• Newsletters

Password managers

Do you have a Yahoo account? How about LinkedIn? Maybe you have an old AOL account gathering dust? eBay anyone? What do these sites have in common? They have all been involved in massive data breaches.

An estimated 3 billion Yahoo user accounts were breached in 2013. In 2014 at least another 500 million accounts were hacked. In 2012, 8 million LinkedIn accounts were leaked. In 2014, 145 million eBay accounts were hacked. AOL has suffered a number of breaches over the years exposing over 100 million accounts.

So what’s the big deal? Well, it’s pretty safe to assume that everyone has an account that’s been involved in a data breach. If not one mentioned above, there have been thousands of others and there will be more. There’s a good chance the bad guys have your password. Therefore, unless you use a unique password on every site, they can compromise all of your accounts sharing the same or similar password.

How can you possibly remember a different password for every site? You can’t, of course. You can, however, use a password manager to generate and store unique passwords for each site.

What if your password manager gets hacked? Fair question. We can ensure the security of it by using a well designed manager, a long password and two-factor authentication.

The password manager I recommend is 1Password. There are other reputable managers such as LastPass and KeePass, but I’m going to focus on 1Password here.

Everything you store in 1Password is encrypted using your Master Password and Secret Key. Your Master Password becomes the only password you need to remember, so it should be as long as possible. The Secret Key will be automatically generated for you. It should be printed out and stored in a safe place.

With this design, even if 1Password suffers a data breach, the bad guys won’t be able to see any of your passwords because they’re securely encrypted. In addition, you can setup two-factor authentication so that every time you install 1Password on a new device, in addition to providing your Master Password and Secret Key, you’ll need to provide a verification code.

To get started, I recommend heading over to https://1password.com and signing up for a free 30-day trial. It’ll cost you $2.99 per month after the trial period, which is a small price to pay for your online security. They also offer a family plan which allows you to share vaults (collections of passwords) with family members in addition to keeping your own private vaults.

Once you’ve signed up, you should download the app on your computer and phone. It works on almost every platform. Follow the instructions here: https://support.1password.com/get-the-apps/

Finally, install the browser extension here (it works in Safari, Chrome and Firefox): https://support.1password.com/1password-extension/

Each time you sign into an account that isn’t yet saved in 1Password, it will ask if you’d like to add it.

This should also serve as a good reminder to generate a unique password for this account by simply editing the entry and clicking the circle icon next to the password field to have 1Password generate a random password.

I recommend you begin by changing the passwords on your email, social media and financial accounts, since these are most vulnerable. Then, I’d change passwords on other sites when you find yourself signing into them. It only takes a couple minutes, but it could save you lots of headache down the road.

---