Another year, another password!
Happy Password Day 2021! The number of online services that require a password these days is growing. More and more services we use every day are becoming available online. So what do you do?
The Single Password Problem
Typically people will use a single password they’ve had since they first started signing up for online services. Similar to the passcode for their cellphone, something easy to remember. It makes sense, as humans we very much want things to work and not have to put a huge amount of effort into something that we have to do each day, hour or minute. But this only really works when you don’t re-use the same code or password for other devices or services.
As an example, the only code I had to remember when I was 16 years old was my bank pin. I didn’t have a cellphone until a year later, and even then locking my phone wasn’t a thing until I was in my twenties. Again, this was the early 2000’s when Motorola flip phones were the craze. Then comes the iPhone 3 and the lock screen. Now I have two pins to remember, of which I think most people use the same pin for their banking as their phone. Next was buying a home with an alarm or a garage door opener. You’ve now gotten to the point of trying to remember four different pin codes, it’s not terribly hard but why not just use a single pin? It would be easier to remember, and less error-prone. You can also share it with others who might need access to your phone, garage, or house. But that means they can also access your bank account. Now you see the dilemma.
Granted at 16 years old I had lots of online passwords, but they were pretty much the same across the board with a couple of variations. I also would write them down on paper somewhere or in a file that could potentially get deleted, or the computer it was on crashed or was stolen.
Online Service Data Breaches and Data Dumps
In recent years, online services have been hacked and their user or customer databases dumped online. The data dumps revealed information about users or customers such as full names, email addresses, banking information, addresses, and sometimes passwords. A little piece of someone’s information from one service and a little piece from another. As more and more data dumps occurred, more data was available to generate a profile of a specific person. The gold was passwords and emails, which we use to log in to these online services. If they repeated, then it was clear that the person was using the same password for multiple online services. Even without passwords, there was enough data leaked that an attacker could potentially reset passwords for some online services.
Since these data dumps were available online, security researchers started downloading the data and analyzing it. That’s when it was discovered that not only are people reusing the same password for multiple online services, they’re also using insecure passwords.
Enter Have I been Pwned! a service by security researcher Troy Hunt that takes data dumps that have been released online, processes them and informs users if their email address was included in the breach. The service also keeps track of online services that have had data breaches. Any person can see when the breach occurred and what data was leaked online. This service is also used by companies like 1Password in their Watchtower service that informs their customers if a website login they have in their account was affected by a data breach, or if the password they’re using is similar to a password found in a data breach.
Enter Password Managers
Password Managers have been around for some time, and it’s hard to say when the first Password Manager was created. That’s a whole other topic for another blog post! The idea behind a password manager is that it stores all of your passwords in one place, at least that was the original inception of a password manager.
More features were added such as encryption of the password file, storing secure notes, and eventually storing One Time Passwords (OTP) for two-factor authentication (2FA). The biggest change was encrypting your password manager’s vault with a single password, hence the emergence of the software product 1Password. You would only need to remember a single password to gain access to all of your passwords. Paired with a password generator, you could then generate a unique password for every online service. If one of them was hacked or compromised, the password would only work for that one service. Leaving the rest of your online services protected.
The biggest step forward was moving the storage of encrypted password vaults to the cloud, allowing you to access your passwords from any device while also having password changes or additions synced instantly.
Password Manager Options
Personally, I use 1Password, but there are many others on the market such as LastPass and Bitwarden. You can read more about data security on our Confidential Data Sharing page.
Currently 1Password is offering 50% for the first year of 1Password for Families. This works great if you have a partner, parents, or inlaws. You can even save and share full notes, addresses, and more! Use the link below to get your 50% off!
If you have a business or team that needs to regularly share passwords. 1Password is offering 3 months free if you start with a team or business account. They also offer free family accounts for your team!
