Welcome! Quick question, do you have a secure password? And I mean, like, a REALLY secure password? The kind that’s so secure that even if you wrote it down, it’d still look like a complete mess and you’d feel unsure about re-typing it out. If not, you’re part of the over 70% of people on this planet.
You might ask, “Why do I even need a secure password?” and you might know the answer. Well, you definitely know the answer, but your brain will tell you that it’s hard to remember a strong password. But in a way, that’s the point. When I started using the internet, it was all pet names and the number 1, but now I know that, that is just silly and is a great way to get hacked. Then again, is it really hacking if you’re just guessing a really bad password? ANYWAY.
How can I not get hacked?
The answer is simple: A strong password. But the solution is likely going to be a password manager. “Why do I need a password manager?” you might say. And I’ll tell you, “Because you can’t remember you password.” But there’s other perks to using a password manager!
“What is the best Password Manager?”
1Password is regarded as one of the best password managers available. It has everything you’ll need and things you might not think you need. There’s never been a breach and the User Interface is quite beautiful. You can setup keys, create strong passwords, monitor the security of those passwords and more!
They also have a Bug Bounty, meaning any team that successfully hacked 1Password somehow, they’d likely get a hefty pay-out for just telling them. You can read more about their bug bounty program here.
It’s great. But it is $2.99 a month and though it’s not necessarily a lot of money. You could probably spend it on a nice bag of Haribo’s. But can you really put a price on security?
Option Two
If 1Password doesn’t convince you, there’s Bitwarden! It doesn’t have all the bells and whistles of the one above, but it has what you need. Not only that, but it’s affordable and Open Source! Meaning if you’re either a little tech savy or have a NAS, you can have your own Bitwarden installation span up, so you truly own your data! If you want to pay, it’ll cost as little as $1 a month, billed at $10 a year. Which is probably about 3 bags of Haribo’s.
JUST AVOID THESE.
Password Managers are amazing, until they’re not. Here are some to avoid.
LastPass: It was hacked in once in 2015, then 2017, then 2022 and a second time in 2022. They have a tendency of making light of the situation and the data that was exposed. If I were you, I’d stay as far as humanly possible away from them.
Onelogin: They were hacked in 2017, the access they got was as followed: database tables that contain information about users, apps, and various types of keys. They also gained access to ‘Secure Notes’ which, funnily enough, were stored in plain text (not secure). All of this is really bad.
Passwords aren’t enough…
Passwords are great, but sometimes they’re not enough, when possible, enable Two Factor Authentication (2FA). It can add an extra step of inconvenience, but it can be worth it, especially on something as important as your phone service account, for example. I’d also avoid SMS 2FA when possible, it’s bean possible to spoof your phone number for years, so if someone has your username, password and phone number, they’d have access to your account. If you’re not using 1Passwords 2FA, you can use a cool 2FA like 2FAS, it’s great and links to your browser so you can do less. It’s also Open Source, like Bitwarden.
Use a Key: If you have something really sensitive and you’re absolutely committed to security, you can use something like a Yubikey, with a Yubikey you can store keys within a little device and you can only login with that key. This has pro’s and con’s. The pro being that you’ll be as secure as possible and the con being if you lose it, you’ll lose access to whatever is on it also. Most times you’ll get recovery codes, so just make sure you keep hold of those somewhere safe, maybe print them off and put them in a safe.
In Conclusion…
You should use a Password Manager. If you don’t currently have one, you should try a website like Have I Been pwned, they keep up to date on platforms and their data breaches. They’ll let you know which websites have exposed that email, as well as when it was exposed and the reason behind it. With this information, you can be pro-active and resolve it.
Stay safe on the internet, it’s a deep, scary place and there are lots of malicious people.