Your password; a hacker’s key to your identity

September 28, 2019

10… 15… 20… How many different accounts do you have online? A better question… how many different passwords do you have online? The best answer to that question is a strong and unique password for each of my accounts.

Your password (with your user ID) is how you confirm your identity to an online service. In general, your user ID will be something simple, an email address, a phone number, an account number, or your name. This means that most anyone can guess your user ID and in many cases it will be the same across multiple sites (email address is a common user ID) or is visible to other users of the service (facebook ID or forum ID). As such, your password needs to be strong, secure and most importantly unique for each site.

There is a saying that goes “a chain is only as strong as it’s weakest link”… and that applies to the protection of your credenitals. If you reuse passwords, think of all of the sites where you are using the same password. We can assume (or not…) that Google or Microsoft won’t get breached… but what if you are using your favorite password at Joe’s Flower Shop so that you can quickly log in and order flowers for birthdays, anniversaries or weddings, etc. Now I am sure that Joe is a great florist, but does he know ecomm security? So what happens when Joe’s website is hacked and his customer database with clear text passwords is recovered by some hacker? What happens when a hacker now has your email address and a password? Is that the same email address and password that you use for your bank? Is that the same as you use for your E-Trade login? Is that the same as you use for gmail?

Password reuse is a common practice. It is hard enough to remember a good password, but then to remember good passwords for all of your online accounts can be impossible, so people fall into the habit of password reuse. Between the rules that many sites require in setting a password (8 characters, number and/or symbols, the 482nd digit of pi, etc.) and the number of accounts you have make password reuse easier than having a unique password for sure; at the end of the day, you either use the same password or a variation on the same password for many different accounts.

Sure, you can write them all down on a piece of paper or keep them in an excel spreadsheet on your computer, but these options will not help you create strong passwords and they won’t help you when you don’t have access to them. Password managers are the best way to address this. There are many different password managers out there, each with their specific pros or cons. The primary feature of a password manager is to simply manage your passwords… kind of one password to rule them all. With this, you only have to rememeber the password to your password manager and then you have access to all of those strong and unique passwords I mentioned you needed above. In addition to having all of your passwords in a central location for easy access, password managers can provide additional functionality such as generating secure passwords for you automatically and changing your passwords on sites automatically. Look around for a password manager that works for you. There are many free ones, give them a try and see if they meet your needs. Maybe the paid versions are more approrpiate as they provide additional features and functionality that you require. The paid versions may have additional fucntionality such as use on multiple devices (phone, computer, tablet, etc.), password security testing or even account compromise where you can be informed if a site that you have credentials on has announced a breach.

Below are some links to some guidance to help you with creating strong and unique passwords

… and some of the password managers that I have used or would recommend. The first three are cloud based tools and have additional features that you may find useful and the last two are not integrated in the cloud but still offer great functionality.