Tackle your password headaches!

Tackle your password headaches!

The Password Dilema

Now matter your age, job, or hobby, if you are someone who uses any piece of technology or online service, you have a password. Our digital accounts are protected by these things, which means we have a lot of them! I’m working on creating a support group that helps people overcome pain and suffering from tracking multiple password.

The average human being tends to use the same password for different accounts. Don’t worry, we won’t judge you (too bad, that is). We get how hard it is to come up with one complex, hard-to-guess, password that you can remember. On top of that, every security and IT article advises you to create a different password that is equally as complex for every account you have (insert sarcastic laugh here).

This advice, while annoying and seemingly impossible, has many years of wisdom behind it. According to Javelin Strategy & Research, 15.4 million people were victims of identity theft in 2016, resulting in $16 billion of losses. It didn’t all stem from easy passwords. A lot of identity theft and account hacks occur when thieves find security vulnerabilities at big companies. Once they steal millions of usernames and passwords, they test those credentials on hundreds of financial, social, medical, and email websites. This is where your “one password to rule them all” method hurts the most.

Two pieces of technology can help us overcome this password dilemma and help you eliminate some of your password headaches.

 

Two-factor Authentication

LastPass Authenticator, one of many 2FA apps

Two factor authentication (also known as 2FA) is a great way to fight password vulnerabilities. 2FA adds an additional layer of security to your account by requiring a second password. This second password, however, comes in the form of a one-time code that is sent to you as a text message, special 2FA app, or a 2FA key-chain fob. This prevents hackers from gaining access to your account. Without this one-time code, which is technically available only to you, knowing the right username and password is not enough to gain access.

If this process sounds familiar, it’s because 2FA is often used financial institutions and a growing number of companies. Many apps and services are allowing you to activate 2FA on your account, with some going as far as requiring you to have it. Apple, for example, requires you to have 2FA on your iCloud account to activate services like Remote HomeKit.

RSA SecurID key-chain fob

Nonetheless, a hacker could see a 2FA code prompt as confirmation that your password works. While 2FA may stop them getting into that specific account, they can easily test that username and password on hundreds of popular websites until one logs them in without a 2FA code.

 

Password Managers

Password manager app example

Password manager app

Another way technology can help us manage our passwords are through apps called, wait for it, Password Managers. Several of them come with so many great features, it’s like having a digital Swiss Army Knife. Besides helping you organize, store, and access all your username and passwords, you can also track other confidential information. Most of these apps have special sections where you can organize medical details, codes, asset information, bank accounts, and more. Password managers can also generate complex passwords for you, notify you if your account details are listed in a “black market,” and save credit/debit card information to expedite your online checkout processes.

Windows password manager

Windows password manager application

Password managers can be locally installed on one computer or subscribed to as a cloud-based service. The cloud-based option allows you access to your latest information through a web browser, smartphone, and computer app. Optionally, you can install a browser extension (a mini app for your internet browser) on your personal computer that automates a lot of passwords tasks. For example, it can offer to save any new credentials and allow you to automatically log in to a saved account. Either of these settings can be disabled.

The one thing that is probably crossing your mind right now is, “If my single username and password details aren’t 100% safe with big corporations, how is storing all of my usernames and passwords in one location any better?” It may look like we’re asking you to improve your digital security with a solution that’s even worse. The best password managers, however, store and encrypt your data differently than big corporations. Give me 30 seconds to explain.

 

Encryption 101: The Super Basics

Any technology person will agree that the best way to protect your data is to encrypt it. In fun non-technical terms, encryption is like processing your data through a gibberish-language translator and then running it through a complex paper shredder. Basically, your data is unreadable and useless to a thief without the complex password that reverses the encryption.

Sample encryption and decryption process

The problem big corporations run into is encrypting and decrypting mass amounts of data requires a ton of computer power. If you are a very popular service, you’d have to do this millions of times a day (think Facebook or Dropbox). Most companies protect your data by building a big and heavily-guarded barrier. To gain access, you need to enter your username and password, which is why its recommended you create complex passwords and activate 2FA. When they let a person in through the gates, they feel confident that person was meant to. Of course, hacks do occur, and it usually comes down to either a an easy-to-guess password, non-existing 2FA, or a crack in the barrier that no one knew about.

