Tips on How to Implement a Healthy Password Management Approach
If you're like most people, you have dozens of online accounts that require passwords. And if you're like most people, you probably use the same password for multiple accounts. This is a really bad idea, since if one of your accounts is compromised, the hacker could try getting into your other accounts using the same password.
A better solution is to use a password manager to create and store strong passwords. But which password manager should you choose? And what about if the vendor is compromised? There are lots of options out there, and it can be hard to decide which one is right for you personally or for your organization.
The intention within this post is not to compare popular options like 1Password, Bitwarden, etc - but instead I will share a few hints about how the whole password aspect can be managed in fairly easy and secure way.
So read on to find out more!
1. Use password managers to keep track of all your passwords of the bat
This should be a no brainer. If you have multiple online accounts, it's a good idea to use a password manager to keep track of all your passwords. This way, you only have to remember one master password, and the password manager will fill in the rest for you. There are many different password managers available, so it's important to build an easy-to-follow playbook that can address unexpected scenarios like the cloud-based password manager vendor was compromised.
Note: There are many password managers available, so it's important to use verified vendors. Make sure that the vendor you choose has a good reputation and has been verified by third-party security experts!
2. Use masked email addresses and fake names for all the websites that don't require your real identity
Many websites someone is using don't require your real identity, such as forums, social media websites, and gaming websites. For these types of websites and not only that, it's a clever idea to use a masked email address and a fake name. This way, even if the website is hacked, your real identity will remain safe.
To create a masked email address, you can use a service like Albine, DuckDuckGo or Mozilla. Just create a new email address with a random string of characters, and then use that email address to sign up for the website. Any emails sent to that address will be automatically forwarded to your real email address, so you'll still be able to see them.
As for a fake name, you can just use a made-up name or a pseudonym. If you opt in for the next level, then you can even use a different fake name for each website. It might sound complicated, but it is easier than it looks.
3. Create strong passwords that are difficult to guess
One of the most important aspects of password management is creating strong passwords that are difficult to guess. A good password should be at least 20-25 characters long and include a mix of uppercase letters, lowercase letters, numbers, and symbols, or a long paraphrase. It's also a good idea to use a different password for each account. Again, this might seem like a lot of work, but it's worth it to keep your accounts safe. If you're having trouble coming up with strong passwords, every single password manager on this planet has a password generator embedded and free to use.
4. Change your passwords often for sensitive websites
领英推荐
Even if you have a strong password, it's important to change it regularly, especially for sensitive websites like your bank or personal email account. Many experts recommend changing your passwords every 3-6 months. You can also set up a password manager to automatically change your passwords for you on a schedule.
5. Don't use the same password for multiple accounts
This is one of the most important password management tips. Using the same password for multiple accounts is a bad idea because if one account is hacked, all your other accounts might be vulnerable as well, not taking under consideration the additional effort and stress of changing the password for all the rest of the accounts sharing the same password.
6. Always use two-factor authentication with YubiKeys
Two-factor authentication (2FA) is an additional layer of security that requires you to enter a second piece of information, such as a code from your phone, in addition to your password. YubiKeys are hardware devices that can be used for 2FA. They're more secure than using a code from your phone because they can't be hacked like your phone can. Plus, if you lose your YubiKey, you can just get a new one and revoke the lost key.
7. Beware of phishing attacks
Phishing attacks are a type of online scam where threat actors pose as a legitimate company or website in order to trick you into giving them your personal information, such as your passwords or credit card numbers. They typically use email or text messages, and they might even create fake websites that look identical to the real thing.
Even the best can get played. If you get an email or text message from senders that you're not expecting / don't know, or mimic actions you haven't done, avoid clicking on any links, enter any information, or respond. Instead, follow your inner common sense, or your organization action plan for phishing class attempts.
Conclusions
So, what's the best password manager? It depends on your needs. If you're looking for a password manager that is easy to use and that has a lot of features, then 1Password would be a good choice. But if you're looking for something more secure, then Bitwarden might be a better option. And if you're worried about security breaches at the password manager vendor level, then you can always create your own passwords using a tool like KeePass or Dashlane.
And if you're ever worried about the security of your data, don't forget that you can always export your passwords to a different provider or even print them out. Actually, I know someone who's keep his passwords in a notebook, via a clever approach. He is using a substitution cypher in which letters were replaced by letters some fixed number of positions down the alphabet, the same as Romans did in the old days to exchange sensitive messages.
Furthermore:
Anyways, whichever password manager you choose, make sure to set up two-factor authentication excluding the SMS and Phone calls from the equation, and keep your master password safe and secret! :)