Password Managers: Just Do It!

Internet security is a concern we hear expressed frequently in our forums. In general, password management tools are the best answer to abiding by the number one rule of internet security - NEVER EVER USE THE SAME PASSWORD TWICE!

This warning applies doubly so to RVers and Cruisers who are often connecting to somewhat marginally secured public WiFi networks at campgrounds, rest areas, and even truck stops.

MIA member Nina of Wheeling It has published an excellent overview on securing online passwords and using a password management program. Do yourself a favor and go read her article now. Her advice and recommendation are spot on.

Here are a few additional tips and details to expand on Nina's post:

  • Nothing Beats Random: A typical 8 character password derived from words, numbers, and punctuation is simple for hacking tools to guess. But a long randomly generated string is essentially impossible for even a supercomputer to crack. Compare "blink183!" with "9c9=mvEzVTAY/pBQ". The second one is fundamentally safe, the first one isn't at all.
  • No Repeats Allowed: If a site you use gets compromised, every other location you use the same password is now compromised too. This is how most people get burned by hackers - the password database from one site gets stolen, sold, and soon millions of names, email addresses, and passwords are published in the dark corners of the internet. These lists become fodder for less skilled hackers to go play guessing games - trying variations of known passwords over and over and over on thousands of other sites looking for a match. Hacking tools make this easy to automate. But if you never use the same password twice, one site getting cracked doesn't expose you to this chain reaction risk.
  • Use A Good Tool: Unless you are Rain Man, you will never be able to keep track of of dozens or hundreds of unique long random passwords. A password management tool does that hard work for you, and all you need to do is remember a single master password that protects your entire database of other passwords. These tools even synchronizes your passwords across multiple desktops, laptops, and mobile devices - making juggling passwords as painless as possible.
    We have long been fans of 1Password, an absolutely great password management system that has a huge following in the Apple universe, but which now also supports Windows and Android as well. Nina chose LastPass as a password management tool that best fit her needs. Dashlane is another highly regarded tool worth looking at as well. And if you are an Apple person, iOS 7 and Mac OS X Mavericks actually have basic password management built in - iCloud Keychain.
    Do be wary of bargain-basement password managers however - there are a lot of them out there, but unless they have a few PhD cryptographers on staff I wouldn't trust them to stay ahead of the bad guys. This is advanced stuff at the bleeding edge of computer science - make sure you trust your secrets to a team that really knows what they are doing.
    1Password's Password Generator

    1Password's Password Generator

  • Avoid Honestly Answering 'Insecurity Questions': A super-secure password isn't much use if a hacker can reset it by guessing your high school mascot. We wrote an article full of advice on how to avoid making yourself an easy target by creating a fictional identity to use for answering these so-called "security questions".
  • Be Extra Paranoid about Email Accounts: Many sites have password reset processes that will email you a new temporary password... But if your email account is compromised and under control of a hacker, they are actually sending a gift wrapped box of tasty snacks straight into the shark's mouth! To avoid this, be especially paranoid about making sure that your email accounts are secure and have unguessable passwords.
  • Two-Factor is Your Friend: Sites that have two-factor authentication enabled can't be accessed even if a hacker gets your password. In addition to your password, two-factor sites requires you to also first authenticate using "something you have" - for example by sending a txt message to your phone. For a list of sites that support two-factor authentication, check this Lifehacker article and this website. It is very important when using a cloud-based password manager like LastPass to use two-factor authentication along with your master password, otherwise if your master password is compromised all of your passwords are too. Password managers like 1Password that don't rely on a cloud service don't benefit from two-factor in the same way however - this article explains why.
  • Be Prepared for a 'Very Bad Day': Think through what you will need to do if you ever have your computer and your phone stolen at the same time. If you can't log in from a friend's machine to even check your email because your password manager was on the lost laptop, and your phone isn't around to two-factor authenticate, and you can't remember the fake answers to the insecurity questions to trigger a password reset, and...  Or worse.
    Have a disaster plan for getting your online life back together when the absolute worst happens. Have a printout of a few key passwords stored in a friend's safe, and a backup of your password database saved somewhere too.
  • Have an Intentionally Insecure Burner Password: So many lame sites force you to create an account to even look around. If you know with certainty you will never ever give one of these sites any personal information, and if you could care less if a hacker ever gets in under your name - do feel free to use a quick and easy intentionally insecure password to temporarily log in. I know people who use "12345678" or "password" or "idon'tcare" or "h4ckme". Just be sure to change it to something secure once you decide that the site isn't just some passing fad.
  • Need to Remember a Password? Staple the Battery: For passwords that need to be both secure and memorable, a long random password from a password manager will never do the trick. One great trick for coming up with a truly secure password that can be remembered involves picking four random words from the dictionary. This technique was beautifully illustrated by the comic XKCD:

XKCD on Passwords - This is GREAT advice!

Get the Book

Yes it is a headache to follow these tips, but if you use the right tools and make using them a habit - you can minimize the pain.

And a little bit of pain now sure beats the alternative down the road.

Stay safe out there!

Members, Please Log In to Comment on this Article.