• Why You Should Use a Password Manager

  • A Password manager is an application that allows you to securely store and keep track of your usernames and passwords. This is important because you shouldn’t be using the same password across multiple sites. When you use the same password across multiple sites and one of them gets breached, your password for all the other sites becomes exposed as well.

    This may have already happened and you’re not aware of it. You can check. if your information has been exposed in a breach at ‘;–have i been pwned?. All you need to do is type in your email address to search for the breaches where your email address, username, and password. might have been exposed.

    For example, one of my email addresses was exposed in the following breaches:

    Why you should use a password manager.

    You may be curios about the word “pwned” and what it means:

    Reasons for using a password manager.

    Reusing Passwords is Bad

    Based on the above information I can see that my email address has been exposed in three different breaches of sites where I use it. The problem gets worse when the password I used to log into that site was also exposed. That gives the attacker my username, which is my email address, and my password.

    If use my email address to log into sites like Facebook, Twitter, and my bank along with the same password that was exposed in those breaches, the attacker can now gain access to those accounts.

    To prevent this from happening I use a unique password for each site I access online. That makes my online accounts more secure, but the problem now is how do I keep up with all those passwords. This is where a password manager comes in.

    Use a Password Manager

    The password manager I recommend is 1 Password:

    Image Credit: 1password.com

    1 Password allows me to store the log in URL, username, and password so that when I go to a particular site, all I need to do is enter the password to unlock the 1 Password application, and it enters the username and password to log into the site I want to access.

    1 Password also allows me to store secure notes like credit card numbers, passport numbers, drivers license information and whatever else I want keep track of. All the data I store inside 1 Password is encrypted and requires a password to access it.

    Password Manager for Security Questions

    A lot of sites online allow you to answer security questions in order to reset your password. A problem I see a lot of times with this is that the security questions are easy to research and find the answers for. For example:

    • Where did you meet your spouse?
    • Where did you go to high school?
    • What’s your mother’s maiden name?

    I can spend a few minutes on social media sites and find the answers to these questions in most cases. A good example of this is the Sarah Palin email hack.

    A better approach to security questions is not to use the real answers to the questions. For example, if a site uses a security question “What is your mother’s maiden name?”, I might answer that question with “thisisareallybadsecurityquestion” (this is a really bad security question). I’lll then make a note of my responses for the security questions of that particular site in 1 Password. An approach like this makes it more difficult for an attacker to reset my password.

    Multi-factor Authentication

    Enabling multi-factor authentication is something else you can do to protect your online accounts. To break it down simply, multi-factor authentication works like this:

    1. You log into a site with your username and password
    2. You receive a text message code you enter to complete the log in process, or you enter a code from an application on your mobile device to complete the log in process.

    What this does is prevent an attacker from logging into your online accounts even if they have your username and password.

    Each site has its own way of enabling and implementing this. You can usually find the instructions and if it’s available in your account management area of most web sites that require usernames and password for you to access them.