Password Managers: Easy, Smart, Essential

You are so proud of yourself.

 You should be. You’ve finally managed to keep one New Year’s Resolution. You’ve taken the time out of your busy schedule to implement all the password hygiene tips we at My MacDaddy have advocated for years. Your 2017 password strategy now reads like a litany of security nerd affirmations:

“My passwords are stored in a safe place.”

 

 “I change my passwords frequently and make them hard to guess.”

 “I never reuse my passwords, so if one of my accounts is compromised, the damage is minimal.”

 Just as you slip into a state of self-satisfied cybersecurity Zen, you get an email from your favorite online retailer:

 “We have reason to believe attackers gained unauthorized access to our customers’ data. It’s possible that your user name, password and security questions have been compromised, and we recommend all customers change their passwords immediately.”

 “No problem,” you think. “I have a system. I’ll just change my password and I can get on with my day.” Not so fast! That email said that your security questions also might have been stolen. Your password might be easy to change, but it’s a lot harder to change your mother’s maiden name or magically generate a new childhood best friend. If you’ve answered the same security question on multiple sites and one is compromised, you’ve potentially given cyber criminals access to all those other sites as well.

 As this article in Wired points out, security questions are a very weak link in the cybersecurity chain, and your best protection is either to opt out of using security questions, or if you can’t do that, lie. Generate random strings of characters as answers to those questions that are unique for each site, just like passwords. Say you grew up on mNTEuRR7q6jT,R street, for instance, or list your favorite music group as b[X9ZGXWouc8+>.

If your password storage solution is a paper list in your desk drawer, as it is for many My MacDaddy clients, frequently scratching out and writing in updated passwords quickly makes that list confusing and ultimately unusable, and since Wired’s recommendation effectively quadruples the number of passwords you have for each site, maintaining an organized paper list becomes hugely problematic.

Enter your savior: the password management application. A password manager is an app for your computer or mobile device that generates random passwords and security questions and then stores them for you securely. Many of them even sync your passwords across all your devices and fill out the website login screen for you. Some remind you to change your passwords at a predetermined interval, and for popular websites, some just change your passwords for you!

While there are many reputable password managers out there, My MacDaddy uses 1Password. 1Password is easy to use, and is built on excellent security. It protects all of your personal data behind one master password. Here’s a quick overview of how easy it is to set up and use 1Password.

1. Download 1Password from the Mac or iOS app store. When you run the app for the first time, you’ll be asked to set up an account to sync your passwords across all your devices.

2. Create your master password.

Obviously, this should be extremely secure, yet fairly easy to remember. Personally, I use a series of random words (generated from 1Password) that have no relation to one another, but that I can connect in my mind, like “oligarch.wingtip.pulp.” Imagine a well-shod political leader touring a paper factory. Now just try to get that image out of your head. You can’t, can you? See? You just memorized a very secure password. Nice work! With those three words memorized you now have access to your entire online life.

3. Enter your existing passwords into 1Password.

Once you unlock 1Password, you can begin adding all your passwords from your old filing system, whether that’s a printout or your memory. Now might be the best time to change some old passwords, as most security experts recommend changing passwords every six to twelve months. To generate a strong random password, just click on the combination lock icon next to the password field. You can do the same thing for security questions using the 1Password’s customizable fields.

Typing all your existing passwords into 1Password may take some time, but it’s nothing compared to the time and irritation you’ll save in maintaining your passwords going forward.

4. Install the 1Password browser extension for your browser.

The next time you need to create a password for a site, 1Password will generate it for you, copy it into the website and automatically save it. As you see here, I’m ensuring that a forgotten password will never stand between me and late night cheesy goodness.

The 1Password website has excellent tutorials, so there’s no need to repeat them here, and of course, all of us here at My MacDaddy would be happy to help you install and get comfortable with 1Password or any other password management app. Just like any security solution, it’s not foolproof, but it will take you one step further along the path of Net Nirvana.

Safe surfing in 2017, everyone!