In previous posts we talked about the urgency and serious need to set different passwords for every online account you have. See them here.
Those passwords should be complicated and long. For certain key accounts we recommend using a passphrase, for example: "Luk31AmYourFather"... Wait for a comment below about this!
So how do we generate and keep track of all these different, random, complicated passwords? A Password Manager.
There are several available; such as 1Password, NordPass, Dashlane. Pick your poison.
The small yearly fee is well worth it for convenience. You could generate and store all your passwords in an Excel spreadsheet or a Note on your phone, but that can be a bit less friendly to use, especially across multiple devices. Password Managers are more user-friendly, generally more secure, can be used on multiple devices, and make it easier to generate new passwords.
To touch on security briefly, you may hear some people say that keeping all your passwords in one place is less secure. But I would ask: "Less secure than what? What is the alternative?"
Firstly, most people already use Google Chrome, Microsoft Edge, Safari or another web browser to store all of their passwords anyway.
Secondly, if you set a secure, memorable, difficult passphrase and enable MFA, I would argue that using a Password Manager under these conditions is far more secure than alternative options. Just be sure to remember your secure passphrases and never share any of your passwords with anyone, for any reason, ever. (See our post about that)
Thirdly, it is more convenient. How does that make it more secure? People will cut corners if they continually need to perform a cumbersome task, increasing their risk profile.
Fourthly, the passwords are encrypted. Yes, you could use a password protected spreadsheet stored only on a trusted device, but its better to have MFA and data encryption.
In short, Password Managers are much more secure and user friendly than alternatives.
After selecting the Password Manager of your choice, create your account using a secure passphrase and immediately enable MFA. Once you have downloaded the software, you can import your saved passwords from your computer and web browser.
Next comes the tedious part, logging into each of your online accounts and resetting the password, generating a new password each time from your Password Manager. You might not complete this step all at once, but please don't procrastinate. Perhaps start with high value accounts such as financial accounts, ones with sensitive personal data, and email accounts.
Be sure to make good use of any other features your Password Manager provides. It may be able to scan for data breaches and show you weak and reused passwords. Cyberthreats are a part of life nowadays - even if we maintain high security standards, other companies holding onto our data can and do get breached from time to time. Scanning for breaches reveals this, and using a unique, random password for every service reduces our attack surface.
And that's what it is all about! While we can never completely remove the possibility of a successful cyberattack, we can continually improve our security posture and reduce our attack surface.
In The Machine is an Australian based IT Company providing clients with Service, Solutions and Consulting. Our business operates on the Gold Coast and Brisbane, but we also support clients all over Australia remotely. We offer special security services and can assist with all things technology related, including improving your security. We also consult with clients to build out and configure comprehensive and secure networks - sending the components to the client with plug-and-play instructions.
Please feel free to contact us to see how we can assist you!