You know what surprises me the most in regards to data breaches? It’s the fact that people still continue to use passwords like “password” or “123456” to protect their accounts. Think I’m kidding? I’m really not, take a look. Using passwords like these is a big issue because it leads to really, really bad things.
One day you log into your banking account to do some shopping and next thing you see is that you’ve got no money. You’ve had some yesterday though, so how could that happen? The answer is simple – it happened because you have became a victim of identity theft.
Identity theft is possible because the same password is used more than once – this means that if one service you use is hacked and you use the same password for the rest of the services, a hacker could gain access to all of them. Use the same password for your Twitter? Facebook? Banking account? Yeah, say goodbye to them too.
The two golden rules
When dealing with passwords, two rules should be applied:
- Passwords should be single-serve only.
- Each password should be strong.
By mentioning “strong” passwords I mean that each of your password should consist of at least 20 characters and it should contain uppercase, lowercase letters, numbers and symbols.
Ideally, each of your passwords should look like this:
Wait – how on earth can you remember such a password?!
Here’s the trick – you don’t. A password manager does that. A password manager is able to generate secure, random passwords and remember them for you. When using a password manager, you lock up all of your passwords behind one secure “master” password and forget them.
All this comes down to one important conclusion: If you can remember your password, it’s not secure enough.
What if the password manager gets breached?
This question comes up almost every time password managers are mentioned and it’s a very good question to ask: You’re putting all of your eggs in one basket, what if that basket gets compromised?
Here’s the thing: In order to do any damage, a hacker would need to be able to get his hands on the file that contains all of your passwords (most password managers store the password vault locally) and guess your master password. Furthermore, most password managers let you activate two-factor authentication or location-lock your account which means that even if your master password is compromised in some way (such an event shouldn’t happen if you choose one securely) the attacker would be stopped.
Now that I’ve mentioned two-factor authentication, let me stop here for a moment. When the details of the DropBox hack became public in 2016, it was revealed that less than 1% of its user base had taken advantage of the two-factor authentication feature. Less than 1%. If we would glimpse into the details of the hack, this would tell us that less than 686,798 of DropBox users had two-factor authentication enabled – that’s more than 67,993,006 accounts using only an email address and a password to log in!
I suspect we see such numbers because two-factor authentication is something people have to do in addition to just entering an email and a password: it becomes a barrier. Having said that, this barrier is extremely important – it’s a layer to double check that your identity is legitimate which could save you from getting your identity or money stolen.
Quit reusing your passwords!
Password reuse leads to identity theft: passwords should be single-serve only. Password managers are helpful on this occasion too – they’re able to generate a new password for every service you use which is an extremely good thing because by doing so they almost eliminate the chances of you getting your identity stolen.
- Reusing passwords feeds identity theft – don’t do it.
- Ideally, each of your passwords should consist of at least 20 characters and they should contain uppercase, lowercase letters, numbers and symbols.
- Because you’ve got so many passwords (and face it, you do..) there is simply no way you can remember all of them – if you use passwords, you need a password manager.