If you know me, then you know that I take security seriously. And so should you.
By using for example only one password to log into everything (I have seen it happen) you have the problem that once your password has been compromised someone can completely take over your personal and maybe even business identities, lock you our of your accounts, steal your identity and make your life miserable for a long time to come.
And it’s not *that* hard to get hacked. It happens all them time. Just one of the sites you use maybe saves it in an unsecured format and gets hacked. You don’t even have to get personally involved to get hacked. So it doesn’t help if you are “careful” and don’t write it down.
There is a website where you can check if any of your accounts at other websites have been reported as compromised: https://haveibeenpwned.com/
It is not fully comprehensive since not every site reports a breach, but it does list the major ones. Just enter your e-mail address and press the “pwned?” button.
The best approach is to use each password only on one site. Easy as that. One lost password only means one problem to deal with. What…you can’t remember 68 distinct passwords that have 10 jumbled up characters? Neither can I.
What do I use?
I use KeePass. It is a password manager. It stores over 1500 passwords, credit cards and other information for us because we just can’t remember all of them without help. And we can access all of them with just a single password that is never stored anywhere but in our heads.
It is a bit tricky to set up though and I wouldn’t recommend it to non-tech users if you want to have access to all your information on more than one device. And you will want to. It’s so nice to carry all your passwords securely with you on your phone and at the same time have your computer’s browser the logins fill in automatically.
So…what should non-techy users do?
Well…if you don’t want to sync anything between devices and don’t like to have anything like that in the cloud, then do go ahead and use KeePass. It’s fairly easy to set up if you don’t want it to sync anywhere. But please remember to back up its database. No cloud – no automatic backup!
[Have a look my post here if you are really interested in it and are considering it with or without sync]
But what if you do want to have access anywhere or just don’t want to keep up with manual backups?
There are currently four other services we recommend.
- Bitwarden
This is quite an interesting solution that has free and paid versions and even allows you to self-host the basic version on your own server if you are technical enough.
The free versions should be good for most private users and the free business version even allows sharing between 2 users.
It syncs between apps for many desktop and mobile devices and also has web access as well. - DashLane
It has a basic free version with one device and 50 passwords. Dashlane allows you one-click changing of some select popular passwords and does give you security alerts if any of the services you have passwords for reports a data breach. It also can store receipts for your online purchases. - 1Password
This one doesn’t have any free versions. It does have a family plan though and, like Dashlane, it can save online receipts and has a security alert feature.
All these services also have plans for business uses and sharing of logins between team members so you can hand off passwords securely.
And most importantly – don’t forget to secure your computer with a password and lock it when you leave it (Windows-Key + L). Because if you don’t then someone accessing your computer has access to all your passwords if you are logged into the system.
And while you’re at it – put a PIN on your phone as well to keep it secure.
Mark Krieger helps organizations and individuals to create systems for success, both on the IT and operations side and implement strategies for financial well-being. www.makbiz.ca