Yet Another Data Breach: Why Password Managers Should Be Mandatory

"Security experts said the discovery of Collection #1 underscored the need for consumers to use password managers, such as 1Password or LastPass, to store a random, unique password for every service they use. “It is quite a feat not to have had an email address or other personal information breached over the past decade,” said Jake Moore, a cybersecurity expert at ESET UK."

Written by Bo Elder on Thursday January 17, 2019 - Permalink - Tag: technology

Background reading: Largest collection of breached data ever seen is found

Password managers are programs that store your online account credentials in a secure and encrypted manner and they are becoming a mandatory tool that everyone should use. Most browsers will offer to store your passwords, but password managers can offer a lot more functionality than these built-in browser tools. I use 1Password day-to-day, but only because I am grandfathered into their standalone product and have been using it for well over a decade. Currently, the software is subscription-based, and I'm not a fan of that model. LastPass is another popular password manager, and it works the same way, as a subscription-based model, but does have a free version that has less functionality, and fewer features.

If I were to be starting fresh, my choice would be Bitwarden. Bitwarden is an open source product that is free to use. It uses non-proprietary encryption to secure your vault of data, and the software is regularly updated. And because it is open source, the source code is constantly reviewed by many developers who are always refining the code, and patching any security vulnerabilities that are found.

All of these products, including Bitwarden, have plugins/extensions for your browsers and apps for your phone so that your passwords are always available and up-to-date no matter what device you're using. As I tell everyone when discussing password managers: I only have to remember a single password - yes, it's a complex password with no words in it - which unlocks my vault of passwords. That's it.

I cannot tell you a single one of my passwords - not even one, but as long as I can remember my master password, I won't ever need to. The browser plug-ins/extensions automagically fill my username and securely stored password on any website where I have an account.

Extra credit/homework: Find out whether or not your email address has been found in these data breaches; go to 'Have I Been Pwned'. This is a website that helps to track if your compromised login data has ever been found 'in the wild'. If you create an account here, they will email you as soon as your data is discovered in any breaches going forward. I've had an account here for years, and fully recommend it.