Passwords are EVERYWHERE!
Be it email accounts, social network accounts, work-related accounts or even entertainment-related accounts – we have accounts across all the services. And with these numerous accounts, our account-tally ends-up in double-digits, which leads to two common problems: ‘using simple passwords’ and ‘reusing passwords’.
You might have come across people saying that you should always use a strong password with a lot of complexities in it – which is a fair ask to keep your accounts secure, but for a lot of people, creating or remembering a complex password is not that easy, and they end up with very basic passwords like – ‘monkey‘, ‘password‘, ‘qwerty‘, ‘123456‘, etc. The problem with such passwords is that they are very commonly used passwords and can be easily cracked using a simple dictionary attack. You can head to this website, which has a list of the thousand most commonly used passwords and check for yourself to see if any of your existing passwords are listed there. In which case, you might want to change your passwords right away without wasting any time.
Another problem with having so many accounts is the re-using of passwords. Apart from using a simple dictionary-type password, some people use the same password across all their accounts. The reason behind this seems obvious – it’s hard to remember long-and-complex passwords for hundreds of accounts. But this should be completely avoided because if one of your accounts gets compromised, you might end up losing access to all your accounts, just because they share the same password.
To overcome such problems, it is always advised to use Password Managers, which assist you in generating and managing all your passwords in one place.
But what is a Password Manager?
A Password Manager is an application that allows users to create, store, and manage all their passwords in one place and access them with the help of a ‘master’ password whenever and wherever required. It comes with a vault which can be used to store other valuable information like bank details, email accounts, passport, software license, membership cards, etc.
It does everything for you from generating a strong password, to storing and syncing them across all your devices for easy-access, to auto-filling login forms on apps and websites. All that to save you from the hassle of – not needing to brainstorm while creating a password, not having to remember all your passwords, and in some cases not having to fill in the login details as well. For all, the only thing that you need to do is remember the master password, which is required on two occasions: logging-in to your password manager and resetting your master password.
Since the entire vault’s security is dependent on the master password, creating a master password which is pretty strong and complex, thus becomes the utmost priority. Not to mention the need to always remember it.
So what does a strong password look like?
Well, here’s an example of a strong password: ‘TsO5Ld3hZD3!%CjB4*vB’. It is a 20 character-long password generated using the LastPass password generator which includes numbers, special characters, and upper-and-lower case letters. It is a very strong, complex and unique password as compared to the simple dictionary passwords that a lot of people use, making it comparatively less vulnerable to brute-force attacks.
According to this website (which gives an idea of how strong a password is by calculating how long would it take someone to crack it), it would take someone around 43 quintillion years to crack this password, which puts it right up in the list of secure passwords.
How to choose a strong password?
Ideally, the best way to create a strong password is by using a password generator, which can be found as an added utility on a lot of password managers these days. However, in case your password manager doesn’t have it, you can find an online tool which works just fine. Using a password generator takes away all the hassle of creating a password yourself and then adding it to the vault for later use.
In case, you do not want to use a password generator and wish to go the other-way-round and create a password yourself, here are some do’s and don’ts that you need to keep in mind while creating a ‘master’ password or even any other password in general:
- Always opt for a long password – anywhere between 8 to 15 characters is considered ideal.
- Opt for complexities by including special characters, numbers, and upper-and-lower case letters as much as possible.
- Never include your name, phone number, D.o.B, address, or any such personal information in your password.
- Never use a simple dictionary password to secure your account.
- Never re-use the same password across all your accounts.
- Never store your passwords fragmented on various notes app across several devices.
A ‘pass-phrase’ is your friend!
There’s no denying the fact that a password with all the various complexities and complications included is an ideal fit for your account. But with increased complexities, comes difficulty in memorising and remembering these passwords, especially when you have to remember a hundred of them.
A solution to this problem is replacing the ‘password’ with a ‘pass-phrase’ as your password. This is so because a pass-phrase comprises of several words in a particular sequence, which makes it easy to memorize and use when compared to a password. In addition to that, a pass-phrase also makes up for a better password by making it sufficiently long-and-complex. For example- the password ‘qwerty12341234‘ is short, common, easy and more susceptible to a brute-force attack as compared to something like ‘ridiculouslysymphonicturmoil‘.
What should you look for in a Password Manager?
Now that you have decided on using a Password Manager, there are a few things that you must always keep in mind while on the look for an ideal password manager.
- Firstly, the most important thing to always be aware of is the security. Always search for security details like encryption standards used to encrypt passwords and communication, and the platform that the password manager decides to store all your information on. Subsequently, look for password managers that come with 2FA (software, or hardware), that provides a second layer of security in addition to the master password. By doing so, whenever you log in to your password manager, the app asks you to enter a code, which can be either a software-based code like Google Authenticator or a hardware key-based like YubiKey. And based on the one you use, you just need to enter the key, which changes periodically after a certain period of time.
- Look for a password manager that comes with a password generator which allows you to generate a password using the various complexities provided in the app itself. That way, you don’t need to go around struggling to find the right password. And once, a password is generated, you can add other details like username, email address, website URL and save the entire set of login-credentials for use at a later time and even across all your devices if your password manager comes with the cross-platform sync feature.
- Apart from the ability to store passwords alone, look for password managers that provide an isolated vault, separated from the login-credentials. Such vaults can be used to store other confidential information like bank details, credit card information, health insurance, membership, passport, software license, etc. In turn, the kind of information you would otherwise refrain from keeping on your usual notes app.
- Another excellent feature that is a must on every password manager is the auto-fill feature, which saves you from the hassle of keying-in passwords every time you come across a form on a website. Using this feature, you no longer need to fill the username and password for your accounts, instead, the app itself does it for you. To make this work, while you save your passwords on the app, you also need to provide the URL (address of the website) along with the username and password. After that, whenever you are on a website, the app identifies its URL with the one stored on the app, and if a match is found it fills all the details that you provided in the first place. It also prevents your accounts from being compromised with spoofing-attacks like the IDN Homograph attack, which is basically done by creating a clone of the website and also creating the URL of the website look identical to the actual URL by using characters that otherwise mean something completely different but appear to be identical. For example- ‘g00gle.com’ instead of ‘google.com’, ‘rnicrosoft.com’ instead of ‘microsoft.com’ and many more. The differences are slim and very less noticeable, especially when you haven’t come across or heard of such attacks.
- We use a lot of devices to access various services on the internet, which arises the need of having all your login credentials synced across all your devices so that you have all of them at your disposal and can use it whenever required. In case, your password manager doesn’t have the cross-platform sync capabilities, you might need to re-visit the device that has all the passwords synced to it. The problem with this is that it defeats the whole purpose of using a password manager in the first place. So, if your password manager supports cross-platform sync functionality, all the passwords that you save on one of your devices gets synced with all the other devices automatically. Thus allowing you to access all your passwords anywhere irrespective of the platform.
Which is the best Password Manager?
There’s nothing like ‘the BEST Password Manager’ since there are a lot of different password managers to choose from in the market, with each having its own pros-and-cons over the other. Therefore, it’s more of a subjective thing, as what may work for you or meet your requirements may not do the same for others. But to make things simpler here are four of the most popular and widely used Password Managers:
Get started now!
By now, you have a solid idea about how a password manager can help you with some mundane tasks while simultaneously increasing the security across all your accounts. So, without wasting any time, you need to go ahead and download a password manager on your phone and computer and start using it straight away. You can either choose a password manager from the list above or can download the one you like.
Pro-Tip: In addition to using a password manager, make sure you also use a 2FA (software or hardware) to add an extra layer of security to your account.