Password Management

Let’s talk a bit about password management…

In my time spent working with people and technology, I have seen some pretty darn funky methods of storing passwords.
Sticky notes on monitors and desktops to excel spreadsheets, and handwritten lists that we’re sure are here somewhere.

And clever methods for creating them, like the name of a dog and birthday, a street address, name of an author or favorite movie…
You get the idea. Maybe you come up with a good password: upper case, lowercase, numbers, and symbols that you can remember.

But this is such a challenge for our busied human minds, we tend to use this password over and over at many different sites.
This is because we just want to get things done and not be faced with those dreaded “I forgot my password” moments.
That is a BIG NO NO! If any of this rings a bell for you or anyone you know, please read on…

Passwords are the keys to your kingdom!

Like it or not, we’re all facing a brave new digital world, where our information is zipping all around us at the speed of light.
Whether we can see it or not, on our computers, our mobile devices, at the checkout stand at target, you name it.
It’s a digital world we live in and there is no turning back.

What we must keep in mind, is that everything we do in this brave new world is our responsibility and our responsibility alone.
The importance and use of high quality never re-used passwords on each and every site we participate with, must be our priority.
Just as important, is a secure method of storing and managing these strong new passwords so that they can be used easily.

Think about this…

Different websites store your username and passwords in different ways, some more securely than others.
Storing data securely is a difficult and ongoing process. Many websites don’t have the staff or budget to keep data secure.
They set up their site, test it to see if it’s working, and there the process ends until disaster strikes.

At this point, the company is typically running around with their hair on fire trying to figure out what happened.
Next, they decide who they need to hire to discover the extent of the damage and remedy the situation.

Reputable companies, will hopefully, after locking down problems with the vulnerable code on their site, will do the right thing.
Under responsible disclosure, they will try to contact you if you were part of the breach and your private information was leaked.

However, there are many other smaller sites that may never even know that a data breach has occurred.
If you think this is not a big problem or it can’t happen to you, think again!

Have a look at Wikipedia’s list of data breaches to see how common this phenomenon actually is.

What this means for you

Once your data has been leaked by a data breach, there is no undo, your data is out there in the wild for eternity.
If this data includes a username and password you have re-used on more than one site, you’ve got a problem.

Why does this matter?

let’s just say that you set up an account with acme.com because you like their shirts.
Your username is typically your email address: [email protected] The password you use is HappyDog1997.
Everything is good, but then, you set up other accounts with the same username because it’s your email address.
You also use the same password because you can easily remember it, and don’t want to be locked out.

And this pattern continues and things seem to be going well, you’re now a member of lots of great sites and no problems logging in.
But then one day, one of the sites you signed up with gets hacked and there is a data breach that includes your data.
Your username, password, address, real name, and possibly credit card information are in the wild, but you are not aware of this.
In case you are wondering if any of your information is already out in the wild, and you probably should be…
You can check that out for yourself over at https://haveibeenpwned.com.

What happens next?

With your username and password in hand, hackers will then run automated scripts that will test your username and password.
They will test it against all the popular and high-value websites, Banks, Financial Institutions, and Everything else.

If you have re-used that password anywhere else that fact will be noted, logged, and sent back to the mothership!
Keep in mind that this is all automated, a machine running a program will do the work faster than any human can.
And it never gets tired. With this new information in the hands of the hackers, any number of bad things can happen.

And your problems begin…

I won’t go into all the possible scenarios here because there are too many, but here’s an example of a serious one.
If the username and password the hackers now have access to happens to be your email credentials imagine the following.

Now they not only have access to your contacts, but they can also see the sites you do business with.
Maybe that’s amazon, your Banks, Financial Companies, Investment accounts, etc.
Hopefully, you haven’t reused the same usernames and password at those locations too, so you’re good right?
Wrong! Now with access to your email, they can easily recover and reset the passwords for all your accounts!

Maybe they’ll transfer some funds for you, do some social media posts on your behalf, buy some goodies on Amazon…
You see the problem and at this point, I hope I have made it crystal clear, just how important strong, never re-used passwords are.

The problem is, that the passwords that we should be using: M%OF`Tc&hO%;Tq[H1dSz, and never re-using are not convenient for us.
Our brains are just not designed to create and remember strong passwords for each and every different site we visit.

The solution is a password manager

The LastPass password manager is the only way I can personally recommend to store and manage all your passwords.
Not only does it store and manage your passwords, but it can also store and manage all of your critical confidential information.

See my review of the LastPass password manager to give you an idea of how powerful and useful a well-designed password manager can be.