Online scammers work 7x24x365 and the COVID-19 crisis has them working overtime. In fact, the FBI recently posted a bulletin about the increased risks. One of the easiest ways to protect yourself is to implement a complex and different password for each website you visit.
Many people still use a common password for online accounts. While this helps you remember credentials, it is an invitation for criminals to cause major problems. Passwords are stolen all the time and not just from the user. Let’s assume you are 100% perfect at avoiding phishing attempts, which probably won’t last forever (all of us can be tricked at some point). But even if you never make a mistake, how do you know that EVERY website and online service you use are 100% safe? You cannot. If just one of those sites gets compromised and you’re using a common password, then all your accounts are at risk.
Fortunately password management applications are easy to use, while allowing you to have complex and different passwords for each site. LastPass, Dashlane, Keeper, and RoboForm are a few of the many choices available. All password managers perform generally the same duties:
- They store your passwords in a “vault”
- They require a single “master password” that you create
- They allow you to generate a complex and distinct password for each website
Each of these products have free versions, allowing you to try them at no risk. The simplest way to do that is to choose a password manager and use it with a website that is not critical to you. All of us have old email accounts still active, or accounts with a media site, or an online retailer that you’ve only used once before. Once you install the password manager, you simply go to that old website and initiate a password change. It will likely ask for your old password, and then the password manager can generate a new one for you. Most of my passwords have at least 16 characters, including upper and lower case letters and symbols, making it very difficult for a criminal to unscramble. Each of my passwords is different from the other, so I don’t risk having one compromised password affect my other accounts. Most password managers have mobile apps, two-factor authentication and other features that offer additional value to the user.
At minimum, you should turn on two-factor authentication on your password manager. In order for someone then to access your password app, the person must have something you know (your master password) AND something you have (your mobile phone with a security code). This makes it virtually impossible to guess and extremely difficult to hack! Our team is holding a live training session on 2FA and password management on June 4 if you’re interested in going deeper.
Like all software, a password manager could be exploited and therefore put your data at risk. For me, the risk of that happening is very low and the benefits of using a password manager are very high. Moreover, it’s MUCH better than using the same password for each site or saving passwords in your browser or posting them on sticky notes to your monitor. Using a password manager is far less risky than not using one.