On the other hand, it takes very little power to handle encryption process for basic text and data entries.  Password managers can encrypt all of your data at 128/256-bit levels (bank-industry levels). After setting up a username and password, when you sign up for a password manager account you will be assigned a complex secret key. That key will be required to access your details. Every app you set up for the first time (Windows/Mac, smartphone, browser) will ask you for that secret key so that it can encrypt/decrypt your data every time you access it. Only you have that secret key. If you lose it, there is no way to regain access to your details or account except through the apps that you already set up once on your phone or computer.

 

Two-Factor Authentication: options and prices

Twitter 2FA options

Twitter 2FA options

Two-factor authentication is not a tool you purchase and activate on all of your accounts. It is the responsibility of the service provider to integrate a 2FA option into their service. You will need to log into each account you own (e.g. Dropbox, Spotify, iCloud, Netflix, etc) and look for account security options. If you see that 2FA is something you can activate, the service provider will instruct you on how they’ve decided to offer 2FA. Most of the time, activating 2FA on your account is free. The cost of this additional layer of security is covered by the service provider as a way of reducing theft, being compliant, and lowering insurance costs.

For example, you might be asked to activate 2FA by providing a cell phone number so that one-time codes can be texted to you. Others might direct you to download a specific 2FA app that generates these one-time codes. There are many 2FA providers and apps that a company can choose to partner with. That’s why securing all of your accounts with 2FA normally requires us to download and configure multiple 2FA apps. It’s a very small price to pay for data protection.

 

Password Managers: options and prices

Like anti-virus software, there are dozens of password manager options at different price levels. If you’re up to the task, tech review websites (e.g. PCMag.com) have done a great job of reviewing several options while comparing different features. Their reviews might help you determine which one fits your budget and password needs. With over 100 items in my vault, I’ve had the “pleasure” of testing a few password managers myself. Below is a quick list of the ones I’ve tested with great success and why I chose to use my current password manager.

Many password managers

  • LastPass ($24/year, Website)
    • Key Features: Simple and clean user interface, stable apps, complex password generator, item-level sharing, additional fields for other confidential information, industry-average price, offers family plan with discounts.
    • It has cross-platform support for all major computer and mobile operating systems, Chrome/Firefox/Safari extensions
    • My two-cents: The simple user interface was nice, but the additional fields and customization options of other password managers became something I needed. Also, at the time of my testing, it didn’t do cross-checking of my credentials with a compromised database. With all of the data theft and hacks, its an important feature I wanted. Nonetheless, it’s a great app for most people’s needs.
  • Dashlane ($40/year, Website)
    • Key Features: Very nice user interface, stable apps, complex password generator, cross-reference with compromised databases, item-level sharing, additional fields for other confidential information, industry-average price, offers family plan with discounts.
    • It has cross-platform support for all major computer and mobile operating systems, Chrome/Firefox/Safari extensions
    • My two-cents: The Mac app was not optimized for the latest macOS and high-def screens, causing text and icons to look blurry or grainy. The user interface looked great on my Windows workstation, which is how I knew the Mac one needed some work. Also, in my opinion, the browser extension offered too much help, often getting in the way of my work. Turning off certain settings killed other helpful features.
  • 1Password ($36/year, Website)
    • Key Features: Very nice user interface, stable apps, complex password generator, cross-reference with compromised databases, item-level sharing, additional fields for other confidential information, industry-average price, offers family plan with discounts.
    • It has cross-platform support for all major computer and mobile operating systems, Chrome/Firefox/Safari extensions
    • This is currently the password manager of my choice. I am a design-centric person, so the layout, graphics, and experience of the service is very important to me. That’s why their recently-released desktop apps (version 7) won me over. It combined most of my favorite elements from both LastPass and Dashlane. Crisp and clean design on both my Mac and Windows workstation. The browser extension was less intrusive but easily available whenever I needed them.