Friday, May 26, 2017

Use a Password Manager

You Should Be Using a Password Manager

Just a reminder, in case you haven't started using one of these vital security tools.

Think like a thief and secure every entry point into your home. From your front door to the doggy door, make sure everything is locked and shades are drawn. All outdoor gates should be secured, as access to a yard makes it easier for thieves to work undetected. Take window and sliding glass door security a step further by placing dowels in the tracks for extra security. Lock the interior door from the garage as another safe guard as garages can be easily compromised.

Think like a thief and secure every entry point into your home. From your front door to the doggy door, make sure everything is locked and shades are drawn. All outdoor gates should be secured, as access to a yard makes it easier for thieves to work undetected. Take window and sliding glass door security a step further by placing dowels in the tracks for extra security. Lock the interior door from the garage as another safe guard as garages can be easily compromised.

By Eric Limer

Today, password manager 1Password announced a new "Travel Mode" designed to keep your most important data out of the hands of any border agents who might see fit to snoop through your digital life. It has a pretty specific application and is not without its flaws, but today's news also serves as a handy reminder: You should probably be using a password manager if you're not already.

If you're unfamiliar, password managers such as 1Password or LastPass offer a simple service: They will store all your pesky passwords (and help you generate new ones if need be) and then dole them out to whatever service you're logging into through the use of browser add-ons and apps. They're much like the password tools already built into your browser itself—the ones that ask you if you want to save your password for this site so you don't have it enter it again. (Here are some good reasons not to rely on those.) Password managers, however, were built for this specific purpose and include a suite of tools that let you access the same library of passwords across your devices. This cache of passwords is, of course, protected by a super-password of its own—one you obviously need to choose wisely.

Yes, this does pose a risk of its own, as you might already be screaming at your screen. Having your passwords all in the same place does mean they're a target for hackers and the vault your passwords are stored in is not necessarily impenetrable. Over the years, LastPass—Wirecutter's pick for the best manager and my personal choice—has fallen victim to hacks and vulnerabilities. Thanks to encryption and prompt fixes, however, there hasn't been an avalanche of passwords released onto the internet. 1Password, meanwhile, was vulnerable to the recent "CloudBleed" hack, though encryption mitigated the damage there as well.

Those problems may seem like a deal-breaker, but let me tell you why they're not. Take a moment to consider the alternative. No, not the IT department's fantasy world, that never-gonna-happen scenario where you create a strong, unique password for every account, memorize each one, and refresh them every few months. We both know it's not like that. The reality is that in your attempts to handle all those passwords yourself, you will commit the cardinal sin of reusing some. That is actually far more risky than using a password manager. If a single site that uses this password falls, every account that uses it is compromised. You'll need to remember all the sites where you reused that password and then change them all.

I DON'T EVEN KNOW HALF MY PASSWORDS BECAUSE THEY ARE 30-CHARACTER NIGHTMARES I NEVER TYPE

With a password manager, on the other hand, it's trivial to make all your passwords unique. I don't even know what half of my passwords are, because they are impossible-to-memorize 30-character nightmares of numbers, text, and symbols that I never actually type. When I have to change them now and then, no problem. LastPass even has a feature that will auto-change your passwords for supported sites. If the very worst should happen and my passwords are somehow exposed, my most crucial accounts are protected by two-factor authentication, and yours should be as well.

While the risks of password managers are pretty much outweighed by the ease with which they allow you to make your passwords strong and unique, they do have their downsides. Apps like LastPass and 1Password are available on virtually every device, but you will have to download them on new gadgets before logging in to other things. This also makes logging into your accounts on someone else's device a strange and potentially risky proposition.

Inevitably, you'll stumble across a device that isn't supported, and then you're spending five minutes typing your incomprehensible Amazon password onto a Kindle manually while looking back at your phone for reference all the while. (It pays to keep a handful of the crucial passwords strong, but still something you can memorize). And for the full suite of features any password manager offers, you're going to have to shell out a little bit of cash. It's worth it for the convenience and peace of mind.

A password manager is a crucial piece of security kit, so long as you're aware of its limitations and risks. You can use LastPass for free on your desktop and phone, or sign up for a $12 premium plan. You can also try 1Password for free for 30 days before the $36/year subscription kicks in.

No comments:

Post a Comment