You might be surprised to see a security-related post on this site. It’s very simple: Your data are your most precious asset (next to the people who work with you), and over the years I’ve seen too many situations where business leaders are way too nonchalant with securing those data.
Today is World Password Day. If you had not heard about that before, don’t feel bad, neither had I … and I am very serious about passwords and good security.
Since the main point of this day is to presence the importance of good passwords and security issues in general, let me dive right into it.
I’ve been around IT in various capacities now for 35+ years, and the single biggest problem that comes up in conversations (with clients as well as with “normal people” (also called end users) next to learning new software is security.
I’ve seen it all:
- Pieces of paper with passwords written all over the place (last time I saw this was just recently).
- Excel files that sit on the computer un-encrypted.
- Google sheets that the person managing them is not aware of other people also having access to them (e.g., because they are sitting in a shared folder).
- The same standard password used everywhere.
And in almost every conversation, the person chuckles slightly embarrassed and says something along the lines of “I know, I should do something better”.
And I, without exception, respond “yes, you should, and you must. And it’s called a Password Manager” … at least to start with. Plus – it’s so easy and simple! Why would you risk your data security if it’s easier than ordering a non-fat soy latte with no foam and an extra shot of espresso?
Benefits of Password Managers
Password Managers are not the golden solution for everything. But they are a very good start. And here is why:
- You only need to remember one master password (which gives you access to the password manager).
- You finally can create crazy long weird passwords that you never ever would be able to remember – because you don’t have to. This step alone increases the security big time. No more “123456” passwords.
- A good password manager will offer you only those passwords from your repository that match the website you are on, which is a huge improvement in security, as it prevents you from falling for phishing attacks. In short, when you are on Amazon.com, the password manager automatically identifies the URL and presents you with your credentials for Amazon.com. However, when you are on a phishing site that looks like Amazon.com, but actually has the URL Amazon.com.something.other.com – which you might overlook – there will be no password offered and you may first be irritated but then realize that you are on the wrong site. Tadaaa … phishing attack avoided.
- Depending on which product you chose, password managers can synchronize with your mobile devices, i.e., you have all your passwords with you on the go at all times.
Other Security Measures
Before we go into my recommendations for Password Managers, let me also mention a few other important terms that fly around when you are lectured about security:
- 2fa (short for Two Factor Authentication) is a method to enhance the validity of your credentials by sending a code to your phone via text message. You then need to enter that code on the website you want to access within a certain time frame.
This method became very popular in online banking and is now used on many websites. Many people consider it the most secure these days. I have to admit that I am not a big fan of this method, and here is why:
a) This method can be broken through a SIM swap.
b) Sometimes, the text message with the code does not arrive in a very long time or never, leaving me stranded.
- Authenticator apps are a way more secure and practical approach, and I use it wherever it is offered (e.g., on my Google account or on Facebook).
First, you install such an authenticator app from Google (iOS or Android) and/or Microsoft.
Then you enable that option on the site you want to use it with (e.g., on Facebook). During that process, the site presents you with a QR code which then connects the app on your phone with that site.
When you want to access the site, you will be asked for a code that the authenticator app is generating in that moment. Very simple and straight forward and always works.
- Lastly, several industry heavy-weights are working on initiatives to do away with passwords altogether. At this point, this is still far away. For the time being, secure passwords are still your safest bet.
These are my recommendations for Password Managers based on personal experience, i.e., I’ve used all of them at least for a while:
1Password is my distinct preference. I’ve used this software for many years by now.
- The user interface is clear enough and the software is easy to operate.
- All information gets synchronized to my phone.
- I not only have all my hundreds of passwords in this one repository, but also all my credit card information and a lot of other information, categorized for easy access.
- At the time of writing this, the price for a single license is $2.99 per month and a family of 6 pays $4.99 per month.
LastPass is my recommendation for people who want or have to go with a free model (which 1Password does not offer). In my experience, the LastPass user interface is a lot clumsier than 1Passwords. But in terms of security, I have no concern with LastPass.
However, it does not offer (at least in the free version) all the many categories and options to store the variety of information as 1Password does, e.g., synchronization between your phone and your computer is not available in the free plan.
Dashlane is an option I’ve used for a short while. Eventually, I quit for several reasons, one of them being that I did not see any advantages over 1Password (for my needs) while at the same time, Dashlane has a much steeper pricing model than 1Password. I also did not get along with the user interface, even though this is one point it usually wins over 1Password in many reviews (some people prefer Mercedes, others drive Audi … sometimes it’s a matter of personal preferences).
That said, Dashlane certainly is an excellent piece of software that provides very good security and offers features that 1Password does not provide – and that I personally don’t need because I’ve covered them otherwise, e.g., security breach monitoring or VPN for wifi protection.
Obviously, there are lots of other password managers out there, and depending on your needs you might find others working even better for you.
In the end, it does not really matter which of the various options you use as long as you use one.