We previously discussed how to make a strong password, but how often do you reuse your password? We all have online accounts for banking, school, Netflix, work, and personal email, so it is easy to consider reusing the same password for all of them. Unfortunately, if one of your reused passwords becomes compromised, then all related accounts are at risk. The correct solution to the problem is to create separate passwords for each account, but the true question is how do you keep track of them all?
No, do not write them on a sticky note on your desk. Do not create variants of your password by adding numbers on the end. Instead, consider using a password vault!
Here’s how they work: You register an account with the password vault service and install their add-on into your internet browser. When you go to the website and log in, it will pop up and ask if you want to save the password in your vault. You confirm, give it a descriptive name, and save. Next time you visit the site, it automatically recalls the correct password and makes it faster to log in.
You may wonder how safe and secure this method is. The solid password vaults provide the option to use two-factor authentication (2FA). You start by making the strongest, unique, and unforgettable password you can possibly imagine, and you use it to lock your vault. The service uses this master password to encrypt your vault. Next, it will ask you to provide a cell phone number or alternative email address as the 2FA method. When you log into your vault and enter your master password, the service sends you a code or keypress command via text message, phone call, smartphone app, or email to your alternative email address. Once you respond to this 2FA message or notification, then your vault opens up. This acts as your fail-safe in case your master password were ever to be compromised. In fact, if you ever get the 2FA message, but you were not actively logging into your password vault, then that is a pretty good indication that it is time to reset your master password!
There are several password vault services available with free and paid models, with the latter providing extra bells and whistles, or a removal of stored password limits. Two strong recommendations are LastPass and Dashlane. If you see a benefit for a password vault in your company, there are even plans where corporate accounts may be set up with options for administrators to reset passwords and to share common entries securely with other employees.
This blog post is meant as a primer. Read up on the services available and get familiar with how they work. If you would like to learn more about how to incorporate password vaults into your online life or you want to vet which service will fit your needs best, feel free to reach out to us at 303-757-0779!