This month’s tech tip comes in the form of a reminder. This is nothing we haven’t all heard before. But many people, I find, don’t take the action needed to protect themselves because it is sometimes inconvenient to get it all set up. Plus, we are all resistant to change. We all have a system and it’s working, so why change…why change unless we have to?
The problem is, when it comes to our personal information online, when we are forced to change, it is already too late.
The simple fact of the matter is, if you are not using a secure password vault to generate and maintain unique, strong passwords for every site you access, you are increasing the risk of being hacked.
There are many , many ways your password can fall into the wrong hands. Big companies, where you have accounts, get hacked all the time. Sometimes hackers gain access to customer records – your personal information that these companies are storing – including addresses, financial data, social security numbers, and, yes, passwords.
If that was not bad enough, hackers post these huge databases of passwords online for sale. If you want to see if your email address was included in any of these past breaches, visit https://haveibeenpwned.com/
For email addresses that have been used actively used over a period, it is rare that the address wouldn’t show up in at least one of these past data breaches. This is particularly bad if you use the same password across multiple sites. It means that if your email password combination that you used to log into your favorite online store was exposed in one of these breaches and you use the same password at your bank, then the hackers now have access to your online bank account.
But hackers can also just guess your password. If you use a weak password, or a common variation across all passwords, you are just making it easier for them to guess your password.
If you want to see a list of the most common, and thus least secure passwords, people are still using today, just google “most common passwords” or “worst passwords of 2020”. There are lot’s of lists out there and the passwords are frighteningly similar.
Hackers can also capture your password by sending you malware like a keylogger. That’s what got installed on your computer when you clicked on that link in that email without thinking.
With a keylogger installed, each keystroke you type, including passwords, is being sent to the hackers.
As humans we are horrible at creating secure passwords. We are also horrible at remembering them. So we try to make them easy and convenient, which defeats the purpose of security.
For example, WizardofOz112380-129Ivy, the password that you invent by stringing together your favorite movie plus your birthday plus your address is only slightly harder to guess because it is longer. And, while you may remember that for one site on the web, what about the literally dozens, if not hundreds of sites you depend upon to run your life?
For those who may not know, a secure password looks something like: hCWa^22!jtW7S$!*jm63$
While it is crazy to think that we would need to type that string of gibberish every time we wanted to log in, it is a whole new level of crazy to think we have any chance to remember a strong password with our human brain.
For those of you who are using secure passwords and letting your browser store them, let me say that it is good you are using unique strong passwords for each site, but I offer a word of caution regarding browsers.
The problem with the most modern web browsers, is that they now ask us to log in. Once logged in, they sync your info, including your passwords to the newly logged in device. Syncing our info across devices is convenient, but if I want access to all your passwords, all I have to do is hack your browser email and I get all your passwords because my browser is fooled into thinking that I am you.
Fortunately for us, there is an alternative.
You can use an online, encrypted password vault like LastPass or 1Password. Using these tools, you can store secure passwords for each individual site. All you have to do is remember the one “master password” to your vault, and your vault software will fill in the correct password when you visit a site.
You do want to make sure you use a strong master password / encryption key to protect your password vault. If you don’t it will be vulnerable, just like any other tool.
The only downside to these tools is that if you lose the encryption key to your password vault, it can not be reset (like a password). An encryption key is not the same as a password. Encryption keys are used to encrypt the data. If you forget or lose the encryption key, you can’t unlock the data.
So be proactive and protect yourself and your family. Set up and use a password vault. At least use it to protect your email, financial sites, medical sites and social media sites.
You can start with the half dozen or so most critical sites you use. Move them to a password vault and change the passwords to make them strong. Once you get used to using a password vault, I’m betting you will never go back to your old method.