Wednesday, June 8, 2016
There is a way to store passwords and not reuse a single one, ever.
I’m just like Mark Zuckerberg. Okay, I’m not insanely wealthy, nor do I meet regularly with heads of state. I’m also not building a Jarvis-like AI for my home. Instead, I have a nasty habit of reusing passwords, just like Zuck… and most of the internet.
Zuckerberg’s password of choice was "dadada" according to reports. Mine’s at least mixed case, with numbers and letters chosen from all over the keyboard. My fault use to be in reusing the same password, or passwords, really, over and over and over again. Something I corrected with the help of software I use everyday.
I installed AgileBits’ 1Password password manager on my Mac, PC, iPhone, iPad Pro 9.7", and Galaxy S7 about 2 years ago. Mainly I’ve used it to generate and manage unique and impossible-to-remember passwords for new sites I visit, not for the old sites where I’m already registered. Fortunately, I’ve been diligently hitting the "accept" button each time 1Password offered to store my credentials for every old site I log in to. Eventually 1Password created a complete portfolio of all my IDs and passwords, both new and old, and synced them securely across my devices. As of today that's more than 100 items, hundreds of which are logins I've accumulated during a life lived online.
Reading about Zuck’s predicament this week reminded me of my own vulnerability. Odds were good that if left unchecked, I’d eventually succumb to a similar hack (or worse) considering all the high-profile password dumps from sites like LinkedIn and MySpace. Fortunately, I just discovered the Security Audit feature of 1Password.
Not only is 1Password a terrific password manager, it’s also a surprisingly useful tool for sussing out vulnerabilities. The desktop app will tell you which passwords are weak (broken down by "terrible" or just plain "weak"), which are duplicates (I had dozens, I’m ashamed to say), and which passwords have remained unchanged for months or years. It took a few hours, but I’m happy to say that I’m duplicitous no more.
And while I was at it, I also culled some accounts I no longer use (sorry Fitbit, Hulu, and Jawbone), and enabled two-factor authentication on a few sites that recently began offering 2FA protection.
Am I 100 percent secure? Nope. But with a password manager like 1Password (or LastPass) helping me manage hundreds of strong and unique passwords, I’m certainly better off than Zuckerberg, except for all the money and stuff. Hey at least I don't have rich people problems, whatever those may be.