Dear Black Bag Confidential Reader,
The use of robust password protection is critical to maintaining your digital security and privacy.
As password strength is a function of its length and complexity, the key to a strong password is the unpredictability of the characters that it incorporates.
In addition, best practices suggest that you should maintain separate passwords for each account you wish to secure. But not only do people typically not do this, they also tend to use the same password for all of their accounts. Often, it’s a relatively simple password too, like “password” and “123456.”
And that is why you need a password manager.
By using a password manager, you address both of these concerns while also increasing the likelihood that your accounts will remain private.
Just as a car thief will pass on a car with a steering column bar and an obvious alarm and instead seek an easier target, hackers and data thieves will seek out accounts “protected” by “123456” over yours.
Which Password Manager Should You Use?
I personally use and recommend LastPass because of its ease of use and numerous features that allow you to tailor the program to your specific requirements. Other popular password managers like Dashlane and RoboForm provide their own unique features and advantages, but I prefer LastPass. The ideas I concentrate on here today, then, are directly applicable to this program.
A keylogger is a piece of malicious software that can get installed on your computer that then captures every single key you press on your keyboard.
LastPass protects against this by using a “virtual keyboard.”
Here’s how it works: Rather than typing on your keyboard to enter your password, you use your mouse to “type” in your password by clicking on the corresponding keys displayed on your monitor.
To use this feature, when you sign in to LastPass, the “Sign In” page will include four options below the field for typing in your email and password. These are “Show Keyboard,” “One-Time Password,” “Mobile Site,” and “Create an Account.” Click on the “Show Keyboard” button and use your mouse to enter your email and password information.
The button on the sign in page adjacent to the Virtual Keyboard is the “One-Time Password” option. This option is also useful in circumstances when you are not using a secure computer, such as in a public space, or where you believe keylogging may be a risk.
Any “One-Time Password” you create can be used only once to log into your LastPass account.
You can create as many of these passwords as you like and keep a list of them with you. To learn more about this feature, click here.
By far, the most valuable tool to protect your password privacy and security is your ability to require authentication to access your protected data. Authentication is the process of verifying your identity by confirming the truth of a single piece of data.
For example, the bank cards we all use at ATMs incorporate two-factor authentication. The first factor is possession of the bank card itself, which is inserted into the ATM to transact business.
In most cases, the person using the card is its rightful owner. But there’s always the possibility that someone is using the card unlawfully. This is why ATMs require you to enter a personal identification number (PIN) as well. The PIN provides more evidence that the person using the bank card is authorized to use it, because of the confidential nature of PINs.
LastPass provides this heightened level of security too, by using several authentication options, including Google Authenticator and Authy. Each of these authentication options is software based. For those concerned about potential hacks into these software products, there are also hardware-based authentication solutions available, including my favorite, YubiKey.
The possibility of falling prey to hackers and online data thieves is always a risk. But you can tip the balance in your favor by using a password manager like LastPass.