I’ve personally implemented these practices, and I figured it’d be good to share them with those who are trying to do the same.
The first step in protecting yourself online is to use a password manager. I know you’ve probably heard this countless times, but if you’re not using a password manager, please do it. It’s one of the best steps you can take to ensure your security, is easy to set up, and provides a solid first line of defense in not getting hacked.
The main problem with unique, strong passwords is that they are hard to remember. Many of us, however, tend to resort to relatively short passwords that are common and easy to guess or crack using techniques like brute force attacks and dictionary attacks. From a cybersecurity perspective, this is a recipe for disaster.
If you don’t believe me, you can check the top 200 most commonly used passwords here: Top 200 Most Common Password List 2021
Many us also reuse the same passwords for multiple sites. This also poses a huge security risk because data breaches happen all the time. When a company or service gets hacked, our login details including usernames and passwords, as well as other information, can be stolen and dumped online.
You can use this site to check if your email or other information have been involved in a data breach: Have I Been Pwned
Hence, when you reuse your passwords in multiple sites, hackers can use the password they obtain from a single breach to compromise your accounts across multiple services. For example, if you use the same password for your Twitter and Facebook accounts, hackers can then use your password obtained through a Facebook data breach (this happened less than a year ago) to log in to your Twitter account. Long story short, reusing passwords is a bad idea.
In order to address the security issues above, you should be using a unique and strong password for everything. A strong password, like the one below, will take centuries to crack using current computing limits:
In case you’re wondering, a password like “michael22!” can be cracked in mere seconds. This is a useful tool to check the strength of a password and how long it takes to crack it.
Imagine having to memorize a different, strong password for every single website and service (kudos if you are able to). This is where a password manager comes in. It helps address the limitations of human memory by generating strong, unique passwords that are impossible to crack by current standards. They are then stored, so you don’t have to remember any of them, significantly reducing the chances of you becoming a victim of a password-based breach. All you have to do is remember one master password. Most password manager offer apps across various platforms and browsers to make it easy for you to fill in your password automatically. They also help prevent phishing and identify theft.
Is Using a Password Manager Safe?
A good, reputable password manager is very secure and safe to use. Once your passwords are generated, they are encrypted before being stored or synced. This means that even in the unlikely event of your data being intercepted by someone else, it makes it impossible for them to read it or learn anything from it. The only way to decrypt your data is by using your master password, hence it is a good idea to make it as strong as possible. A master password should never be shared with anyone else, and should not be forgotten (or you risk not being able to access your data because you can’t decrypt your data without it). With other security measures like 2-factor authentication enabled (for your password manager account), password managers are indeed very safe to use. However, once again, make sure to use a strong master password that you do not share with anyone, and do not forget it for any reason.
Which Password Managers to Use?
There are many password managers available, including the likes of LastPass and Dashlane. You can do a search online and read the reviews from reputable publications to decide what works for you (I’ll include some articles below for additional reading). However, using a browser based password manager like the built-in function in Google Chrome is not recommended by experts.
I’m currently using one of my favourite password managers called 1Password. It is highly rated, has a clean user interface, and offers a smooth experience across devices. It also automatically scans for password breaches and audits your existing password to make sure you’re protected.
If you’re looking for a free option (1Password is a paid service), Bitwarden is an open source (the code can be inspected by anyone) alternative that is also very highly regarded. I’ve tried using it, and I found it to be very impressive (I’ve honestly been thinking about ditching 1Password for Bitwarden some time in the near future). While the app can be used for free, there is also a paid upgrade option that unlocks more features, though the free version should suffice for the average user.
How Do I Use It?
Once you decide on which password manager to use, head over to the respective official website to sign up, set up your account and download the apps. The websites usually have all the resources and guides you would need to learn more about their service and how to use them. That’s it, once you’ve downloaded the apps and set everything up, you can forget about remembering multiple passwords and go back to watching your favourite series on Netflix.
The first step to protecting your online security and privacy is to get a solid password manager (1Password and Bitwarden are good options). They help you create unique and strong passwords for each site and service you use and store them safely, so you don’t have to remember them. Once you decide which password manager to use, go ahead and set them up, but be sure to use a strong master password (you would have to remember this) which only you know. I also highly recommend turning on two-factor authentication for the password manager service you’re using. And voilà, you are now one step further in your journey in practicing good security hygiene.
*Cover photo credit: Jozsef Hocza on Unsplash
Arvinth Gunasegaran | MSc International Business, Nottingham University (UK)