Summer Cyber-Secure Challenge: Manage Your Passwords
This is part four in our summer cyber secure challenge. Click here to see part 3.
You know you’re supposed to have a unique password for every account, but how do you manage that? It’s hard enough to remember just a couple of them, right?
First, let’s talk about why a unique password everywhere is important: data breaches. Data breaches seem to be in the news frequently and no industry is safe. Companies from MyHeritage, a genealogy website, to fitness tracking site MyFitnessPal have suffered data breaches where passwords may have been exposed. If those passwords are insecurely stored or are able to be cracked, they become available on the public internet and are associated with your username which is often an email account. Now, anyone can try the username and password combination on any service, just to see if it works! Incidentally, this is called credential stuffing. Just because your information hasn’t been exposed in a past data breach, doesn’t mean it might not be in a future data breach. Hence, the importance of having a unique password everywhere.
Password Manager Options
Now, let’s talk about how to manage having a unique password everywhere. You may have anywhere from just a few to a hundred (or more? GULP) different accounts. A few options are presented below to manage passwords without having to memorize each one.
Phone/tablet/device Built-in Password Manager
iOS and Android devices have built-in password managers that are synchronized to your account (Apple and Google, respectively) in the cloud. This allows you to store passwords on one device and have that synchronized across all your devices where you’re logged in. In iOS, this is called iCloud KeyChain, and in Android it’s called Smart Lock for Passwords and can be managed through your Google account. These devices also can help you create a random, strong password when you sign up for new sites/apps and update passwords, which is really handy!
For more on iCloud KeyChain, see this support article.
For more on Google’s password sync, see this support article.
Browser Built-in Password Manager
Browsers recognize the importance of helping people save passwords and other regularly filled in form values such as an address. Browsers like Edge, Chrome, Safari and Firefox, also offer the option to save passwords to your account if you are signed in with them. That is, if you have the browser on your laptop and a tablet, you can share saved passwords between devices because they’re stored “in the cloud.” Safari, a browser for Apple devices, uses iCloud Keychain to store your passwords which helps you manage passwords across all your Apple devices. Chrome, a browser by Google, saves passwords to your Google account. For Firefox, you’ll have to sign up for a Firefox account to sync passwords on the browser across devices, but it’s free. Microsoft’s Edge browser also allows you to sync saved passwords across devices, but you have to turn the setting on.
A Password Manager App
Numerous password manager apps exist; LastPass, 1Password, Dashlane, to name a few. Online apps often have a browser plug-in which will auto-fill passwords, saving you time. (Note, some password manager apps live solely on your computer and not “in the cloud.”) They also have strong password creation tools and options for sharing passwords with other people, securely, sometimes not even allowing them to read the password but simply to log in with pre-filled information. The only downside here is that these apps have a cost associated with them.
Yes, we said it. Paper. Good old-fashioned, low-tech paper. There’s nothing to be ashamed of here if you keep this piece of paper secured (locked up or hidden where people are unlikely to find it, such as in a locked drawer at home). Obvious drawbacks are that you’ll need the paper with you when accessing your online accounts, you have to come up with unique passwords yourself, and you can’t really share the password easily. If you only use your personal laptop/tablet at home, go for it. Remember, you can also store your passwords right in the browser as long as you don’t share your device with anyone else (unless you set up a separate profile for them) and the device itself has a password on it.
Your challenge is to pick a method of managing your passwords and then update your most important accounts first. Put personal email at the top of this list and at least include bank accounts and cloud storage (such as Apple). Commit to creating a unique password for each new account you create.
Want some extra challenge points? Check out haveibeenpwned.com, a website run by a security researcher from Australia, Troy Hunt. Type in your email address and see if it is associated with any data breaches, just for your own peace of mind.