[SecurityNews] Use a password manager
In the last [SecurityNews] article, we had a look at why Passwords are your enemy and why you should use two-factor authentication instead. In this article, we look at how to use passwords better.
Passwords are a poor choice for security, but they are easy for developers to code, and people understand how to use them.
For these reasons, many websites (Steemit included!) still use passwords as their sole form of security. (Cryptocurrencies have some legitimate technical excuses though...)
Therefore, we are stuck here, using passwords for many websites. What can you do?
The best option is to use a password manager, which creates and stores your passwords for you. Password managers automatically produce very, very secure passwords (like my 100-character-long, randomly-generated Amazon password!) and fill out websites with it when you visit. Password Managers usually come as browser plugins or apps.
With them, even you do not know your password. That's a good thing.
I use LastPass, but I have also heard great things about 1Password.
FYI, that's a referral link for LastPass, but it only gives me free premium, no kickback.
Setting up these password managers is a little bit of a pain, and it means you have to install it on all your computers, phones and tablets. If you don't, you can't easily copy your long, random passwords from your computer to your phone (at least, not securely).
Once you have done that, these password managers often fill in your password on your sites.
One major tip for using these password managers - do not have them "remember" your login to them. I log into LastPass every time I boot up, for two reasons. First, if anyone accesses my computer and guesses my computer password, I do not want them to get everything else. Second, it allows me to remember my password for LastPass, which should be complex but memorable.
You can also store secured notes (i.e. for login keys that aren't passwords) and credit card information.
One downside is that it provides a single point for attackers to target. If someone gets your LastPass/1Password account, they get everything else! That said, these tools have good security (although problems have occurred in the past), and it is still better than having bad passwords everywhere.
If you are overly security conscious, you can also get offline applications that run only on your computer. This provides an extra level of protection at the cost of convenience.
Thank you for reading! Please help us out by spreading the word and sharing this with one friend or on social media.
I've just released a new blog in this series... should you write down your passwords? Find out here!