manage-your-passwords-blog

How many times have you forgot your password and reset it via email or your phone? While trying to create a new password some websites will not allow you to choose the same password you had earlier.

Then you would enter a similar password with some modifications only to forget it again after a few weeks!

Yes, You Need a Password Manager

pass1With more of our life and business getting online, remembering our passwords and online accounts is one of the biggest issues facing mankind today 🙂 I have been through the same difficulties that you have been through and I agree that password management is no easy task.

There are a lot of password managers out in the market, but they do have some learning curve and you cannot blindly trust some password manager with all your personal data. One major thing to watch out for is that the password managers should encrypt your data locally on your PC.

I have done a lot of research about managing passwords, organizing them and encrypting them in the most secure way possible. The motivation to do such research came because my accounts were hacked once in 2008. I lost a gmail account, PayPal Account and some money from PayPal (later retrieved). I wish that such things don’t happen to you! If you follow my advice, there is a very less chance for that to happen.

Password management can be quite easy if you use the same email ID and similar passwords for all the websites that you login. But as a general rule, the easier you try to make it without any tools, the more vulnerable you are to getting hacked.

The Password Sins That You Shouldn’t Commit

  • Never store your passwords in a browser. Also Never store your passwords in an Excel Sheet, word document or any other un-encrypted file.
  • Don’t have passwords that contain your name, date of birth, pet name or the ones mentioned just now with a combination of numbers. This makes cracking it easy.
  • Never login in from a PC that you do not own. Any device can have a spying mechanism monitoring your screen or keyboard strokes.
  • Do not have the phone number that you publicly use as the password recovery phone number for your primary mail and social media accounts. One can steal your phone or bribe an employee in the telecom company to spy or even hack/reset your phone number. If one does not know which phone number you use for for password recovery, then hacking that phone number will be not possible. Security through obscurity.
  • Remember your master password for your password manager in your mind. Don’t write it down anywhere.
  • A password should never be reused on an another website.
  • Clean your devices of unwanted software every 6 months to a year. Many apps have vulnerabilities which can be exploited.

Do Websites Steal Your Passwords?

pass-spyMany websites are run by ethical companies and they may not try to steal your passwords but they may have vulnerabilities on their server and other hackers from the black world may try to steal that information.

There is a password black market that exists in the shady areas of the cyber space that you will never know about.

You need to make sure that your information never finds its place there and even if it does, it is of no use to them. The most secure passwords should contain at least 10 characters with 1 symbol, 1 capital letter, 1 number and a blank space. Also a password should never be reused on another website. Though this is very secure, you cannot remember all of them.

Before I talk about the password managers and the benefits of using them, first I have to tell you the consequences of having weak passwords and similar passwords for many websites.

Your Passwords are Weaker than you Think!

If someone knows your username, it will be pretty easy for them to try a brute force attack on your login and find out the password. A brute force attack means that a script or computer program will try every combination available to crack the password. You may imagine that such a process may take a very long time. It happens faster than you think.

For example, a password like hello3322 can be cracked within 7 hours by a desktop PC. Hackers do not always use desktop PCs. They may use a network of computers with shared resources to crack passwords. There is technology available to even use the processing power of graphics cards running in parallel to crack passwords really fast.

pass-un
Visit howsecureismypassword.net , enter your password and find out for yourself how weak your password is!

Say Hi to the Modern Password Managers

There are many password managers in the market which will store all the passwords for you in an organized way. Some of the password managers store your information online and some allow you to store the information on your devices offline.

More often than not, the database in which these passwords are stored are encrypted with 128 bit or 256 bit encryption which is the same level of encryption that banks use to store sensitive financial information of their customers. 256 bit AES encryption is quite secure. A 10 character password with a symbol, number and capital alphabet is so secure that a desktop PC would take 4000 years to crack that password!!!

Here are my top 3 Recommended Password Managers to Make your Life Easier

1. Lastpass

lastpassLastpass brands themselves as the last password you would need to remember. They have a free version and a paid version too. The passwords are stored in a database which is encrypted and stored locally. They also have plugins for browsers which help you enter the passwords automatically. As mentioned earlier, Lastpass user 256 bit AES encryption technology which is the gold standard in the encryption. Their premium version costs only $1 per month or $12 per year. Lastpass works across various platforms including mobile phones.

2. KeePass

KeePass-300x300KeePass is widely used by many people across the world. The best thing about KeePass is that it is free & open source. Anyone can check the algorithm for the integrity of the code. The team releases updates regularly. There are 2 versions. Version 1 supports 128 bit encryption and Version 2 supports 256 bit encryption. KeePass also works across platforms but with the help of third party plugins and applications. KeePass works well with Dropbox. You can put your database files in Dropbox and it would sync across all devices. It is not as automated as lastpass but gives more manual control and techies love this.

 

3. Roboform

roboformThe company started as an automatic form filling company but has become famous for password management now. Roboform has been in the market now for more than 15 years, so you can trust them since they would know what they are doing by now. Roboform also offers cross platform support. They have paid and free options.

Conclusion

Hope you got a good idea about managing passwords easily and securely. It’s the one thing that we use everyday when we use our computers and until the day comes when you get hacked, everything will seem secure. But take my advice, you are not safe online. If someone wants to really hack your accounts, it will be very easy for them if you don’t have very strong passwords. Have a secure online life.

Any questions?

AUTHOR: Deepak Kanakraju
No Comments

Leave a Comment

Your email address will not be published.