Data breaches happen all the time. As regular users, we have no control over the security of the service providers we choose to engage in and give our data to.
As a security measure, users are always encouraged to change their passwords in the app or on the website after a data breach.
However, many of us reuse the same username and password for different accounts, e.g. Google & Facebook. If your Google account’s username and password is compromised, the hacker is also likely to have access to your Facebook account.
Cybersecurity experts have always recommended the use of complex passwords to prevent brute force attacks.
Hackers employ Brute Force Attacks to guess your password through manual means or using a computer program, eventually gaining access by brute force. We help the hacker do his job well when we use simple passwords like “Password1!” or simple English words like “MyCuteDogMax”. On the other hand, complex passwords are proven to make these Brute Force Attacks too difficult (it could take years!) to execute.
Our brains are not wired to retain all the complex passwords for many accounts we own as a user, rendering this recommendation almost impossible. However, using a password manager helps you to store all your complex passwords in one place, and all you need is to remember the master password to access them.
A good password manager should have the ability to help you generate complex passwords. While password managers like iCloud Keychain and Google Password Manager are conveniently available, they do not have the ability to generate complex passwords. Hackers also do not need additional verification to access them in the event the device is lost. Hence, I do not recommend them.
Here are 3 of the my app recommendations to help you get started on using a password manager:
1. Bitwarden (Free)
Bitwarden is an audited open-source application, meaning that the software codes can be checked and verified by online users for its integrity. It is also recommended by PrivacyTools, an online resource for data privacy.
2. 1Password (Free*)
1Password is one of the pioneers in the password management space. I have been using this app since 2017 and the experience is pleasant so far due to its beautiful interface and ease of use.
Note that the free version can only be synced to iCloud or Dropbox.
3. LastPass (Free*)
LastPass provides password management on one device for its free version and offers multiple device syncing with paid upgrades.
It is an easy app to use if you are looking to manage your passwords on a single device.
I still use LastPass for Business for work-related purposes.
There are many other password manager applications like Firefox Lockwise, RememBear, NordPass etc. You can check them out for their pros and cons. Just go with Bitwarden if you want to get started.
Try any app out with some of your online accounts and see if you like using it before transferring all your passwords.
How to choose my Master Password for my Password Manager?
You need to remember (note: memorize!) your master password. Try using a phrase as a password, an acronym of your favorite song lyrics, or if you are religious, the first few letters of a Bible verse that you memorized.
E.g. Genesis 1:1 In the beginning God created the heavens and the earth.
My Master Password can be: ItbGcth&te.1:1
This is an example of a complex password, comprising of upper and lower case, numbers and symbols. It is also easy to remember since it’s my favorite Bible verse. Do not use this password example! Come up with your own.
Pro Tip:
Do not store your Apple ID password in your password manager. Instead, memorize it together with the master password for your password manager. That makes 2 passwords to remember.
Similarly, for Android users, memorize your Google account password as well as your master password.
Why?
There are a few situations you may find yourself being locked out of your password manager.
Scenario 1: New phone who dis
So, you recently traded your old phone for a new one. Or you have lost your phone and replaced it but do not have another gadget like a laptop or a tablet on hand. Here is what will happen:
Step 1: You set up your new phone, and the phone prompts you to sign in to Apple ID or Google account.
Step 2: You are stuck, unable to log in because the password is stored in the password manager.
Step 3: You are still stuck, because you are unable to download the Password Manager App before you sign in to your Apple ID or Google account.
Step 4: You are locked out of all your apps and online services. You cannot even reset your passwords because you don’t have access to your email.
Scenario 2: Phone misplaced, want to use Find My on Mac to locate the phone (Real scenario that happened to my wife)
Step 1: Wife misplaced iPhone, but thankfully there’s a Macbook to help locate it.
Step 2: Wife goes to Macbook, but she is unable to sign in to Apple ID as the password is stored in the password manager.
Step 3: Wife wants to reset Apple ID, but email passwords are also stored in the password manager.
Step 4: Wife is unable to login to Apple ID to locate phone, unable to reset Apple ID password, causing her to be locked out of all apps and services.
Conclusion
Like your house, consider your Apple ID or Google account password like the steel gate and the password manager like the main door. They both work together hand in hand, and you want to have the keys to both the gate and the door at the same time.
Next post will be on 2FA! Two-factor authentication, which is the brother of a password manager.
Need more help? Feel free to contact me. Keep calm and carry on.