Password Managers - Part 1
Intro to Password Managers:
Virtually everybody today has a username and password. We are required to provide them to log on to popular online services like social media, online stores, and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. If you are inclined to answer ‘yes’, keep reading because you’ll find this information of use!
Is it safe to allow your browser to store passwords?
The password saving option can be very helpful if you set different robust passwords for each service. But, the truth
is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This
means that anybody with access to your computer – co-workers, relatives, or anyone that lays hand on your computer
– will be able to access these passwords from the browser’s own settings menu.
The passwords are stored in the local directory where the browser is installed in the form of SQLite database with data encryption. Still these data storage location could be tracked and decrypted, the list below demonstrates how easy/difficult it is perform the tasks to obtain the passwords:
- Google Chrome: Easy
- Internet Explorer: Easy/Medium/Hard (depending on the version)
- Firefox: Medium/Hard
Is my password strong enough?
Here’s a link to check your password strength: https://howsecureismypassword.net/
What makes a password strong?
- Password should not be easy to guess.
- Use long passwords. 12 characters minimum, randomly generated (there are several tools available, including one in LastPass). Alternately, and if allowed, use a pass phrase at least 4 words long, ideally with spaces.
- Use a different password for every log-in account you own.
- Use two-factor authentication when available
Ideas for strong passwords
Here are a few examples that of password phrases that either means something to you, or you associate with a type of website. For example, "all for one and one for all" may be the password for a social networking site where it’s all about sharing. It could be a phrase about money for a banking site, and so on.
- 2BorNot2B_ThatIsThe? (To be or not to be, that is the question - from Shakespeare)
- L8r_L8rNot2day (Later, later, not today - from the kid's rhyme)
- 4Score&7yrsAgo (Four score and seven years ago - from the Gettysburg Address)
- John3:16=4G (Scriptural reference)
- 14A&A41dumaS (One for all and all for one - from The Three Musketeers, by Dumas)
These examples tell a story using a consistent style so if you know how you write the first sections, and you’re on the login page for a site you’ll know what to add.
- ABT2_uz_AMZ! (About to use Amazon)
- ABT2_uz_BoA! (About to use Bank of America)
- Pwrd4Acct-$$ (Password for account at the bank)
- Pwrd4Acct-Fb (Password for a Facebook account)
Safety tips to keep in mind
If you re-use a password on multiple accounts, even if your password is long and complicated, all it takes is one account getting compromised to make all your other accounts vulnerable. If an attacker gets access to your password through an insecure, innocuous website, they can then use it to pivot to more sensitive ones - like your bank, taxes, or online health care accounts.
Password phrases to avoid:
- Your username, actual name or business name.
- Family members’ or pets’ names and birthdays.
- Favorite sports team name or other words easy to work out with a little background knowledge
- The word ‘password’!!
- Numerical sequences
- A single commonplace dictionary word, which could be cracked by common hacking programs.