Safe online; use a password manager

3 minute read

Security and personal privacy are hot topics. It seems we get news every day about compromised user accounts (LinkedIn, Twitter, MySpace), companies tracking users all over the internet and malware that spreads through ad networks. In this series I will explain what steps I have taken to protect myself from these threats. Today I will take a look at password managers.

Why?

Every day we use usernames and passwords to access the most private of our information. Many of us use the same password over and over again in order to remember them. This practice is causing a lot of personal security/privacy issue for every day computer users. Let’s take a look at an easy way to deal with the password mess.

Take a moment and think about the amount of accounts that you have access to. Take your time… your ISP, bank, favorite store, school account, work account, the list goes on and on. Currently I have access to 237 personal accounts. 237…. that is a lot of accounts!

If I would use the same username and password for each of these accounts it will take only 1 breach to expose information in 236 other locations. There are many people who use the same credentials wherever they go… your brain will melt if you think about this too much.

Password strength

Lets take a quick detour to think about password strength. The longer and more complex your password is, the better it is. But is it better to use lots of hard to remember/type combinations of characters or something else? The fine folks at xkcd have illustrated the madness of password strength quite nicely:

password strength

Having a short password with lots of different characters does not make your password very secure, having many normal characters makes it hard for a computer to work through and thus provides a higher level of security.

What do you use?

I am a big fan of the 1Password application suite. It is a cross platform (Mac, Windows, iOS and Android) application that manages all your passwords. It also comes with some great browser plugins that make live really easy.

1password

As you can see from the screenshot, the application is beautifully designed, has a clear overview and allows you to manage large collections. The features I love most are:

  • Watchtower: keeps track of sites that have had security issues and notifies you to change your password
  • Password recipes: determine your prefered way to generate new passwords
  • Security audit: takes a look at old passwords, reminds you to reset them regularly
  • Tags: allows you to add tags to your passwords
  • Vaults: share passwords across many devices / between household members

Browser extensions

Switching between your browser and the 1Password application can get tiresome really quickly. Luckily there are extensions for pretty much any browser.

Browser extension

It brings the power of 1Password directly in the browser. New accounts get added automatically, passwords get generated using your preferred recipe. You never have to remember a login again, except the login to your password vault itself!

Are there any alternatives?

Of course not everybody can/wants to put money down for such an application. Luckily there are open source alternatives. The most mature of these is an application called KeePass.

It basically provides the same functionality, but it is a lot less designed. The user experience is where 1Password shines, but if you just want to store passwords KeePass is your friend. There are even third party mobile apps and browser extensions that help make live easier.

Be notified

It is bad enough if an online services gets its user accounts stolen, but how do you get notified if it happens? Luckily most professional sites will contact you, force you to reset your password and handle any issues with your account.

To be even more secure you can register at Have I been pwned. They upload the stolen data to their database and check to see if your account names show up in breaches.

Outro

Make sure that if your credentials get stolen you only need to worry about a single website, not all of your accounts across the internet. Stay safe!