How to get out of password hell and keep your family safe
Difficulty: Easy
One constant pain point for many people, including many leads of your favourite movies, is managing the passwords for the vast number of sites you can accumulate over the years. With a family, suddenly this can grow exponentially with every addition of a family member. Throw in the guidelines for password strength of memorised passwords, as recommended by the National Institute of Standards and Technology (NIST), things can get messy real quick.
This post provides some guidelines you can use for you and your family, including focusing on two solutions from the major players in the browser market. Apple and Microsoft.
Password Guidelines
The National Institute of Standards and Technology (NIST) have general guidelines for dealing with passwords.
Don’t rely on passwords alone to protect anything you value
Anything like your Bank Account, personal government accounts should be considered highly valuable and as a result, you should be enabling a second level of security on top of a secure password. When you sign in to your online accounts you authenticate with the service you are using. Authentication is the process of recognizing a user's identity usually done by providing a username and a password (first factor). This is where "Multifactor Authentication" (MFA) comes into play.
Multifactor authentication, sometimes referred to as"Two-Step Verification", is a second factor proving who you are. For more information on. this can be found in "What is: Multifactor Authentication".
It works like this. You will enter your password as usual whenever you login to that service e.g. Google Gmail. Then, a code will be sent to your phone via text, voice call, or our mobile app, and you will proceed to provide that code or validation to the service you are using. Some examples of software to support MFA:
Use a phrase with multiple words
The recommendation is to use a phrase with multiple words. The reasoning for this has been detailed in the site https://www.useapassphrase.com/. You want a password that is difficult to guess but easy to remember.
Protect your most important accounts
Protect your most important accounts link Banking and primary email. Your email is considered important as it can be a gateway to other services.
Give each a unique passphrase and use the tools to manage them. If someone figures out your password for one account, it's possible they could get access to your personal information or other online services like shopping or banking. This also reduces the chances of identity theft and ransom attacks by hackers.
I would go to the extent of giving every service a unique passphrase and you can manage this through one of the approaches I have included below.
“When a bad guy steals your password, they could lock you out of your account, and then do some of the following:
* Go through – or even delete – all of your emails, contacts, photos, etc.
* Pretend to be you and send unwanted or harmful emails to your contacts
* Use your account to reset the passwords for your other accounts (banking, shopping, etc.)”
Use a Password Manager application to manage your passwords
There are various password manager applications available (some free) that will help you manage your passwords. Some examples are Keeper and LastPass. Most have a free offering and you can then pay for additional features not provided in the free version.
There is usually a family management feature that is useful when you need to manage and share the passwords of your little ones with your partner. Both of the mentioned examples Keeper Family Plan and LastPass Family Password Manager have this feature usually at a cost. And they also have the option of trialling out the feature for a short period.
Use your browser to remember your passwords
With the services now being provided by major browser vendors its possible to simply log in to the service via your browser as explained below and prevents the need to continuously reference your passwords. Or worse, fall into bad habits such as using the same password for multiple sites.
I highly recommend you create unique login's for each of your users which will ensure only the person who is authorised to the site has access. It's also important to secure your own user login with an appropriate password that no one else knows.
Google Chrome browser
Google has Smart Lock which you can access as part of creating a Google Account. This allows you to sync passwords across multiple devices. You can also manage save passwords from the web by visiting https://passwords.google.com/
Apple Safari browser
By using iCloud Keychain, you can find, change, or delete saved passwords in Safari on your Mac, and keep your passwords updated across all of your devices.