Using a password manager to improve security

      Comments Off on Using a password manager to improve security

Even though I feel that service providers can go a long way to securing data (see prior blog), truly nothing replaces personal responsibility.  You can step up and make your data more secure.  One of the easiest ways is to use a password manager/wallet and generate complex, impossible to guess passwords for every service you use.  By making different ones on every service, any breach in one will not translate to others. 

There are some fairly strong and basic tactics you need to use with passwords that you use on Internet sites.  

  • Use long passwords with numbers and symbols that would take centuries for computers to crack
  • Don’t use the same password on multiple sites
  • Change your passwords routinely

But the barrier to those points above is too much for a human, so you either don’t do them – or use a tool to help manage it.  There are a lot of password managers/wallets/tools.  The one I like is a free one that stores the data in your personal cloud – vs, say, their server.  This allows you to pick the service you like.

I settled on SafeInCloud   (EDIT: since writing this blog, I’ve also adopted LastPass for my teams since I can share folders between us.  Also if you don’t use Dropbox, you can just use LastPass instead as your single source of password management).

NOTE: Windows 10 users should use the version from the Microsoft Store (version 19). If you have an older version, then uninstall and get it from the store.

Setup SafeInCloud on your desktop, laptop, tablet, and/or smartphone.  It then becomes a single place you can store and retrieve complex passwords.  This does make SafeInCloud your single point of failure, so be sure to make the password for it robust and something you can remember.  But all of its data is heavily encrypted, so the actual storage is secure if you have a good password.

Some key features of SafeInCloud are

  • Can generate passwords that are complex (I recommend at least 12 characters, with mixed cases and weird symbols and numbers.  Here is a screenshot of a generator window from SafeInCloud.  Note how it evaluates your passwords if it is less than “centuries” then make it more complicated!  Not like you will have to remember it per site anymore.
  • It integrates into your browser(s) to make getting into websites more convenient.
  • When copy and pasting your passwords, it doesn’t show them on the screen.  (This has come in handy when using a system within eyeshot of someone – or even via a webinar or support call).

One ironic problem is some sites that do not allow pasting of passwords into their screens.  They actually make the site far less secure, because you will not want to use such a complicated password if you have to both remember and type it in.  (Try to complain to those sites to get them to rethink their strategy).