Let’s talk about security. I’m sure the majority of you have a bunch of keys that you carry around with you on a daily basis. Maybe one for the house, the car, possibly the office. Maybe a bunch of smaller keys for garages, sheds, gates, padlocks, etc. Now imagine instead of all of those keys, you had only one key. Great, you might think, now I only have to worry about remembering one of them. Now imagine someone stole that key, copied it, and had access to every item that was previously secured by that key. Your house, office, garage, shed, gates, padlocks… Not sounding so great now is it?
That’s effectively what you’re doing if you have only one password for all your online accounts. Only it’s worse than that, if you lost a ‘master’ key, there’s a good chance it just gets lost with nothing to tie it back to the locations it protects. This is not the case with a password; a password is normally linked to your identity with some sort of username. Now, this username may be different for every service online you use, but it isn’t is it? Thought not. So having your password stolen is a bit like having your master key stolen, only you’ve attached it to a long list of the locations it will unlock!
Have I scared you yet? If the answer is yes, then good. It’s time for you to sort it out, time for you to change your passwords. Time for you to setup a unique password for every online account you use. Time to make these passwords as secure as they possibly can be. That means generating as many characters as the service will allow, and using letters, numbers, and symbols in the password. Something like this is a good example:
Now, that is a secure password, but must only be used for one of your accounts. The next account must use a totally different password, and that password cannot be a derivative of the first password. So something like this would be another good example:
You must continue like this for every online account you have. This is a massive step to improving your online security. It makes your passwords impossible for anyone to guess, and very difficult for anyone to hack.
Evidentially, just changing all your passwords to unique, securely generated passwords like those above isn’t a convenient solution. If they’re impossible to guess, they’re definitely going to be impossible to remember. Fortunately the tech world has come up with a solution for this. Enter, the password manager.
A password manager is an App which lives on your laptop, or your tablet or phone and stores these passwords for you. Most of them will generate the passwords for you too (the examples above were generated by my password manager.) These password managers won’t change the passwords on your account for you, you have to do that manually, but once they know the passwords (and usernames) for your accounts, they will automatically enter your login details for you whenever you visit the site. Meaning you can have your cake, and eat it!
There are lots of password managers to choose from, I use 1Password and I would recommend it to anyone but plenty of others are available. It may seem like a bit much to pay for, but honestly, the peace of mind it brings is worth 10x the cost of the software. There are lots more things you can use a secure password manager for too, like saving your payment card details, or storing things like passport numbers or driving licence details.
That being said, security ‘experts’ are split when it comes to password managers. It’s undeniable that having a unique and securely generated password for each account increases your security online immeasurably. However, password managers all require one ‘master’ password in order to secure the data within the apps, e.g. all your other passwords. This clearly represents a single point of failure, in that you must be incredibly careful with the security of that master password. However, the general consensus is that (providing the master password itself is unique and secure) you are much less likely to divulge that password to anyone, than for one of the online services you login to to be compromised, and thus using a password manager for secure password generation and storage still represents a great benefit to you.
I’ve lost count of the number of friends and family who’ve suffered password compromises in the past. Some of these have lead to identity theft, some have lead to significant financial loss. Some have just lead to embarrassing spam posted on social media, but all could have been prevented. For an example of how bad it can get, check out the story of Mat Honan, a technology journalist who suffered severely due to a lack of online security.
If, by writing this post, I inspire just one person to start using a password manager and change all their passwords today then this will have been an hour of my life well spent.
A footnote: You should know, passwords are inherently insecure, they all represent a single point of failure for at least one account and it’s becoming increasingly evident that we can’t always rely on our online services to store the passwords securely. That doesn’t mean you shouldn’t follow my advice in this article, you should. But you should also investigate two factor authentication and enable it on every account that supports it for even better security.