
Use strong long passwords, you don’t have to complicate your life.
Never use the same password twice.
Use a password manager to simplify and protect your accounts.
If you enjoyed this then I’m sure you’ll be eager to review the full Cyber Security guide I’m working on entitled: