Some of my old usernames and passwords are floating around the internet, and maybe yours are too.
After repeated data breach notices on websites, some of which I haven’t visited in years, I decided to get serious and use a password manager to create unique passwords. and impossible to guess for each of my accounts. They are so complex that I don’t know what most of them are.
To find out if your credentials are exposed, plug your email address into Haveibeenpwned.com, a website by security expert Troy Hunt, to reveal which breaches contained your data. It doesn’t ask for your passwords (and you shouldn’t give them to random sites anyway!).
Hackers commonly use an attack called “credential stuffing”: they take leaked usernames and passwords from a breach and enter them on other sites in the hope that people will reuse them.
That’s why security experts always say not to reuse passwords, especially those for important logins like your bank, email, and work accounts. But it also means you’ll quickly end up with more passwords than you can remember.
A comprehensive password manager is a good idea, but creating one can be time-consuming, daunting, and sometimes expensive. So, as someone who’s gone through the process for myself and several of my family members, I recommend cybersecurity newbies start with the quick and free builds built into the smartphones and browsers they already use.
The best password manager for you
A good password manager:
• Create strong passwords
• Stores login credentials
• Autofills usernames and passwords
• Protects your data
• Allows you to export credentials if you want to change managers
I generally recommend independent services such as Dashlane and 1Password, as these apps work better on different platforms and have more features. However, Apple is great for less tech-savvy people.it is
iCloud and Google Keychainit is
Password manager. They’re free, there’s nothing to download, and they’re built into software people already use. Additionally, they can generate new passwords and send alerts when a password has been compromised.
Even Gary Orenstein, chief customer officer of open-source password application Bitwarden, agrees: “It’s better to use any password manager than not to use one.”
Remember that iCloud Keychain is for people who live primarily in Apple’s ecosystem, and Google’s Password Manager is for people who use Chrome or Android for most of their internet activity.
If you’re not squarely in one of these camps, you may need a third-party app. Bitwarden is a solid free option that works across different platforms, while 1Password and Dashlane, which have monthly subscriptions, are suitable for families and people who need more features, such as secure password sharing.
Once you’ve set up your system, change the passwords for a few of your web and app logins first, then try using the manager on different devices, just to get used to it. If you’re using an embedded system, your device’s passcode protects your credentials, so don’t choose an easy-to-guess passcode like 1111. Here’s how to get started:
Apple iCloud Keychain
where you find it: iOS/iPadOS apps, Mac apps, Safari for web and mobile, Chrome for Windows
How to activate: Enable iCloud Keychain in your Mac’s System Preferences if you haven’t already. Click Apple ID, then iCloud and select Keychain. Then on your iPhone or iPad, go to Settings, tap your name, iCloud, then Keychain. If you’re using a Windows computer, download the iCloud Passwords for Chrome extension.
When you create a new account or reset the password for an existing account, Keychain will automatically prompt you to generate a strong password and save your login information for that website. The next time you visit the website, these credentials will be automatically filled in for you.
Each time you enter an existing password, Keychain also offers to save these passwords.
Consider enabling biometric authentication for password autofill, so you don’t have to enter your computer password or phone PIN every time. On a Mac, go to System Preferences, then Touch ID. On an iPhone, go to Settings, then Face ID & Passcode.
Find your passwords: Want to search for a stored password? On a Mac, open Safari preferences, then select Passwords. On an iPhone, in the Settings app, scroll down and tap Passwords.
How to export: On your Mac, go to Safari and open Preferences. Click Passwords. At the bottom of the list of passwords, click on the three dots and select Export Passwords.
Google’s password manager
where you find it: Android, iOS (with Chrome app), Chrome for web and mobile
How to activate: In the Chrome browser address bar, navigate to chrome://settings/passwords and enable Offer to save passwords. On Android or iOS, open the Chrome app, tap the three-dot icon, go to Settings then Passwords and turn on Save Passwords. When you create a new account or reset the password of an existing account, the browser will offer you a strong password and save it for you.
The easiest way to add existing passwords is to visit a website and enter your username and password. Chrome will also offer to save them.
If you’re using iOS, Google can fill in passwords saved in other apps as long as the Chrome app is installed. Go to Settings apps, select Passwords, click Autofill passwords and select Allow deposit from Google Chrome.
Find your passwords: If you need to manually access your passwords, open a new tab and navigate to chrome://settings/passwords or passwords.google.com to copy and paste the password manually.
How to export: Go to passwords.google.com, click the Settings cogwheel and select Export passwords.
Independent password managers
If you’re considering using a freelance service, I have two general tips:
• Download the manager app or extension on every device and browser you use.
• Take the time to create a strong master password.
If you’re using an independent manager, you’ll only need to remember one password, which you won’t have to change unless you think it’s been leaked in some way. another one. Master passwords are private keys that are known only to you, not even the company knows them.
Choose a password of at least 12 characters with numbers, upper and lower case letters and symbols. It helps if it’s based on a meaningful phrase. If your favorite song is “I Want To Break Free” by Queen, it could become “i Want 2BF by QueeN!”
You can also make your sentence simpler but longer: “Oh how I want to be free, oh how I want to be free!” Password length is more important than complexity because longer passwords are harder to crack, says Jameeka Green Aaron, information security manager at client authentication company Auth0.
It’s important to note that your master password cannot be recovered or reset, so you can write it down on paper and store it somewhere safe but accessible.
Don’t Forget Two-Factor Authentication
Regardless of how you plan to strengthen your password game, you should enable two-factor authentication, also known as 2FA, in all internet accounts that offer it. This protection requires sending a code or additional validation to another device (a text message or a phone pop-up notification, for example) when connecting.
SHARE YOUR THOUGHTS
How do you manage your passwords? Join the conversation below.
It must be enabled for each account that supports it. It’s very secure because even if hackers got your password, they’re unlikely to have the verification code needed to access it.
Often 2FA is sent via text message, although security experts warn that even your phone number can be spoofed if someone is serious about stealing your stuff. Many accounts now support an authenticator app, which can be more secure and works without any network connectivity. Google Authenticator is popular. I prefer Authy because it syncs codes across multiple devices, which helps if you lose one.
—For more analysis, reviews, tips and headlines from WSJ Technology, sign up for our weekly newsletter.
Write to Nicole Nguyen at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8