Dear Rich Lifer,
Black Friday is the single biggest shopping day of the year and with more people than ever shopping online, security can be a major concern for shoppers.
It wasn’t too long ago that we experienced the largest security breach in the history of the Internet.
In October 2017, Yahoo! confirmed that 3 billion of its user accounts were hacked.
Names, email addresses, telephone numbers, encrypted and unencrypted security questions and answers, dates of birth, and hashed passwords were all compromised.
The hack occurred on two separate occasions: the first, around August, 2013 affecting over 1 billion Yahoo! users; and the second, sometime in late September, 2014 affecting 500 million user accounts.
According to Yahoo!, the 2014 breach was carried out by a “state-sponsored actor” and the organization claims that such “intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry.”
Because of how late both data breaches were disclosed to the public and to its users, Yahoo! is currently facing several lawsuits as well as investigation by members of the United States Congress.
The scary part about the whole thing is what kind of damage these criminals are doing with all this data.
Even if they got their hands on just one of your passwords, it can spell disaster. A Virginia Tech study, found that over 50 percent of people reuse the same password across multiple accounts.
If one of your accounts is compromised, hackers can usually access all your accounts. The average Internet user, has approximately 100 different logins that utilize the same email address. If hackers were ever to get a hold of your email password, you’d be in big trouble.
But with all the different accounts and required logins across the web, how is it possible for anyone to remember multiple strong passwords?
Meet Password Managers
Like the name suggests, a password manager’s job is to create, store and recall passwords for you. Think of them like a vault for all your different account logins that can be accessed through one “master” password.
A lot of password managers are websites and apps, so you have access to all your passwords regardless of the device you’re on.
The most popular password managers to date are: Dashlane, 1 Password, Last Pass, BitWarden, Keeper, RoboForm, and ZOHO Vault, to name a few. Generally, they’re free to start and some offer paid subscriptions with additional security features.
How Password Managers Work
The learning curve of going from writing down all your logins and passwords inside a notebook, to saving all this information inside a digital vault, might seem intimidating. But don’t worry, it’s relatively painless once you get setup.
For most password managers, you create an account by providing your name, email address and a “master” password that gives you access to your digital vault. This is the one and only password you’ll need to remember forever now.
Once inside, you’ll probably see familiar logos for popular brands on the web, including Amazon, Netflix, Facebook, Gmail, eBay, and so on. You can also call up your favorite site or bank or any other place you frequent online that you need a password to use.
Tap on one of the logos, and you’ll be prompted to enter your username and password for that site. For example, if you want to save your Facebook login inside your password manager, you’d click the Facebook logo and when it prompts you, fill in your regular Facebook login. After you’ve finished, your Facebook login and password are now saved inside the vault.
Next time you need to remember your Facebook password, you can either login to your digital vault using your master password then search for your Facebook account credentials and copy and paste that info into the Facebook form. Or, most password managers offer web browser plugins that auto-fill website forms for you with the tap of a button – all you have to do is unlock your vault by providing your master password.
How password managers are able to do all this is through the “cloud” online. Which means, you can access your digital vault from any device, anywhere, and all your passwords will sync across your devices. So if you change a website login on your phone, your desktop should update as well.
Are Password Managers Safe?
You must be wondering whether or not all this is safe?
For every website or app password you store inside the vault, you can choose to require your master password only or your master password and a PIN code or fingerprint (on a mobile phone or tablet) for “two-factor authentication.”
But what if your phone or laptop is lost or stolen? Couldn’t someone access all your passwords if they figure out your master password?
They’d also need to figure out your phone or laptop password to gain access to your device, then guess your master password correctly. This would be highly unlikely to ever happen.
Another important feature password managers offer is password generation. When you need to create a new login for a website, your password manager will offer to generate strong passwords for you. The strong password will be saved inside your vault and make it really hard for hackers to access multiple accounts.
So instead of having all your accounts using the same password, you now have different strong passwords across multiple websites.
Also, all your passwords are encrypted with Secure Sockets Layer (SSL) and AES-256, the strongest grade of encryption available (banks use 128- or 256-bit encryption).
So, to answer the question, yes, password managers are safe!
How to Get Started
If you’re interested in using a password manager, (which I hope you are) then check out some of the links above or search online for “password managers.” Like I said, most are free to start and offer paid upgrades.
The risk-reward here is obvious. The pain and hassle of trying to organize multiple passwords and logins versus having one, secure password manager that does it all for you is a no brainer.
To a richer life,