Woke up to see another data leak story today:
O2 Customer Data Sold on the Dark Net
When ever I see stuff like this it makes me double check my security for websites etc. to make sure I’m not accidentally doing anything daft. This morning though it got me thinking – how come more people don’t use Password Managers? Or more specifically – how do people make stuff secure without using password managers? It’s beyond me.
Looking at my own for example I currently have 422 logins to various things. Yes. Four Hundred and Twenty Two. Bonkers.
Without a PWD manager the likelihood is a lot of those sites would:
- Use relatively simplistic patterns or words that are memorable.
- Repeated across multiple websites.
- Instantly forgotten and constantly having to tick ‘forgotten password’ on sites.
- Email to a single source meaning a single email could be compromised, resulting in the compromise of multiple sites.
Now, I’m the first to admit I can be a bit paranoid about such stuff. I like to follow best practice. Achieving that though without a way of managing your passwords – difficult.
Working in IT means I get to ‘help’ a lot of my friends etc. with their computers, microwaves, shelves* etc. It astonishes me how poorly their general attitude to security is. Firstly, it’s rare someone will hand me their laptop and it be encrypted. They never think to question that I recover their stuff so quickly, just assuming it’s something down the black-art of ‘those computer things’. I’ll also often find things like text files on the desktop containing common email/password combinations and more often than not including the web site that they’re associated to.
Utterly crazy.
So why is a password manager so important? Well, the obvious one is that it stores all your passwords and makes them easy to access. It has other – more important – benefits too:
- You can generate truly random passwords that even you won’t be able to remember. Stuff like SAjhhWJKH987KJJ71$$$!$%%%%_43 for example. Try remembering that. (There’s a legitimate argument against such passwords too, to be fair: See XKCD).
- You don’t have to remember all those ridiculous passwords! The manager will do it for you.
- You can have unique passwords for every single site.
- Most will do a security check through the passwords that are stored advising you of any poor or repeated selections.
Wait – how do you secure your password manager? Well – of course you have to set a master password…And you need to be creative with that. I use phrases that make no sense for example, rather than short words. So something like ‘Jay likes to eat b0ats on a Sunday’** for example. Easy to remember as it’s so weird. You don’t find yourself typing it in very often either – iPad/iPhone it’s all TouchID, and on my main machines it locks when I lock my normal machines.
Do I save passwords in my Browser? Yes, I do – for some sites. Never for any sites that hold any detail or financial information.
What about the ‘tick here if you’ve forgotten your password’ – if they all go to the same email address then hey, you only need that email address compromising don’t you…? Well, of course I don’t setup a different email address for every website as that would be beyond silly – but I do have a few separate ones for secure sites. I don’t use the same email on any financial sites for example. Ever. That could however be part of my general paranoia and may be a bit beyond the norm – I’ll graciously accept that.
Honestly, check out password managers. It’ll make your life more secure, and what’s more make your day to day easier too.
Products like:
…are probably the most popular. All multi-device, all integrate natively in to your web browser etc.
Get secure. It’s your responsibility, not the providers. It’s your data. They’ve always got a get out – oh we did our best. Blaming them all you like may make you feel better, but it’s still your secure data flying around that internet.
*OOOO! You work in IT! Can you help me put a shelf up?
** No, this isn’t my passphrase. Even I’m not that daft. //scuttles off to change pass phrases.
