This is the fourth blog in our series about you & your data. To get the most out of these posts, please also read Part 1, Part 2 & Part 3.


You & Your Data: Managing Your Passwords

Have you seen the movie Spaceballs? It’s really funny, and I highly recommend giving it a watch if you’ve never seen it. (IMO Mel Brooks is a comedic genius)

The reason I’m referencing a movie from 1987 isn’t to be a smug hipster though, it’s because there’s an example of terrible password management in this scene. The code for the entire planet’s shield is given up to Dark Helmet and Colonel Sandurz, and it ends up being 1–2–3–4–5. Doh!

While this scene is great for a laugh, a rather unfunny fact is that this same password ranks #3 in the world for most used passwords.

And if that isn’t bad enough, according to SplashData the most common password used in 2018 was 1–2–3–4–5…wait for it…6. Aye Caramba!

“The most common password used in 2018 was 1–2–3–4–5–6”

Spaceballs came out over 30 years ago, and even then weak passwords posed a problem. The uncomfortable truth is that humans can be a bit lazy, and when we have to choose between making extra effort for extra security, a large number of us don’t do it.

With password management, a little extra effort can give you a HUGE amount of additional security though, and after the initial setup you’ll actually save time. Passwords probably aren’t going away anytime soon, so make this a priority!

What Is Password Management?

Password management is simply having control over your passwords in a secure manner. There are three components to this, and you should be doing all three for optimal password management.

First and foremost is the component of password creation. Ask yourself; how do you create your passwords & how often are they reused?

*Spoiler: Don’t reuse your passwords!

The second component is the storage of your passwords. A good question to ask is; how safe is the place you keep your passwords & how do you back them up?

The third and final part is the recovery of your passwords. If you forget one or decide to change it; how do you find a password that hasn’t been used for awhile?

All of these parts should be viewed through the lens of security. Is your password created in a secure manner? Stored in a secure manner? Recovered in a secure manner?

To be properly managing your passwords, you need a plan for all 3 parts and a way to securely accomplish it. Fortunately, the invention of password managers has made doing all of this much, much easier.

Upsides

The easiest way for someone to get control of your accounts and potentially your digital life is through your passwords. They represent a huge wall that prevents people (or aliens) from controlling your online self.

If this wall has holes in it or isn’t very tall, the probability of someone getting inside is high.

The How-To section of this post will walk you through how to build a very strong, very tall, wall. It will be the best wall ever actually, a really great wall that’s so strong and tall, and the funding needed is very minimal!

Remember MAGA: Make Accounts Guarded Again!

Downsides

The main downside to proper password management is again the initial setup. The time you take to do this may be an hour or two, but it is probably the single most valuable thing you can do to safeguard your digital identity.

A lesser downside is the “honeypot” scenario. When you have all of your passwords inside a password manager, all it takes is someone getting their hands on the master to unlock your entire system of accounts. For power users, having a private key to go along with your master password can help alleviate this.

How To Do It

The easiest way to get control over your passwords is through a password manager. At their most basic, these services securely encrypt and store all of your passwords, locking them away behind a master password and (optionally) a private key.

Below are recommendations for password managers:

  • LastPass —Free or $24/year for premium — By far the most popular password manager, LastPass stores your encrypted Passwords in the Cloud. It is best used via a browser extension & supports 2 Factor Authentication. Some cool features are the ability to audit your password security, identifying duplicate passwords and telling you how strong your current passwords are.
  • Dashlane — Free or $40/year for premium — Heavy encryption and an all at once password changer will give every account a new password instantly. Is best used via a browser extension, but you’ve got to pay for syncing across more than 1 device. Also supports 2 Factor Authentication and a lot of other features not mentioned here, see the link for full details.
  • KeePass — Free/open source — No browser extension support, but is usable across all operating systems. Creates an encrypted database of your passwords that have a master password and optional private key to unlock. A unique ability is it’s auto-type functionality, which allows you to log in to password prompts other password managers can’t. Power Users: Use Dropbox or Google Drive to store your KeePass database, thus giving you access to your passwords across all devices. Keep your private key on a personal flash drive for the best of both security and ease-of-access!
  • Check to ensure it contains at least one number, a symbol, (#, @, etc) a capital letter, and a lowercase letter while also being 13 characters or longer.
  • Run it through our Data Breach Finder to ensure it hasn’t been compromised.
  • If you are using a password manager that stores your passwords online, (like LastPass or Dashlane), ALWAYS set up 2 Factor Authentication. And use the good kind of 2FA through Google Authenticator or similar. The 2FA where you get a text on your phone is not nearly as secure.
  • Your master password should be backed up offline, and in at least 2 separate physical locations.
  • Don’t reuse any of your passwords, and NEVER use your master password for anything else.
  • It may be a good idea to give your spouse or family member a way to access your master password in the case of an incapacitating event.

Thank you for reading this, our You & Your Data series is built on the idea of empowering Dockers to; “Take Action Today so You Control Your Data Tomorrow”.

If this series has helped you become more secure, let us know on Twitter. Our Telegram is also a fun place to hang out and get any security related questions answered!

Find Out What’s Up with Dock @ Dock.io!