The internet and information security is not a new topic, but it's a great time to review your security settings. It usually takes a catastrophic event to cause people to take it more seriously. The alleged Instagram hacks that have been reported are a great wake up call.
I will share my thoughts and methods for online security, but also extreme security happens to come with a huge workflow and a time saving boost.
Many people will use the same password for multiple accounts, this is when you can really get into trouble. If one of your accounts is hacked, usually many follow due to this. So the first step is to use different passwords for all your accounts. Then comes the challenge of how in the world do you remember what's for what? Then, to make more secure passwords, it's very helpful to use cryptic passwords, which in turn makes it even tougher to constantly enter as you log in, etc.
My method is broken into two parts.
- The generation of cryptic passwords
- How to efficiently log in with them
First the generation, I use Gibson Research's password generator.
Password Generator
It's great because you can generate a few different types of passwords. I will often select a part of the generated password, if I don't want to or the particular login credentials have a character limit. Each time you refresh this page, it generates new passwords. These passwords are incredibly secure and for all intents and purposes impossible to "figure out". A "brute force" password cracking method running on a powerful server might take 200+ years to crack one... I think you're safe with it.
Partial Password Selection
Second, I use a plugin called LastPass.
It is a secure password manager, since it is their business, they are VERY secure against hacking. The beautiful thing about LastPass is that it works across multiple devices. S your desktop, laptop, phone, and iPad can all log into any of your accounts from anywhere with this plugin. Clearly you will need those devices to be secured, such as the fingerprint login security, in case you were to lose one of the devices. Should you lose a device, it's simple, change your LastPass master login credential, and you're instantly safe with all your passwords, provided you do this quick enough. The alternative is to have your devices not remember the LastPass master password, and you would enter that one password in, one time only when you log into that device and enjoy access to all your accounts.
LastPass, once you get used to it comes with a bunch of hidden little gems of productivity. Such as if you forgot the password to your Playstation Vue TV service, and you wish to log in at home from your Amazon Fire stick (which does not have access to LastPass), you can go to LastPass in your browser and copy the password from any account and paste it into a plain text document, and see the password.
It's worth noting that LastPass does have it's own password generator. I have been using GRC for so long that I am comfortable with it and I like the passwords it generates. You can't go wrong either way.
As I repeatedly say, I am a very big advocate for making every little thing as efficient as possible. This is great, because think of all the places we log in, Banks, Photo Labs, Blogs, multiple social media platforms, fantasy football, and so much more. By using these methods, you can have 30+ character cryptic passwords that are very difficult to crack, have a different password for each account, and log into all of them faster and easier than ever. It's a win-win all around that I have been using for years.
I use Enpass (enpass.io) for managing all my passwords, it's free for desktop use and a perpetual licence for mobile. It'll also sync between any device. Most importantly you can save your passwords locally or on a cloud service of your choice and you're not tied to a website.
It's one of the hidden gems that I've used for 3-4 years to manage, generate and monitor passwords.
I would absolutelly vote against propriatary solutions like LastPass which might do what they say, which also could send all your passwords in plain text to the operator, you can't know because you can't look into the program and check what its doing, and so can nobody else either.
I suggest using free software (free like in liberty) where you or someone else can look at the code and find out what its doing. One of those is KeePassX https://www.keepassx.org/ like LastPass it is also available for all your devices like your Mac or Windows computer and also mobile phones, etc.
It has also a password generator build in, but what it doesn't is sync between devices, it just saves a incrypted database file on the current device. You can sync this file yourself with iCloud, DropBox, GoogleDrive etc. But if you don't want to rely on a commercial operator you could do it like me and use SyncThing https://syncthing.net/ which does basically what DropBox does which is syncing files between devices, but it is free software (as in libre) and doesn't need a central server like the others do, it just syncs the files between the devices themselves peer to peer.
This way you can trust the whole chain because everything is free software and checked by many people so id doesn't do evil. A nice byproduct is also that everything is free as in beer, so you don't need to pay any monthly fee or anything and you can be sure that this software will keep working even after the other companies stop providing those services.
Thanks for your comment.
I've personally been using LastPass for many years with not one problem, and it's auto synced, makes things very easy moving from desktop to laptop to phone, etc.
Whatever you're comfortable with.
I kind of missed to write that but I totally am with you that everyone should use a password manager to be able to have a different password for every website/service.