- November 29, 2016
- Posted by:
- Categories: Archer News, Cyber Crime, Hacking, Posts with image
You have too many passwords already. And now you hear you’re supposed to have a different password for each account. How on earth will you remember them all?
The answer? A password manager.
“They are absolutely fantastic,” said Jim Feely with Archer Security Group. “I highly recommend that everyone use one.”
Archer News is continuing the “What is…” series to help you learn about words and terms in cybersecurity. We started this project for National Cyber Security Awareness Month in October, and now we’re going to keep going, checking in with cybersecurity professionals from Archer Security Group, the parent company of Archer News.
See also “What is cybersecurity?”, “What is a DDoS?”, “What is ransomware?”, “What is IoT?”, “What is a firewall?”, “What is encryption?” and “What is malvertising?” from Archer News.
A password manager is like a butler for your passwords. It holds onto your passwords for you, and you just check in when you need one. They can be free, or cost money.
“While I was in the Navy working on submarines, there were times that I would carry around with me a small notepad in which I scribbled notes and reminders to myself,” said Richard Shiflett with Archer Security Group.
“A password manager is similar to that notepad that I carried around with except that my notepad did not have a lock and key placed upon it,” he added. “Today’s password managers act like that little notepad, but have a security mechanism to prevent others from getting what is inside.”
Top ten most common passwords, according to SplashData.
How it works
You start by looking up the password manager you want. Archer News has no specific recommendations, but other tech publications have mentioned LastPass, Dashlane, 1Password, KeePassX, Sticky Password, and Password Safe.
You download it onto your computer and enter all of your different your usernames and passwords.
Then, you come up with one password for your password manager.
An example of a password manager. Photo credit: xmodulo via Foter.com / CC BY
Logging in
When you need to log in to an account, you sign in to your password manager and get that username and password.
“This allows you to use very complex, random passwords for accounts while only requiring you to remember the one master password,” Feely said.
If you have trouble coming up with complex passwords, the password manager can also do that for you.
You can also just copy the password from the password manager, rather than typing the whole password into your account each time.
Why you need one
If you use just one or two passwords for many accounts, you put yourself at risk.
“When a site you use is attacked and the user accounts are stolen, you lose control of all the information you gave them,” Feely explained.
“The attackers have your e-mail address, your username, your password, and probably the security questions you’ve answered, and anything else on your user profile,” he said. “They can then use this information to gain access to your accounts at other sites.”
Using a password manager allows you to keep track of different passwords for different accounts.
Passwords that appear in the top 25 most common passwords, according to SplashData.
Getting complex
You need not just multiple passwords, but also complex ones.
Many people use easy-to-guess phrases like “password123,” “football1” and “iloveyou1.”
But even if you try to come up with something a little harder, like a pet’s name and a sports team—“muffycowboys,” for example—a bad guy can still get in.
“An attacker could make a list of words from your social media profiles, your work websites, family member’s social media, and your interests and hobbies and try various combinations of those words,” Feely said.
Would an attacker go to all that work? Maybe. Password cracker programs can try thousands of combinations in seconds, so it may not be much trouble at all.
Security questions
Security questions do not necessarily make you more secure, some experts say. Why?
“Unlike a password, you are probably not the only person who knows the answer to your security questions,” Feely said.
“I know at least one hundred people with firsthand knowledge of who my second-grade teacher was, and there are probably several hundred more that could easily guess correctly, and even more than that could guess correctly with a little research,” he said.
Many sites ask you to answer security questions in order to set up your account. Photo credit: janetmck via Foter.com / CC BY
Fake answers
If you come up with a fake answer to second-grade teacher’s name to foil info thieves, you might have trouble remembering which fake name you typed in to that account.
No problem.
“Password managers store more than just passwords,” Feely said. “They can also store unique answers to every security question a website asks.”
Some experts recommend you use something like “xH7$sfBl*m” for your second-grade teacher’s name, instead of “Ms. Smith.”
“You can just use more unique, random, complex passwords as the answer to every security question and easily record them in your password manager,” Feely said.
Security experts suggest you use a password-style answer instead of the real answer for security questions about your life.
The downside
There is a drawback to using a password manager.
“This model, of course, creates a single point of failure,” said Feely.
“If your password manager becomes compromised or unavailable, you could lose the passwords to all the accounts stored in it,” he added. “This is probably the biggest risk to manage when using one.”
His solution—make a backup of the info in your password manager from time to time.
And, of course, make the password to your password manager difficult to guess
“Still, better than using one password everywhere,” Feely said.
Here is a list of free password managers from WIRED, and an analysis of password managers that cost money from PCMag. Some password managers have both a free version and paid version.
Be sure to check out reviews of password managers before choosing one.
See also “What is cybersecurity?”, “What is a DDoS?”, “What is ransomware?”, “What is IoT?”, “What is a firewall?”, “What is encryption?” and “What is malvertising?” from Archer News.