Password Management

Don’t Reuse Passwords

Why?

I’ll explain with an example.

In 2012 you create an account on Facebook with your email address and some easy-to-remember password.
You head over to ancestry.com for some family history research and create another account with the same username and password.
A few years pass until in 2015 Ancestry suffers a data break and many of their user login details are stolen.

Because you reused the same password – with the same email – on both services anyone who has your Ancestry details can now go to Facebook.com and login as you!

That’s assuming you haven’t changed your password since. Have you?

 

How likely is it my login details will be stolen?

Very likely. Everyday websites are either hacked or accidentally expose their data to the world. You can see some of the big ones at https://haveibeenpwned.com/. In fact, go there now, enter your email address and see if you’re personal details are already stolen.

 

What can I do about it?

Your first step is to you a different password for every single service you sign up to. This means if your login details are stolen from once service they cannot be used to login to other services.
Ideally, your passwords will be long (12+ characters) and randomly generated.

 

But, how can I remember all those passwords?

There is a type of software and service designed to help with this problem: Password managers.

A password manager is a piece of software you can install on your computer and mobile devices where you enter the username/email and password for all your sites.
Good password managers also integrate with browsers to make logging in much easier.

Believe it or not, the aim is to not even know what most of your passwords are (except the one to get into your password manager).

 

Enter: Some Top Password Managers

The 2 leading password managers I use are:

 

Are Password Managers Safe?

You may think having all your passwords in one place is even riskier than other options. But nothing is guaranteed in security – it’s about assessing levels of risk and taking the best possible option.

A good password manager that is well supported and comes with it’s own security measures (protection against brute force, 2 Factor Authentication, alerts, regional lockouts, etc) is far better than the easily remembered password you keep in you everywhere and keep in your head.