The Word on Password Managers

by

The vast majority of us are using weak (or potentially even worse – reusing) passwords across our many online accounts. This behavior makes a great target for cyber attacks. Criminals can use your compromised information to open bank accounts in your name, take out loans, ruin your credit rating, lock you out of your own data…it’s a real grab bag of nightmare scenarios! I know safety and diligence are boring and tedious, but the reality is cyber crime is on the rise – and these criminals are only getting more sophisticated. If you haven’t taken your cyber security seriously before, now is the time.

A huge step in securing your information online is taking a good hard look at your password habits. Last week, we talked about why you probably shouldn’t save your passwords in your internet browser. As an alternative, most security experts recommend using a standalone password manager. Let’s dig into the details of these services to help decide whether they’re right for you.

The Basics

A password manager is a type of software application that stores and manages your online login IDs, passwords, credit card numbers, PINs, answers to security questions, etc. These types of applications can even generate super strong passwords for you – since you won’t be tasked with remembering them, you can afford to get a little wild with the special characters and random letters/numbers. In addition to storing your passwords behind extremely strong encryption, the password manager itself does not have access to your passwords. Only you have the master password to access them (also meaning if you forget your master password, you’re out of luck).

When choosing a password manager, you will likely choose between a local/desktop-based system and a cloud-based one. The main difference between these two systems is how and where your information is stored. Local applications store your encrypted database in a local “vault,” which lives only on your device (and isn’t accessible over the web). Cloud-based systems store your information in the password manager’s servers, meaning you can access it from any device with the proper login information and authentication. The local application is the most secure, but it sacrifices some convenience and usability. Cloud-based is more user-friendly, but requires a level of comfort with having less control over where your information is stored.

The Good

  • The features that make for good passwords – at least 12 characters made up of a random variety of letters, numbers, and special characters – also make them very difficult to remember. A password manager generates strong passwords and remembers them for you.
  • Many password managers offer to scan your passwords and provide a security checkup. You’ll receive alerts if you are reusing passwords anywhere, if any of your passwords aren’t up to snuff, and if you have accounts on sites known to have had security breaches.
  • Some password managers offer a password auto change feature. The application will log in to your accounts with your saved credentials, update your password and save the new login information. Security experts recommend that we update our passwords at least once per year – a very time-consuming process to do manually. Password managers take a lot of the work out of this task.

The Bad

  • Switching to a password manager takes significant effort on the front end. Depending on how many online accounts you have, it could be a decent time commitment to get all of your online credentials saved to the application. The good news is that once you’ve done it, you’re set (and likely much safer) for a while.
  • Putting all of your password eggs in one basket can be a tough pill to swallow for some. If there is a security breach (not unheard of), the worry is that all of your passwords could be compromised. That being said, password managers are extremely secure baskets. We mentioned last week that browsers don’t make the best password managers because their chief concern is not security. The same logic applies to standalone password managers – these companies are in the business of cyber security first. As long as you choose a reputable company and create an extremely strong master password, you’re likely a lot safer than you would be without a manager.

The How

  • Do your research. You will first want to pick a reputable password manager. Experts recommend any of the big name applications (LastPass, Dashlane, and 1Password have the best reviews), but from there it will be depend on your preferences and needs. Wirecutter recently published a great review to help you decide.
  • Create a master password to end all master passwords. Your account is only as secure as your master password is strong. Go crazy with this one – it’s the only one you’ll need to remember. Once you’ve created an account, you’ll need to install any browser extensions and/or mobile applications.
  • Clear your schedule. You’ll need to work your way through adding all of your online accounts to the application. This is the time consuming bit. It may be helpful to keep a running list of your accounts as you think of them. I highly recommend using the password generator to change all of your passwords as you go.
  • Destroy the evidence. Purge your phone/browsers/desktop of any saved passwords. Throw out the post-its stuck to your monitor, delete the notes file in your phone, turn off password saving in your browser. If your application doesn’t offer it, set a reminder in your calendar to change your passwords again in a year (it’ll be a lot easier next time!).

Patient Computer Help for Grown Ups assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.

Should You Save Your Passwords in Your Browser?

by

If you’re ready to pull your hair out over password management frustrations, rest assured you’re not alone. The average user in the US has over 130 online accounts. Since we all know never to reuse the same password across multiple accounts (right?), that’s 130 unique, complex passwords to remember! I won’t speak for you, but my brain wasn’t built for that kind of task. Consequently, for many of us, storing our passwords is a necessity. One popular option that has cropped up in recent years is browser password management. Whichever browser you use, you likely have been asked the question Would you like us to save your password? If you answered yes, the next time you visited that website it may have autofilled your password for you. How convenient! But is it safe?

Let’s break it down…

Encryption is Key

Browsers often save your passwords in a plaintext list, frequently accessible with only the password to your device (and other times through no password at all), and commonly with fairly weak encryption. Even if the data is strongly encrypted, the cryptography and implementation specifics often aren’t publicly reported, leaving the user at the mercy of the company’s claims and reputation.

Security is Secondary

You might trust a babysitter to make your kid dinner every now and then, but would you hire him as a full time chef? Probably not. Your babysitter’s job is (hopefully) taking care of your kid! Browser companies’ chief focus will always be providing the best browsing experience. Firefox, Chrome, Safari, and Edge are all locked in a battle to win our hearts, and they know what 98% of us care about – an attractive interface and an intuitive user experience. Protecting their users’ login credentials will always be secondary, if that.

Convenience is Costly

On top of potentially weak encryption and subpar security measures, the most convenient feature of a browser password manager – autofill – is inherently dangerous. Most people using a browser password manager are not opening the browser’s vault every time they need a password and copy-pasting it into the login box. Most users allow the browser to autofill login information for them. Unfortunately, recent research by the cybersecurity company Proofpoint discovered that some digital ad companies have been scraping this autofill data to collect email addresses. This methodology could easily be applied to any saved data – including passwords.

