Every few weeks, we hear the news that another major corporation and their website has been hacked, just last week we heard about Equifax being hacked and data on millions of users being compromised. We of course only hear about the major newsworthy hacks which have been discovered or disclosed, but the scary truth is that around 30,000 websites are hacked every single day.
Often these hacks mean your personal information has also been compromised, most likely without your knowledge as often website owners either do not know they have been hacked, or choose to keep it quiet. In this post, I cover the important reasons for why you should use a password manager to protect your online identity, and how to get started with LastPass, a free password manager.
Passwords & Online Security Best Practices
Most websites rely on a simple login process for a user to gain access their account–a username and password.
As an online security best practice, you need to have long, complex and unique password for every web account you use.
Strong passwords need to be:
- Long – The more characters in a password, the longer it would take a hacker to guess your password.
- Complex – By adding additional characters to your password you add complexity or password entropy. Password entropy is a measurement of how unpredictable a password is, based on the character set used (a combination of lowercase, uppercase, numbers and symbols) as well as password length. Basically, your password needs to be something you could never pronounce.
- Unique – You need a different password for every web account you use. Yep, that’s right. Every login on every website needs to be unique and never reused.
Unfortunately, in the real world, meeting all three criteria for strong passwords is basically impossible without the use of a password manager.
Why Use a Password Manager? The Nightmare Scenario
So why is having a long, complex, unique password important?
If you use the same email address and passwords for multiple websites that you log into (as a lot of people do), what happens when one of those websites gets hacked?
The hackers now have your username and password on a list that will be used to try to log into thousands of other websites around the internet. If you use the same email address and password for all your websites, now the hacker will be able to log into all your accounts at once and get access to all your personal data and details. If those same login details are used for your email account as well, they can now access
If those same login details are used for your email account as well, they can now access pretty much anything. Any site they cannot get into, they can simply issue a password reset, which will come to your email, which they now have access to. Identity theft at this point is a high possibility.
Once your password has been compromised, you now have the challenge of updating your information individually on every single website that has the same login information. Do you even remember them all? If you use the same email and password again on each one, you’re probably going to have to repeat this process again in the future.
Don’t Use Common Passwords
Here’s Keeper Security’s list of the most common passwords of 2016. Do you recognize any of them?
These are all lazy password, achieved by just pressing keys which are next to each other on the keyboard, and are easily hackable in seconds by automated hacking tools.
|1. 123456||10. 987654321||19. 555555|
|2. 123456789||11. qwertyuiop||20. 3rjs1la7qe|
|3. qwerty||12. mynoob||21. google|
|4. 12345678||13. 123321||22. 1q2w3e4r5t|
|5. 111111||14. 666666||23. 123qwe|
|6. 1234567890||15. 18atcskd2w||24. zxcvbnm|
|7. 1234567||16. 7777777||25. 1q2w3e|
|8. password||17. 1q2w3e4r|
|9. 123123||18. 654321|
Password Managers vs. Browser Password Storage
A Password Manager such as LastPass not only remembers your login information but also helps you generate long, complex passwords and stores them and other useful information securely.
You may have noticed that your browser prompts you to save login details, but be warned that the password storage built into your browser is a solution of convenience, but is not secure. Anyone using your computer can access those saved details and login to websites, plus you will not have access to those details from other devices. Also bear in mind that if you lose your device or it is stolen, or your hard drive dies, or any disaster, you have lost all those details.
LastPass vs. Other Password Managers
There are numerous excellent options for Password Managers available:
It is also worth mentioning that if you use BitDefender Anti-Virus then this includes a simple password manager called BitDefender Wallet.
Ultimately, using any one of these password managers is a good choice, but I personally recommend LastPass, especially for business users, because it offers the most value in free vs. paid features and is the most configurable with additional security options and options.
So as well as passwords, it is great for storing bank details, licences, card details etc and is very easy to share passwords with other people. It is also very secure, you can set your LastPass to auto lock after xx minutes so that anyone else using your computer cannot access your passwords without your master password. You also have the option of 2-factor authentication.
However, it can be over complicated for the same reason if you are not very competent with computers, in which case one of the simpler solutions might be better for you for personal use.
Watch LastPass Tutorial for Beginners
LastPass Free vs. Premium
LastPass Free has everything you need to securely store and fills passwords on a single kind of device (for example, a Mac computer, a PC Computer, an iPhone, an Android Phone).
But if you want to access LastPass on different kinds of devices, you will need to upgrade to LastPass Premium for $24/yr. LastPass also offers Business and Enterprise versions that focus on sharing data among multiple users and creating rules and policies for your staff/users.
If you need help to get LastPass configured or require some training, then please contact me.