Why and how to improve your password management

Business vector created by jcomp — www.freepik.com

Have I been pwned?

I started off with checking “Have I been pwned” (/pəʊnd/). It’s a tool where you can enter your email or phone and check if your data was exposed in “breaches” to persons that should not have been able to view it. To my surprise, my data had been compromised in 15!! breaches. A lot of them included my email, username, and password (or password hash, more on that later). I was somewhat taken aback by the amount of breaches my data was involved in.

Importance of complex passwords

Before advocating why you should use a password manager, I want you to understand the importance of using complex passwords and why reusing the same password over and over again is bad practice.

Source: https://www.hivesystems.io/blog/are-your-passwords-in-the-green
  • 8 characters
  • Upper and lowercase letters
  • Numbers
  1. I have set a password “12345678” on one of my accounts.
  2. The platform where I have set the password got breached and all its data got leaked.
A very simplified example of a rainbow table

Managing your passwords and credentials

Now that you understand the importance of using complex passwords, as well as avoiding using the same one across multiple platforms, I’ll explain how I managed to turn my poor password policy around.

1. Start using a password manager

  • Choose a very complex “master password” (one you can remember of course 🐵)
  • Immediately enable two-factor authentication. Be sure to pick “App” 2FA over “SMS” 2FA.
  • Add all your existing credentials to the manager and remove all other files, papers, … where you were storing them before.

2. Check for reused passwords

A lot of password managers have a feature called “Reused passwords report”. I strongly urge checking out that report. You should make sure that report is empty or, in other words, that all of your passwords are unique. If a service that you use is compromised, reusing the same password elsewhere can allow hackers to easily gain access to more of your online accounts.

3. Enable 2FA where possible

Two-factor authentication is a mechanism where a user is only granted access to a service after successfully presenting two (or more) pieces of evidence.

  • Knowledge, something only the user knows. For example, a password, passphrase or a PIN.
  • Possession, something only the user has. For example, a key or a token (= digital version of a key).
Computer vector created by stories — www.freepik.com

Pros and cons

Using a password manager has a lot of benefits, but it also has a few minor downsides.

  • There’s still some vulnerability to consider. If someone else learns the master password for your password manager, all the other passwords stored there could be stolen.
  • You might forget your master password. Typically, you’ll be locked out of the password manager’s database. There are ways to get back in, but the worst-case scenario is that you’ll then be forced to reset the password for every account included in your “vault.”
  • Setup and use could be tedious. You might have to get used to using a password manager, which can take a while and some time.
  • Passwords are remembered for you
  • Passwords can be unique and complex
  • Passwords are encrypted

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store