It seems like every website we visit these days wants you to register, and create an account that is going to require you to think up yet another password (and maybe a username if the site doesn’t use your email address) that has to be long, random, and un-guessable which is fine, but then it’s also much harder for you to remember.
With more and more security breaches such as the well publicised LinkedIn and Ashley Madison breaches the pressure on keeping password secure has never been greater, but there are still a whole bunch of mistakes that people make when trying to create a password such as the list below:
- Use the same password for every site – this is probably one of the biggest mistakes you can make. If just one of those websites gets its user database compromised then your entire online life is now available to anyone.
- Write all your passwords in a little black book – not a great idea, the passwords aren’t encrypted, are unlikely to be very long or random, and have no real security as if someone finds your book they have access to everything.
- Store your passwords in a file on your computer – essentially the same as a black book, no security and no encryption
- Store passwords in your browser – this is starting to become a bit better but still has some problems:
- If some else has access to your PC then they can get at all your passwords
- They are stuck in one browser, if you use multiple browsers or computers then your passwords won’t travel with you.
- Browsers based password stores have generally been quite easy to hack and anyone with access to your computer could get them back.
Now is the time to think about moving your passwords into a proven password manager utility so what features should you look for in a password manager?
In general a good password manager will have the following features.
- Automatic random password creation – no longer will you have to settle for variations on the same password, your password manager will generate and remember bgh*tyi!45cvf58 as your truly random and un-guessable password
- Browser extensions – Most provide an extension for all major browsers that allow you to create and store passwords on the fly.
- Full Encryption – Password databases should be encrypted at all times whether they are stored locally on the device in the cloud. We recommend a password manager that encrypts your database in the device before sending to the cloud.
- Multiplatform/ device support – You really need a password manager that is available on more than one device so that you con switch between desktop, Tablet and ‘Phone devices with ease and not have to worry about copying your file manually. for this feature to work properly you will need a manager that backs your password database up in the cloud, but so long as its encrypted you should be safe enough.
- Multi-Factor Authentication – Try to use a password manager that supports some form of multi-factor authentication to help improve the security of your password database.
So, who are the big players? The big and well known names are Lastpass, Keepass, Dash lane, One Password and Roboform to name but a few, a Google search will reveal loads more.
Do we recommend one? Yes, We don’t usually like to push our choices on other people but for something so important we are making an exception and recommending LastPass as the best all round password manager. You will have to pay to use all the features but at only $12 per year for the premium subscription we think it’s probably money well spent.
Use Strong Passwords – Tips for creating strong passwords.
Multi-Factor Authentication – Various methods for improving online security.