Why Password Managers Are Key
OR...I Forgot What I Forgot
While certain password managers have recently suffered corporate side breaches, don’t let it dissuade you from them. Password managers can make your digital life easier and more secure.
If breaches and the dark web doesn’t scare you, try this. Most new computers can crack weak passwords in seconds. With the advent of Artificial Intelligence (AI), passwords are in the cross hairs. No there isn’t a group of people just brute forcing passwords unless they are directly targeting you. Hackers are like electricity. They prefer to find the path of least resistance.
Gary McKinnon was able to access NASA computers using a default user name and a blank password. This was a huge policy failure by the United States government. You, however, are smarter than that. But, I bet your passwords are similar.
Your main password is the same as it was years ago. It’s a six letter word, upper case because it has to be, with a number and exclamation point at the end. Oh, I know. You only change the number or special character when forced to.
BitLocker is Microsoft’s hard drive encryption tool, the one that’s supposed to protect your data if your laptop is stolen. I bet I can guess nearly every BitLocker password out there. It’s B1tL0ck3r, isn’t it? If I’m even in the ballpark, it’s time to change it.
Why Password Managers?
You need to keep track of the dozens of passwords, and each one must be different. Password managers are the answer. Some say password managers are bad because they have all your passwords in a single place with a single password. Not exactly. The database file is encrypted with my master password or another secret key, and access requires Multifactor Authentication (MFA).
What do I recommend? I don’t make recommendations as I refuse to be used as a pawn for someone’s marketing campaign, if i can avoid it. There are several but the one you choose MUST use MFA and have a very stringent recovery process for master passwords unlike your bank.
The one I use will send my phone a request when I log in with my 18-character password. I go a step further and force the authenticator app to verify my fingerprint on the phone. I then repeat a Fibonacci sequence, give Plank’s Constant, and repeat pi to 20 places. You can never be too careful.
How Password Managers Work
Password managers’ sole purpose is record keeping and visibility for YOU. Many include warnings if you’re using the SAME password everywhere or the complexity is simple. Some will cross-reference known breaches and warn you if your email address or phone number was believed to be compromised. Why is all this important?
If you have a password you haven’t changed in 2 years, it is already compromised by a breach. That means someone is using an AI-driven tool, attempting to login all over the Internet with your email and password. If you have the same password, they will be successful eventually. I had my Instacart account hacked with an old password because I thought I had closed that account. Guess what, Instacart had left my account open in case I later changed my mind. Riiiight.
Fighting The Machine
Humanity isn’t using AI to cure cancer, map genomes, or save the planet from cosmic rays, they’re using AI to buy liquor online in Brooklyn. I know multiple people who have lost money due to bank login hacks. The bank refused to help and the user had to PROVE it wasn’t them.
I have a computer that can try over a million passwords per second! And this one is already behind. Outside of the National Security Agency (NSA) supercomputer, apparently working in a different dimension, a 12 character password cannot be cracked in years, let alone 3 months, but Moore’s Law says every 18 months technology doubles and it’s been consistent. So, sooner or later, the passwords will not be long enough. With AI building psychological profiles to better guess your passwords, it could be sooner. (Read about it here)
And there really isn’t a quantum computer – that’s a misnomer – I’ll have another post on those since they are sooooo misunderstood. It’s probably the biggest lie in the history of computing when these computer vendors kept saying “pre-order your quantum computer today”. LIES!
Catholic Grandma-Level Guilt
Password managers can guilt you into changing poor and stale passwords. Good ones force complexity. Longer passwords are better than complex ones (read our Password Intervention article here). But, they also integrate into your computer to make online logins easier and more secure.
The best aspect of a Password Managers is it sits on the computer and smartphone and, when properly authenticated, can autofill your logins when you go to your bank’s website. I don’t recommend autofill if you have any other people accessing your computer.
Web Browsers Are NOT Password Managers
“But, Mr. Hacker,” you say. “My web browser autofills my username and password. I don’t need a Password Manager.”
OK. But it’s not protecting your passwords, only allowing direct access for anyone to see. Don’t believe me, look for yourself. Go to the following locations based on the browser below. If you not using one of these browsers, fine. I can still probably steal your password file and decrypt it.
Microsoft Edge – In the upper right corner of Microsoft Edge, click the three dots, and choose to Settings. Go under Passwords and click the little eye to see your passwords in plain text. Yes, you do have to enter your computer login, but how secure is that?
Google Chrome – In the upper right corner of Google Chrome, click the three dots, and choose Settings. No, really, it’s the same exact place. Go under Autofill, then Password Manager. Uh huh. There they are in plain text.
Mozilla Firefox – In the upper right corner of Mozilla Firefox, click the three bars (instead of dots) and choose Settings. Click Privacy and Security, then click Saved Passwords.
Apple Safari – Settings, Passwords, and there are the logins for your bank, retirement account, OnlyFans, and Star Wars Fan Club.
When we talk in a few weeks about securing your computer and phone, I’ll show you how to protect your computer and smartphone.
Password Managers are soooo much easier than sticky notes and day planners. Sure, they’re all in one place, but, if privacy really is dead, all we can do is stay ahead of breaches. In this age of constantly failing corporate IT policy, assume the breach is inevitable. When, not if, the breach occurs, you only have to change one password, not 100. That’s why Password Managers are key.
Reach out to us! We’re all in this together. Visit our contact page to submit an inquiry. Also, please follow us on social media for the latest updates.