I know, using a Password Manager is a somehow geeky thing to do. The setup takes time and you probably have better things to do. But in today’s world you have to think of it as an insurance. You probably think nobody wants your data and why should you be a target anyways, you’re just an average person on the web, correct? Well, we’ll get to that, but first let me ask you something: Did you spend time to get some kind of insurance? Maybe a fire insurance for your house or an extended health insurance that covers your teeth? You didn’t do that because you want your house to burn down or your teeth to fall out, you did it to be prepared if the worst case happened. You could ask the same questions: Why would somebody light a fire to burn your home down? Why would you not pay attention to burning candles, yet everyone understands that these things could happen. There’s a slight chance that it might hit you, so you get insurance.
Your credentials are already out there
Let’s face some truths: First, our passwords are out there. No software is safe, no service is safe and that is why even big companies like Adobe, Dropbox, LinkedIn, Snapchat, Sony, MySpace and even Uber became a victim of data breaches. And that are just a few of the popular examples, by far not the only or even worst ones. Billions of accounts have been leaked and I bet, yours too. You can even go and check, if one of your accounts was affected. Thanks to security expert Troy Hunt the web has the beautiful site of HaveIBeenPwned.com on which you can enter your username and it will tell you if your account was a victim of one of the many breaches.
One password to rule them all
The second truth, you don’t have more than three passwords for all your accounts, do you? And one step further, these passwords are easy to remember for you and not genuinly random, right? Do you really think that an attacker who got your Dropbox login wouldn’t try the same login for your email? Your facebook, your Amazon or even your PayPal, for that matter? Your online footprint is not only a few photos on facebook that you don’t care about if anyone sees them. It’s your credit card or bank account, it’s your birthday, your phone number, your contacts. It’s your life. Logging in is not just the necessary evil so that a service knows who you are, it is actually a step for your security and most of us throw that security offer away.
Insure yourself with a Password Manager
There are way more reasons why an evil geek could want your accounts or your data. Maybe just to frame you for targeting a more valuable vicitm and hide his own tracks. But then you have a bigger problem. I just hope I was able to show you, that there is data stored online that is of value for you. I genuinly hope that you’ll never become a victim of a targeted cyber attack and maybe you never will, then I’m glad. But just to be prepared for the worst case, why don’t you insure yourself? Use strong passwords and a unique one for each website you sign up for. I know we can’t remember 35 actual random passwords and connect them to the correct account that we used them for just so we have secure password. Our brains are not made for that. It’s the same reason why you enter “www.google.com” instead of “220.127.116.11” to visit Googles search engine. You wouldn’t remember websites by their IP, but you do by their readable names. But just as there is a service to translate the readable URL into the IP address, there is also a service to help us with passwords. That’s why we should finally invest an hour or two and set up a Password Manager of our choice and change the passwords for the services we use. Yes, it’s an effort, but so is getting insurance – but it’s worth it!
Just pick any Password Manager
There is a bunch of options out there and I’m not going to make a decision on which one you should use. I’m just saying, any Password Manager is better than no Password Manager. Yes, there have been cases in which even a password manager was compromised but your only alternative is not to have one and that is even worse. Don’t let that be an argument. You don’t not get insurance, just because the insurance company could go broke.
So, I am using Enpass since that applications for me had the best balance between pricing and usability/service. Basically it’s free for all Desktop environments (Windows, Mac, Linux) and you pay $9,99 for each mobile platform. I am on Android, so it was a payment of 10 bucks to have all my systems fully integrated. You can use it locally on each machine or opt for a synchronization, using the service you prefer. Of course a synchronization makes you more vulnerable but you have all your passwords up-to-date on every device.
It took me not even two hours
Let’s be honest here, I was using Enpass for quite a while already but more as a storage for all my accounts and I still signed up with my password. So today I changed that! I logged into every service and changed the password to a randomly generated one. Enpass even did the password generation for me. It took me close to two hours, but I’m done now. It’s just like the consultation before you eventually sign your insurance – and I did sign it now. I’m done, I’m insured. I know I’m not entirely safe, but even if Twitter got hacked tomorrow, it’s just that one password that I have to renew. All other services are still secure. I know, it was worth it