With paper becoming a thing of the past in terms of bills, banking, product ordering, personal photographs and so many other significant parts of our lives, we are now able to access all of that simply by turning on a computer and having an Internet connection. Along with creating an online identity as an individual or a business comes a need to protect that identity—and that’s where a password manager comes in.
We get it: Remembering multiple, maybe even hundreds of passwords is difficult—if not impossible—if you attempt to make each one distinct. That’s why many of us default to using the same password or sets of passwords over and over again for our multiple accounts. You’ve likely heard before that using the same passwords across multiple online accounts is dangerous in terms of cyber security—and it’s true.
According to a 2015 report cited by Entrepreneur.com, nearly three out of four consumers use duplicate passwords, and many of these have not been changed in five years or more. Of those surveyed, 40 percent said they were aware that they had been the victim of a security issue in the past year—not to mention those who did not know their information had been compromised.
Moreover, security breaches from password reuse have happened on multiple occasions on a national and global scale. In 2012, the online cloud storage platform Dropbox was breached, and hackers stole a large chunk of user credential data. It was only discovered in August 2016 that the “chunk” amounted details from more than 60 million accounts stolen from users. All of this happened because one Dropbox employee’s password—reused from a previous LinkedIn breach—was acquired.
Also in 2016, Yahoo! reported two major data breaches. The first one, which happened in late 2014 but was reported in September 2016, affected more than 500 million Yahoo! account users. The second, occurring in August 2013 but reported in December 2016, compromised up to 1 billion account passwords.
If you were one of those billions of people, your personal or business assets could still be at risk—including your banking information, your domain or your emails, for example.
So what can you do?
We suggest using a password manager that automatically generates and stores passwords and security answers for every account you have. With a password manager, you only have to remember one password, and the manager will then generate and store long, complex passwords for all of your accounts. Some password managers can also use your fingerprint, rather than a single password, to grant access. Most even offer autofill functionality, so that it takes just a couple of clicks or keypresses – or none at all! – to get logged in to any of your accounts.
Here are our top three password manager picks:
- KeePass: KeePass is our usual pick because it’s free and open-source, and there’s a good way to use it on pretty much any platform, including Windows, macOS, Linux, iOS, Android and many more. With KeePass, you can save a password database to Dropbox, iCloud or other cloud storage and sync it to any device that you own, or keep it on one single device that you trust most. Your database is protected by 256-bit AES encryption and can only be unlocked with your master password, keeping it safe from prying eyes. Another advantage of KeePass is that you can create as many password databases as you want, giving you the opportunity to easily separate personal and business passwords without requiring multiple accounts or paying multiple subscriptions.
- Bitwarden: This is a cloud-based service that works well everywhere, and is the most convenient of our three picks for Android users. Because it is cloud-based, you do not need to create a database and sync it yourself to access your passwords on all your devices. Though Bitwarden manages your vault (their term for your password database) for you, there’s no need to worry about an unscrupulous employee rifling through your passwords. According to Bitwarden, your master password is never sent to their servers, and decryption of your vault is done on your local computer or smartphone. Bitwarden is free for individual use on unlimited devices, and is well-integrated into popular browsers like Chrome and Firefox. On mobile devices, it offers biometric (fingerprint or Face ID) unlocking. Bitwarden does offer a premium service for $10 per year, which includes benefits like Bitwarden Authenticator and security reports; however, the free features are probably enough for the average user.
- 1Password: Another cloud-based service, 1Password also costs $12 a year to unlock its full functionality, which in this case you would want to purchase. This manager offers similar advantages to Bitwarden, except that it is better suited to Mac and iPhone users than Windows and Android users. 1Password is generally seen as being best integrated with Apple services like Touch ID, which allows you to unlock with a fingerprint scan. Like Bitwarden with 1Password your master password is never shared with anyone, making you the only one who can unlock your vaults and access your information.
With password programs like these, there is no reason for you to have to continue using that same handful of go-to passwords that can and probably will eventually lead to the violation of your privacy and online assets. Keep in mind that whereas you may think of your online accounts as yours and yours alone, without strong password security there could be more eyes on them than you think.
Continue to follow the McNutt & Partners Blog to learn more about using technology to set yourself up for success as an entrepreneur! Call us at 334-521-1010.
As of February 2023, we have updated this post to remove mentions of LastPass and replace them with Bitwarden. Due to serious security incidents in 2022, we can no longer recommend LastPass.