Why so many passwords?!login-570317_1920

According to Gizmodo, the 5 most popular passwords last year were:

1. 123456 (Unchanged from 2014)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)

If you’re using any of the above passwords, STOP WHAT YOU’RE DOING AND GO CHANGE YOUR PASSWORD IMMEDIATELY (Well, immediately after reading this article).

Although the problem may seem mundane in nature, it can start small and snowball into something much more serious whether it’s identity thedata-1590455_1920ft, hijacked email, actual bank theft or any other number of bad scenarios.  For example, let’s say your password for your primary email is one of the bad ones from above.  Someone could reset your email where you no longer have access to it, then (depending on the bank) contact your bank and have your bank account password reset, then have complete access to your bank accounts.  This is a little extreme of an example as most banks employ what’s called multi-factor authentication, but the underlying concepts remain the same; you can be in serious trouble with a simple password!

So for the sake of argument, we’ll say you’ve updated your password where it isn’t 123456 or password, but now you’re using starwars every time you need a password setup.  Now if someone malicious knows that 1 password, they can log into all of your sites and run amok with your digital footprint.

So what’s all this talk of a password manager?

road-sign-579554_1920

A password manager is a great way to get around all these problems.  It installs in your browser (Chrome, Firefox, IE) and allows you to capture a unique password for every website or app.  Not only that, it automatically generates the password for you as a random sequence of characters, so instead of your password being starwars, it would be z!*XY32Hj5*Y.  Good luck trying to guess that!  On top of that, it saves you the time of having to type in your password EVERY, SINGLE, TIME you goto a website where you have to log in by pre-filling the username and password fields for you.

Ok, ok, that sounds great! But are there any drawbacks?

Well, wouldn’t it be great if there were a tool that worked perfectly every time?  Yes, and I also wish I could breath underwater without scuba gear and flypassword-866979_1920 like a bird.  I say this facetiously because the reality of the world of online security is that no single solution is perfect — you work with the best tools you can to minimize your risk as close to 0 as possible.

The drawback is that you have 1 single master password that’s stored with a service like LastPass.  You need to be proactive with changing your master password as this is probably the weakest link.  Make sure your master password has symbols, numbers, upper and lower case letters.  Ideally, you don’t even use a dictionary word and instead create a sentence you can remember and pick the first letter of each word.  For example, your sentence could be I really enjoyed the 2 trips to Mount Rushmore last year!  This would be abbreviated as Iret2ttMRly!  Now that’s a little harder to guess than 12345! 🙂

Overall Recommendation

Overall we still recommend using a password manager.  Even if the password manager software identifies a security flaw, they are typically patching it within a day or hours.  If you need NSA type of security, this article doesn’t apply to you, but for the rest of the entire population, password managers are a great stopgap for simplifying life and keeping you more secure.

Products on the Market

We find this to be such a useful topic that we previously provided a couple recommendations.  Please see our earlier post on Heartbleed if you’re interested in setting up a password manager.