It’s Not All Bad News

There is another (slightly less) convenient, vastly more secure option – dedicated password managers. Next week we’ll go into detail on these and help you decide what’s best for you.

Patient Computer Help for Grown Ups assists people with their Macs and PCs in the Chagrin Falls and Ohio City areas.

Is my WiFi secure?

by

Is my WiFi secure?

Because everything is done online these days, hacking and data theft are very serious problems. Your WiFi network can easily be compromised if it’s not properly secured. If you are like most people, once you have set up your wireless router, you may not think much about its security. As long as you have Internet access on any device you use, that’s all that matters. However, that is a big mistake because your personal and financial information can be vulnerable to hackers. There are several things you can do to ensure that your Wi-Fi is secure.

[Read more…]

Strategies to Manage Passwords

by

Strategies to Manage Passwords

In today’s world, it’s nearly impossible to get through a day without using a password at least once. Whether it’s logging in to your computer at the office or purchasing items online, passwords are now a part of our lives. However, while passwords may be a necessity of life, it can often be difficult for the everyday computer user to come up with good strategies to manage them in ways that are safe and effective. With hackers and criminals vying everyday to steal personal information and use it for identity theft or other crimes, it’s more important than ever to know what to do once you’re at the keyboard. If you find yourself in need of some new ideas to manage your passwords, we here at Patient Computer Help are ready to help you solve these and other complex computer issues.

Different Passwords for Each Account

Because password management can be complex at times, many people choose to take the easy way out and use one password for all of their accounts. This is a huge mistake. If the worst happens and hackers manage to access one account, they’ll usually try the same password on the rest of your accounts. Chances are you’ll be in for lots and lots of headaches trying to convince people you didn’t buy this or that. Therefore, using different passwords for each account gives you the best chance to outsmart the criminals and keep your information safe and secure.

Create Unusual Passwords

If there is one thing we see on a regular basis, it’s people who use passwords that are far too easy for hackers to figure out. For example, in a recent Wall Street Journal survey, it was discovered that some of the most common passwords used were password, 123456, and 12345678. With passwords as simple as these, it’s no wonder hackers are having such an easy time gaining vast amounts of personal information. Instead of letting yourself be a victim, try to make your passwords as unique as possible, utilizing a variety of letters, numbers, and symbols.

Password Managers

If you would rather not be bothered with trying to come up with numerous secure passwords, the good news is that there is now numerous programs or apps designed to do the work for you. Known as password managers, these programs can generate unique passwords that are almost hack-proof. In addition, the password managers also memorize the passwords and enter them into your website for you each time a person returns to the site. Some of the most popular password managers include LastPass, KeePass, and RoboForm, all of which have been given high marks for their effectiveness. Made to integrate with most Web browsers, they are becoming more and more popular with consumers. However, while they are made to be easy to install on most computers and smartphones, we advise customers that if they have any questions, we are equipped to help you examine and install the software. And for those customers who surf the Web mostly through their smartphones, we and help install the software on your phones as well. While coming up with strategies to manage passwords sounds as if it can be an impossible task at times, the good news is that it can be made much simpler by asking us for help. Whether you need advice on how to come up with secure passwords or need help installing software, our knowledgeable and experienced staff can make sure your passwords are safe and secure.
If you’re looking for advice on strategies to manage passwords, contact Patient Computer Help.

Why do Hackers Want Access to My Email?

by

Why do hackers want access to my email?

You might not take the security of your email seriously because you might be thinking that nobody would want to see correspondence between you and members of your family. In truth, there’s more connected to your email than you might realize.

There are normally 3 reasons that a hacker would want access to your email.

#1 Havoc on Your Account

The first reason involves a sort of vandalism. A hacker can change your password, gain personal information stored in your profile and send email to your contacts. This is how friends can get the message that you’re trapped in Belize and need money wired to come home. Not good. They could also delete all your contacts and messages so you don’t have access to them anymore.

This can be a serious problem. When you sign up for most services, they’ll send you login and account details through your email. Without that information, you won’t be able to get access to your accounts. If your password is changed so you don’t have access to your email, you might not be able to restore your accounts.

#2 Gaining Sensitive Information

With access to your email account, a hacker could gain access to other accounts connected with the email. They can not only stop you from getting past emails. They could contact the accounts from places like your bank or credit cards that are linked through email. Hackers could use that information to change passwords, change the address and request new cards to that new address.

Much of your personal information is available in your email accounts, and hackers can gain that information quite easily. With control of your main email account, they have access to other vital accounts. For example, Miriam’s email account is hacked. The hacker contacts her bank online and asks for a new password. The bank sends an email to her asking that she verify the request. The hacker clicks the verification and has access to all her money.

#3 Spamming Your Contacts

Some hackers can use your email address to send an email to someone you know asking for money. This has happened a lot. The hacker sends all your contacts an urgent email saying that you lost your phone, and you’ve been in an accident. Your friends and family are worried, so they’ll immediately send money to the place selected by the hacker. They have no reason to suspect that it’s not you emailing them.

They can also send emails to places you do business with asking for information about you that will help them hack into more areas of your life. They’ll pose as you to get your account information from third parties.

Protecting Yourself

Your bank accounts, in fact all accounts, should have a unique passwords. Some people recommend using a separate email address for your financial accounts and your  social media. Make abso-darn-lutely sure you’re not using the same password for every single account you have. Have extra security measures in place like two-step authentication on your vital bank or credit card accounts.

If you notice that you have a virus, or your computer is running slowly, you can contact us at Patient Computer Help to remove the virus.