You’re logging in for the first time in a while. But you can’t remember what your password is. Is that even the right username? Which email did I sign up with? You try a couple combinations with no luck. Looks like you’re going to waste some more time going through the password reset process.
Sound familiar? It should, because we’ve all been there. If only there was a way to create and securely store passwords and passphrases without having to memorize them all.
Password Managers. Enter the password manager. There are a lot of them out there, some paid and some free. But seriously – you really do need this in your life. A password manager will revolutionize the way you secure your accounts and help you create long and difficult passwords without having to even memorize them.
So how do password managers work? The concept is relatively simple. A password manager is an application on your local device that maintains a database of all your usernames and passwords. To unlock that database and keep it secure you configure one “master password” to access the information. This master password should be long and complex, of course, but it is the only password you need to memorize. For bonus points, create a passphrase like “yellowflowerprariegreenland” – it’s easy to memorize and insanely difficult for cybercriminals to crack.
So say you need to log in to Facebook. No problem. Navigate to Facebook, spin up your password manager, give it the master password, locate your Facebook credentials and then copy and paste. Voila. In fact, you may not even know what your Facebook password is (because it’s too long and complex to remember), but you’re able to log in regardless. It really is that simple.
One of the other great things about using password managers is that they encourage you to create long and complicated passwords or passphrases for your accounts. Many of them even offer an integrated password or passphrase generator that can be configured for desired complexity.
Seriously, do yourself a favor and get a password manager. Then take the time to go through all of your accounts and ensure that they are all in your password manager and – most importantly – that they have long and complicated passwords or passphrases that would take modern computers billions of years to break! It might take a bit of time to get all of your accounts integrated, but the juice is well worth the squeeze.
If you’re not sure where to start with password managers, have a look at some of the most popular services:
- LastPass
- 1Password
- KeePassXC
- Dashlane
Multi-Factor Authentication. So you’ve set up your password manager and integrated your accounts. How about taking it a step further and to really lock down your information and ensure you don’t become another cyber crime statistic? Again, the answer is surprisingly simple – multi-factor authentication!
Multi-factor authentication (MFA) is just what it sounds like – authentication with multiple factors. These factors are most commonly what you are (biometrics), who you are (personal information), what you know (secret), and/or what you have (e.g. a key or a card). When you combine authentication into a requirement for two or more of these factors, then you have MFA. Believe it or not most people have been using MFA for a long time now. Think about when you withdraw some money from an ATM. You are required to provide something you have (a card) and something you know (a pin code). And there you have it.
So even if you forego the password manager, MFA can literally stop cybercriminals in their tracks. Because with MFA even if someone manages to break get ahold of your username and password, they won’t be able to get far without also having your MFA solution.
Need some suggestions on MFA solutions? Again, in no particular order, we’ve got you covered:
- Google Auth
- Authy
- Duo
- SecureAuth
Though we generally recommend that you avoid using MFA through SMS texted codes due to the vulnerabilities it has, even this can be an adequate deterrent for cybercriminals looking for an easy score. So if you can’t be bothered with MFA, first of all we encourage you to rethink that decision. But most importantly, do try and sign up for the SMS- or email-based option on your accounts if possible.
As always, remember that with any security tools and practices, nothing is ever completely safe. In fact, there are ways to circumvent any security tool. But at the end of the day, just use common sense and think before you click!
Jonathan Melvin
SOC Analyst
Green Cloud Defense
