If you’ve ever been hacked, or one of your accounts have been hacked, you’ll know just how important having strong passwords really is to your online businesses.
In today’s day and age, hacking has become a part of online life, and if you’re not doing everything you can to improve your security online, you’re setting yourself up for failure….quickly. If you don’t believe me, take a look at this Ars Technica article dubbed Anatomy of a Hack
WordPress Setup Passwords
Let’s take your blog – doesn’t have to be WordPress really, it could be any blog platform out there. If you set one up yourself, you have your username/password for the blog itself, a username and password for the database setup and a username and password for your hosting provider. If you’re using the standard username “admin” for WordPress, you’ve already endangered yourself. I’d recommend not even using your first name + last name or any variation of that and initials. Make your username something not really guessable by anyone who’s just looking at your “Author Name”. Next, you need a password that is utter gibberish. What does that mean? Basically, there’s no words, no guessable phrases, no patterns you use when creating your rememberable passwords…you need something that YOU CAN’T REMEMBER!
Here’s a perfect example of passwords that are GREAT passwords from Steve Gibson over at GRC (fantastic resource for everything related to digital security):
Strong Password Generator
Whoa whoa whoa….if I can’t remember it, then what in the world am I going to do?! Well, first, please, do NOT save it in notepad or some other text editor. People can get into those and really turn your world upside down. So here’s where I tell you what you need…
Password Managers
This is where it all comes together. You NEED a password manager. Personally, I don’t even believe this is optional nowadays. This is a necessity. If you are going to be doing anything online, at all, then you need to get a password manager. Generally speaking, a password manager allows you to create ONE password, EVER, and that’s the only one you should ever try to remember. The rest of your passwords are locked away in the password manager vault, and in order to log in anywhere, you first log into your vault, and then you retrieve your usernames and passwords from the vault to plug into the various sites you visit on the web.
So then, what do I recommend?
LastPass Password Manager
LastPass is the password manager I use and recommend. Why? Well, because people who’s jobs it is to research the ever living hooey out of things have tested a ton of platforms out there have deemed this to be one of the best. Going back to Mr. Steve Gibson mentioned above, he did a whole podcast on Security Now with Leo Laporte on why he likes LastPass so much. If you want all the technical jargon to go along with it, here’s a link to the transcript plus the podcast if you want to give it a read/listen:
Steve Gibson’s In Depth Review of LastPass
I have to admit, being that this is an online service where your passwords are stored “in the cloud”, I was a little apprehensive at first, but after reading about the measures they take for securing your data, I really was convinced that this is the best possible solution available. The primary thing that sold me is this – you can’t recover your password….I know….you’re probably saying, “What?! What if I forget my password?!”. Well, in short, you’re screwed. You can kiss that vault goodbye. And why is that a selling point to me?! LastPass doesn’t store your password! They have NO IDEA what your password actually was when you set it! That is PHENOMENAL! Again, this is a double-edged sword. If you don’t remember your password, you will not be accessing that data ever again. On the positive site, you can rest assured nobody will be getting to your data either. It’s really a beautiful thing. Also, all your data is encrypted on the server so nobody can peek inside your files. Your password is the only key that will unlock those files and without your EXACT password, nobody can get into it.
Now, the primary reason I also recommend LastPass (over the other I will mention below) is because while it’s inconvenient to a degree (all things secure are), it’s probably the MOST convenient solution once you’ve actually logged in! First of all, for web access, it’s completely FREE. Yeah, it’s nuts. There are plugins for just about every browser on the market, and once you’ve logged into your vault, logging into all the sites in your vault is a breeze. The plugins make LastPass just incredible for those who utilize it. Now, if you have a smartphone, you can log in via the website just like you would on a computer to retrieve your passwords, or, if you want a more convenient, and full-featured way of accessing/managing your vault on your smartphone, you can sign up for the Premium subscription ($12/year) and you can download an app for literally all the major platforms – Apple’s iOS, Google Android, Windows Phone, etc. They’ve got you covered. Personally I opted for the $12/year plan – it’s incredible and literally makes it to where I never have to remember a password for a site again – just my one MAIN password.
Another great perk to LastPass is it’s completely platform agnostic because there’s a web interface. This works as well on Windows as it does on Mac OSX, Linux, etc. It’s truly cross platform, and with the addition of the smartphone apps, it really is the best cross-platform password manager I know of. There are a ton of other great features of LastPass that I won’t go into here because this article will never end, but needless to say, I’m a huge fan.
Check out the LastPass site here.
KeePass Password Manager
So an alternative to LastPass, that I was using for quite a while, is KeePass. KeePass is open source, which is fantastic because you can literally look at the source code to see what the developers have done to create a protected vault. The features in the Windows version of the software is absolutely fantastic, but if you switch over to other platforms such as Mac or Linux, things vary greatly from one to another. Even the mobile versions of the software vary greatly across platforms, so you don’t get a unified approach on any. The Windows version, by far, is the most polished. If you’ll only ever be working on Windows, this is a decent solution and one you’ll likely be happy with.
To touch on the other reason I chose to go to LastPass rather than stay on KeePass is that KeePass is not set up to be shared. KeePass vaults are set up to be saved on the local computer where the vault is created. Now that doesn’t mean that you can put copies on multiple computers, or even put it up in DropBox and share it that way, but then you run the risk of having various versions of your vault floating around all over the place which can become quite the security risk itself. Granted, I’m a fan of DropBox, but I can’t really assume that they’re taking the same level of precautions with files on DropBox that LastPass is, especially considering LastPass’s whole business revolves around securing information, whereas DropBox is providing storage as a convenience.
Check out KeePass here.
Password Managers are only as Good as Your PRIMARY Password
So what does that really mean?
- You need a password that is LONG (think at least 20+ characters)
- Your password needs to have numbers, letters (upper and lower) and a couple of special characters
- Your password needs to be a little inconvenient (even for you) to type in
- YOU ONLY NEED ONE!!! MAKE IT GREAT
Even though I’m using LastPass, my password is still very long, and a bit of a pain in the butt to type in, especially on my smartphone. But seriously, what is the price of convenience?! Once I enter my password, logging into sites is a relative breeze, and I can rest easy knowing that my data is more secure than it’s ever been in the past.
Wrapping Up
It really doesn’t take long before you become overwhelmed with credentials you need to keep track of to log into your various websites. Not only can you simplify your life with a good password manager, but you can also protect your information. What prompted me to write this? I’m fed up with having to worry about accounts being hacked or breached. If you don’t know what I’m talking about, check out the latest breach where Adobe accounts were hacked. LastPass the company was kind enough to take the exposed list and wrap an application around it to let you know if you were one of the unlucky ones who was compromised…what might really blow your mind is if you plug in your email address, you’ll find out just how many people share the same password you were using! A little unnerving to say the least.
See if your Adobe Account was Hacked here (Link to LastPass’s site)
So again, don’t put this off. This might be the most important thing you do. It’s not just a utility for utility’s sake, it’s needed, and the sooner you get it, the better off you’ll be.