Rock IT

How & why to use a Password Manager for increased Cybersecurity

How & why to use a Password Manager for increased Cybersecurity

Keen followers of this blog will know that we’ve been banging on about the need to use unique passwords for each online account… and before you spit out your coffee in shock because you have 180 online accounts, there’s a key reason for it.

Firstly – your username and password are a combination. Your username is generally your email address (which everyone knows) and a string of characters. If you make that string of passwords something silly like, say, ‘password123’ then the chances of your combination being known is off the charts.

Check out our article on the stupidity of passwords.

So if you’re now keen to use a unique password for each account, here’s a rundown of how to use a Password Manager such as LastPass, Dashlane and 1Password.

What are my password manager options?

  • LastPass. Free to use with the most features (including, importantly, free syncing and two-factor authentication to mobile devices). Going premium costs $2 a month and adds password sharing and priority tech support.
  • Dashlane. Also free to use with pretty much the same features, but you have to pay $3.33 a month for syncing to mobile devices, two-factor authentication, and more.
  • 1Password. Free 30-day free trial, after which you can pay $2.99 a month for a personal account or $4.99 a month for a “family” account that supports five people. You can also buy a single lifetime license for $65.

Where are my passwords right now?

Typically, your passwords are currently in your browser. Chrome, Safari, Firefox and Internet Explorer can all store passwords – they aren’t bad, but they’re just not good enough.

Remember: once you’ve transferred your passwords over, delete them from your browser and stop saving passwords there. This is your password manager’s job now. It’s time to move on.

How can I transfer my passwords in?

Once you’ve found your passwords, you need to get them into your password manager. You have a few different options:

  • Import / export. LastPass and Dashlane let you import passwords from a number of browsers. (1Password doesn’t do this, and it’s very annoying.) This is the easiest way by far to get started. If you’re using a Mac, you might also have your login info stored in Apple’s Keychain application; export your data using the guide here.
  • As you browse. If you don’t want to hand over the keys for everything to your password manager immediately, this is the best option. Just go about your business normally, and when you get the chance to enter a password online, your manager will pop up and ask if you want to save it. However: if you’re perma-logged in to lots of accounts, you’ll need to log out and log back in to upload your passwords this way.
  • Transfer manually. You know how in The Karate Kid the karate kid is forced to do a series of repetitive tasks, only to learn their true value at a later date? Well, this is that part. Each password manager has a clear way to enter new credentials. Get copying.

How do I change all of my passwords so that they’re secure and unique?

This is the worst part, but you’ll only need to do it once. It’s absolutely worth setting aside the time to make this happen.

You’re about to change a lot of passwords!

TOP HINT: USE AUDIT FEATURES TO FIND AND REPLACE WEAK PASSWORDS

LastPass and Dashland both have automatic password-changing tools… however they’re pretty slow and mostly don’t work. Our advice is to do the job manually.

Check out the audit tools available with each product. They’ll tell you which password you’ve used more than once (duplicates) and ones that are weak.

How do I select secure passwords?

Your Password Manager can generate secure passwords for you! Just set a few parameters (such as number of characters, copy and paste).

Yeah but I don’t know the password to some sites anymore

Use the “forgot password” feature of these sites – you’ll get an email to then change your password.

What about sites I don’t go to anymore. Do I need to change those passwords?

Absolutely. You don’t want your old passwords getting around being breached, so you’re best off changing the password. You can choose whether you get your account deleted, but the important thing to do is change that password.

What about Multi-factor authentication (MFA/2FA)?

  1. Set it up for your Password Manager
  2. Check with every service you use if they have MFA/2FA options… then set it up

What next?

That’s it. Keep your Password Manager secure with a unique password AND multi-factor authentication, then use your Password Manager to create unique passwords for each online account you sign up for in the future.

Simples.