#TechTip store your password manager program on 2 USB drives. 1 to carry with you and 1 for backup, or sync to the cloud securely
We conclude the weeks blog about passwords with a post about how to manage those password database programs.
We have already covered why you need multiple passwords and how to manage the sheer number of them. So now we have a simple tip that you really must follow: back up your password database!
With so many passwords to keep track of you need to keep them all written down somewhere and we recommend a password manager. But if you only have that program on one computer, what happens if your computer crashes or is lost? I usually recommend keeping your password manager on a USB drive so that you can move it between computers and its always with you. But make sure if your database program is on a USB drive you have it backed up on a spare drive somewhere else. Should you lose your drive you can still access all your sites.
The same can be said about syncing up your password database online. If your manager automatically syncs online as with LastPass, or if you keep the file on a Drop box or Google Drive, you will have access to it anywhere and anytime.
Password security may seem like a chore for those who don’t regularly make updates to it, bit a few steps now can save you a lot of trouble in the future.
Today we look at 2 Factor authentication. Many website are starting to implement this to increase security to its users by making it difficult for someone just with a password to access your account.
What is 2 Factor Authentication?
The concept behind 2 factor authentication is that you basically have 2 passwords: Your normal password, and a separately generated password that is given to you each time you log on, or an item that you must use to access your information. You may be most familiar with 2 factor authentication in the corporate world using secure login tokens. When a company needs you to log into their secure computer system, you will have to enter your password, as well as a code generated in the token key. Typically these systems have been reserved for businesses who can afford the high security, but not it is becoming made available to average users through different means.
For portals like Gmail, Google has introduced 2 factor authentication using text messages sent to your smartphone. When you activate it and log on, a text message with a 6 digit code is sent via SMS to your mobile phone. You then enter that number into the next screen after your password and then you are let in. The obvious benefit to this is that even if someone gets your password, they won’t be able to access your email unless they can also intercept that text message.
Twitter as well has added additional verification as a security feature to your twitter account. Twitter has both SMS verification as well as a feature built into the Twitter app for Android and iOS phones which require you to have your smartphone when you log into Twitter. This ensures that anyone wishing to access your account will need both your password and your smartphone to get in. More information on Twitters additional verification features can be found on their Support page.
PayPal has its own version of 2 factor authentication which includes either SMS or a digital token. When you log on to your enabled Paypal account, you will be asked for a second step. You can either have an SMS message sent to your phone, or you can get one of their authentication tokens. They use a credit card sized token that generates a new passcode every time you press the button on the card. It costs a few dollars to get the card, but its good security if you don’t want to use the SMS feature.
If you are concerned about access to a particular site, you can look in their help sections to see if they provide additional sign in options that will give you the extra security you need.
#TechTip Use a password manager to record all logins and have 1 master password to access it.
As we continue on with our theme this week of password safety, Lets talk about how to keep track of all those passwords.
Previously, we discussed about how many passwords you need. As stated, its strongly suggested you have a different password for each online portal you access. The reason of course being if one of your passwords is compromised, it won’t affect all of your online platforms. Changing one password isn’t too bad; changing 50 or 100 would be torture!
So with so many logins and passwords, how do you keep track of them all?
I strongly recommend getting some password management software. Yes you could always go for the good ol’ notebook with everything written down, but what happens if you lose that book? You can also keep track of them in a document or spreadsheet file. They would be backed up, but not necessarily secure. Unless the file is encrypted or password protected, then it is vulnerable to prying eyes. Even if you do have an electronic document that is encrypted, searching through many logins could be arduous to find that one login you need.
There are a number of great programs available to help you manage your passwords. Lets take a quick look at some of them.
KeePass
KeePass screenshot
Personally I am a fan of KeePass Password safe. It is a program that requires a password to open it up and houses a database of all the logins, passwords and site URLs for the web portals you visit. It stores lots of information, and allows you to generate a random password based on the criteria you ask of it. So if you are having trouble thinking up random gibberish for your passwords, let this program take care of it for you.
You can sort your password into categories, such as for home, work passwords or online stores to help keep things organized. If you have lots of passwords, there is also a search feature which will let you find your login credentials easily.
This is also one of the few programs that works on most platforms available. It is free and Open Source, and there are versions that work on Windows, Mac, Linux, Android, iPhone/iPad, Blackberry and Windows Phone 7, as well as a portable version designed for USB drives. They may have slightly different names for the different versions because each version is created a little differently to work with the Operating System it is designed for, and some are compatible with slightly different versions of the database, so do a little research with this one depending on what platform you have.
LastPass
Another popular program for managing your passwords is LastPass. There is both a free version as well as a premium version which includes a mobile component.
Where KeePass is solely a single database of your passwords, LastPass also integrates with an online portion that manages and syncs up your passwords. The database may be synced online, but the password key to unlocking it is always stored locally so there is little to no risk of having it hacked online in the cloud. It shares similar traits to KeePass, but can also track the sites you visit so it can auto populate logins and passwords where needed.
LastPass has gone to great lengths to have it work on as many browsers and operating systems as possible so you can be comfortable using it on multiples devices, even if they are different technology. The premium cost is around $1/month
Ironkey
We will go into more depth on the Ironkey in a future blog post. For those that know I am a fan of the Ironkey for its security, but it too also has a password manager built into it. Like LastPass it can detect what site you are visiting and auto populate the login and password info you need. It also has a virtual keyboard that can pop up so you can enter passwords using your mouse, thus preventing any key logger malware from detecting your passwords. The Ironkey solution will be talked about more soon, so stay tuned for that.
Now you know a little more about how to keep your logins secure, and keep your passwords safe. While it may take a while to go through and adjust all your passwords and log the entries into your password database, doing it once and only once is a savings than having to worry about doing it everytime you one and only password for everything is compromised.
Check out our blog again soon for more tips on security online and password protection.
#TechTip: Change your passwords often. Don’t use words found in a dictionary or easy number combinations.
Last week, news broke of a major password breach on a number of major social media websites. Close to 2 million passwords were accessed from sites like Gmail, Facebook and Twitter. The security breach means if your password was compromised, you may be susceptible to attack from other hackers.
It is strongly advised that you change your passwords. Even if you don’t think you were affected, its always good to change your passwords now and then for security. This week, we are going to bring a series of tips and blogs on why security for your password is important and offer tips on what to do.
First for this week, lets talk about the actual password you use. Do not use names, dates, or any word that can be found in a dictionary. Even words that are linked together can be cracked. If its found in a dictionary, it can be cracked. It is strongly suggested that passwords contain the following elements:
Upper Case letters
Lower Case letters
Numbers
Punctuation
8 or more characters
If you include these in your password, and they are not based on any dictionary words, chances are its a secure password. Having said that, almost any password can be hacked by a skilled hacker. The point is not to make an uncrackable code, but to create a code that would require so much effort for a potential hacker to crack that it wouldn’t be worth their time or resources to try.
Even with good strong passwords that can’t be easily cracked, its still suggested you change your passwords often. Your login credentials for the sites you visit are usually kept in a database somewhere. Its those databases that hackers tend to be attracted to. If they manage to get in and steal a file containing many passwords, then all the complexity in the world won’t help you. Simply changing your password will avoid any issues.
I keep you connected 