One of the many ways you can have your account hacked is through password re-use. You have a favorite, easy-to-remember password that you’ve been using for years on all the forums? Do you use that same email/password combo on FB or Univair? Let’s say I’m a hacker and I managed to download the unsecured database of usernames/emails/passwords from some mom & pop e-commerce website. Old software, maybe slightly homebrewed. The passwords were stored in clear text (not ecrypted) in the database. Now I’ve got your email address and at least one known password. I think I’ll look for clues by Googling and try your login on another site, maybe with additional valuable information. Eventually I’ll climb my way up to your online banking site.
Don’t re-use passwords.
Luckily, there’s tool that can make account logins easier to manage and more secure: The password manager. There are several options such as OnePassword, LastPass, Bitwarden, Safeguard, and most modern web browsers have them built in. The concept is the same, though. You just have to use it.
You set a master password for your vault, a password you have never used before and will never use anywhere else. Commit it to memory. Write it down on a sticky note if you need to for the first week until you’ll never forget it. Then eat that sticky note. That master password is the key to your kingdom.
The password manager will let you specify a recovery email and a hint phrase to jog your memory in the event you forget, but this is last ditch.
I went with Bitwarden Personal because at the time the free plan was pretty good(still is), and it supports multiple platforms across desktop, web browser, iPhone and Android. Here are the ways I use it, and I suggest you adopt these practices too:
1. Storing login credentials
Every time you create a new account, or even change the password of an existing account, store it in your password manager. In the case of Bitwarden, there is a browser extension (Chrome, DuckDuckGo are the ones I use) that allows me to autofill the username/password by right-clicking in the login field(s). A dropdown appears and I can select the account I want to use for the login. It takes 2 seconds. No typing.
2. Create long, complex, ridiculous passwords
While it’s crude, passwords can be cracked with brute force, i.e., using a dictionary attack or trying every permutation of character combinations until eventually the right one guesses it. This takes massive computing resources once you get beyond 12 or 16 characters. A good password manager has a password generator built it—it creates a random string of letters, numbers, and punctuation symbols that is pure gibberish to the naked eye. it doesn’t matter, you don’t need to remember these passwords. That’s the job of the password manager. You only need to remember your master password.
3. Use a different password for every login
It doesn’t matter what it is—if it’s a different account, use a different password. Add a new login in your password manager and create a complex password. Save it. You only need to remember your master password now.
4. Use it on desktop and mobile
This is where it really shines—having access to all your passwords across platforms. If you enable a biometric authentication method like face ID or fingerprint unlock, you can use that to skip past the master password entry. It becomes very fast and convenient, but there’s always a catch—if you’re mugged, you can’t hide your face from a bad guy. I heard a horror story where someone had their bank account cleaned out via their mobile banking app this way. Smart mugger I guess.
I’ve noticed in recent months the BCP login session shortening. I think this is due to some resource issues on the backend. It’s still better than the Barnstormers session length...
Using your password manager makes it a non-issue.
