Don’t Pass on a Password Manager
Quantum supremacy is irrelevant if you use the same password for all of your accounts (yes, I’m talking about you Jack, that guy who thinks that QWERTY1 is different enough from QWERTY2 to be considered exempt from security issues)
Services like deHashed (a web based tool that aggregates data breach information) gives it’s subscribers access to a powerful API, allowing security researchers, malicious threat actors, and everyone in between to easily run info such your name or email address, against all publically known data breaches, all for less than $10 a month.
So what’s the big deal? Well, if you are in fact one of those individuals who uses the same, or similar, passwords for all of your logins (that’s right Jack I’m looking at you) you should be very concerned. In fact I would say that it’s only a matter of time before you are compromised, if you haven’t been already.
NOTE: If you have already been breached you are not producing antibodies and are not immune from future breaches. THIS ISN’T COVID PEOPLE!
Almost every username and email address older than 4 years likely has at least one plaintext credential listed on services like deHashed. With bruteforce and cracking tools, or even good old fashioned elbow grease, even a 10 year old, born in 1723 without access to the internet could somehow own your accounts in a matter of minutes. Don’t ask me how, but you get the point.
So, how can this threat be mitigated?
- Don’t reuse passwords
- Use longer, more unique passwords (this makes bruteforcing and dehashing Sha2+ nearly impossible, until China puts it’s claim of quantum supremacy to the test that is)
- “But how will I ever remember all of these unique passwords” you might be asking yourself”. The answer to that leads me to the most valuable piece of advice I can give - USE A PASSWORD MANAGER.
Password managers allow you to store all of your passwords in a single centralized location.
Cloud based solutions like Lastpass offer excellent free versions of their products, giving users the ability to easily store, organize, and generate new passwords across all of their connected devices, making the concept of forgetting your password a thing of the past and freeing up brainpower for more important things, like that combo move you need to memorize to defeat finally defeat Bowser, or even your favorite banana bread recipe. The point is, it takes a bit of getting used to and some setup time, but once you get over that hurdle, I can’t think of a reason to turn back.
While Lastpass is much better than nothing, the more tech-savvy and security conscious might be willing to pass on the convenience of multi-device access and opt for a locally stored (and more secure) solution like KeePassXC, which offers a similar solution to Lastpass, only encrypted and stored on your local drive, not on the web.
The days of outsourcing our personal privacy and security are over. It’s time to take ownership of your online presence. By simply hoping for the best, I promise you are inviting the worst. Many folks
