How many websites do you use? In how many banks do you have an account?
Do you have the same password everywhere?
Where do you keep your passwords: on a piece of paper by your monitor, in a notebook, in a text file?
Aren’t you afraid of your bank account or a dating site being hacked?
We often hear about data leaks, accounts being hacked or users’ passwords databases being exposed online.
Reports on this industry websites that promote safety:
- ZDNet.com (https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/),
- kpr.pl (https://www.kpr.pl/41,news/447,cybercrime-data-breach-hackers-at-work.html)
- popular news websites, e.g. BBC (https://www.bbc.com/news/technology-49715478)
You probably use at least a dozen or even several dozen websites and you may not even remember how many there are. In most of them you have the same, or slightly different, password set. You haven’t changed it for a long time. Your passwords are uncomplicated, i.e. Pawel@1969 or Blok@da123. Additionally, some of them probably concern your company’s services.
What is it if not asking for problems that may or may not have very serious consequences? Especially in the case of companies or organisations where you have access to applications that contain very sensitive data.
How can you protect yourself against this?
The simplest solution is to use a password manager, which is available free of charge for users.
A good password manager has the following features:
- encrypts the password database with your password to log in to the site (changing your password re-encrypts the password database, but losing the password makes passwords unrecoverable),
- downloads the encrypted password database locally to your device,
- has applications for Windows PC, Linux, MacOS and also for Android and iOS phones,
- allows you to test your password database for data leaks on websites e.g. https://haveibeenpwned.com/,
- allows you to test passwords in the database in terms of their strength so that you can correct it,
- has a strong password generator,
- has add-ons and applications that automatically fill in login fields for applications and websites without the need to copy and enter them manually
Using Password Manager has only benefits:
- guarantees that you don’t have to remember many passwords,
- you only remember one complicated password, which you do not share with anyone,
- generates passwords that are not easy to guess,
- does not require entering a password, so peeking at the keyboard while logging in does nothing
We have been using Password Manager ourselves since the beginning of the company, and we make sure that all passwords are generated strong. We keep both our and our clients’ passwords, and periodically verify that they are strong and haven’t been stolen.
Of course, there are other mechanisms for ensuring secure access to accounts, such as using Social Media Logins or advanced Privileged Identity Management solutions, but that’s another topic.