Few things are sacred, even fewer are secret. In an online centric world, personal data hacking is not only inevitable, it’s present. While most of us are aware of our cyber insecurity, few actually take advantage of useful safeguards, specifically password managers.
In this two part blog we’ll take a look at some of the most common myths, and excuses, surrounding password managers, provide inside expertise, and with any luck, convince you to commit to common sense – starting today.
Part One
“Use strong passwords” might as well be the tech industry’s version of “Eat your veggies.” But just as diet and exercise tend to be the first things to go, so do strong passwords. We all know having poor nutrition negatively affects us, yet we often choose the greasy burger over the leafy greens. The same holds true for cyber security. Strong account passwords are essential to online security, yet the majority of us continue to use weak passwords in highly unsecure ways. Knowing what’s best for us, why do we so often choose the opposite?
Operating online is required for functioning in the modern world. While you could opt for the “Into the Wild” lifestyle, ridding yourself of all possessions and journeying into the Alaskan wilderness, for those of us who prefer the creature comforts of running water, grocery stores, and automobiles, we’re forced to participate in the Internet of Things (IoT). And, as with many things, there’s a level of risk involved.
While there’s no such thing as absolute security, there’s also no such thing as living forever; that doesn’t mean you can’t or shouldn’t take measures to protect yourself.
Cue the excuses.
I don’t have that many passwords/I have them all memorized
The typical web user logs into 6-10 websites or applications per day. That means most web users have a minimum of 6 passwords, if they use unique passwords for each website, and that’s also assuming they’re visiting the same pages/applications day in and day out with no new additions. I don’t know about you, but I don’t have a photographic memory and I admittedly have trouble remembering what I ate for breakfast. Unless you’re using the same password for every site (huge no no), you’re writing them down somewhere (we all know that’s not smart or efficient), and never updating them, then it’s safe to say a password manager is the logical solution. Why not use the same password you ask? If your device gets malware or key loggers are installed, a hacker would only need to sniff out your one password to gain access to EVERYTHING. You wouldn’t want that, would you?
I have my own method
If you’re using variations of the same password, your pet’s name, the year you were born, the year you graduated, the name of the site your password is for, or one of the many other common methods, you’re asking for trouble. According to a 2015 survey conducted by TeleSign, 73 percent of online accounts are protected by duplicate passwords and 47 percent of people use passwords that were created more than five years ago.
While generic is bad, personal (not private) isn’t good either. The IoT has made it extremely easy to locate an array of information, your personal info among that. Remember that cute picture of your cat Fluffy that you publically shared on Facebook? Well good, because so does that hacker who was able to access your email using the password “Fluffy.” And, while using the password “Bank” for your bank account seems savvy at the time, trust me, hackers are savvier than that.
The password manager could get hacked
Yes, I too learned that it’s never a good idea to put all your eggs in one basket, but I also know that one well-made basket is better than 5 flimsy ones. After all, it’s about quality, not quantity.
Quality password managers utilize strong encryption methods for protecting user data. For example, RoboForm encrypts your password database with the only access key known by you, in the form of a Master Password. All encryption and decryption happens locally on your computer. So even if you emailed your favorite hacker all your RoboForm data, the hacker would be unable to decrypt your data, because only you know your master Password. To ensure the highest level of security, RoboForm also offers multifactor authentication, allowing you grant permission only to specific devices you’d like to have access to your account.
Browsers have become a common method for remembering logins, but unlike true password managers, it’s exceptionally easy for someone to gain access to your information. In Chrome, all anyone would need to do is view your browser’s settings and click on the show button in the preferences tab to reveal any saved password.
While it true that some password mangers have experienced hacks, it’s extremely uncommon. Unlike your plain text passwords, password managers utilize strong encryption methods, preventing data access. Think of it as clam shell packing – it’s frustratingly difficult to open and near impossible without the right tools. Honestly ask yourself, which scenario is more likely: Your plain text password being hacked or your encrypted password manager protected data?
Me, get hacked? NO!
Well isn’t that true for everything until it happens? I’m pretty sure Mark Zuckerberg wasn’t expecting his social media accounts to get hijacked, but even a billionaire can get suffer the consequences of a 4 year old hack. He probably would have been less embarrassed too had he used a password generator.
In 2015 alone, Anthem, Ashley Madison, Experian, OPM, and CIA Director John Brenan (just to name a few) made headlines as the result of cyber breaches. No one is immune. According to a study conducted by Symantec, in 2015, there were over one million web attacks against people each and every day. Nearly half a billion personal records were stolen or lost last year, and the number of reported exposed identities jumped 23% to 429 million.
