You should start using a password manager

In 2019, technology is changing with each passing day, and cool equipment such as flying taxis are under development. However, the password problem that plagues our online life still exists. A security survey recently released by Google showed that 52% of the respondents used the same password for multiple accounts. This is understandable given the difficulty of remembering all letters and numbers. But it is worrying that 13% of respondents even use the same password for all accounts, which is very dangerous.

About one-quarter of respondents said they used a password manager to solve the problem. This finding reminds us that password managers such as 1Password and LastPass are effective, although not perfect, solutions to personal cybersecurity problems.

Password Manager has two main functions: automatically fill existing passwords, and more importantly, it can generate and store long and complex random passwords. Browsers like Chrome and Safari also have this feature (for example, Apple saves passwords in iCloud keychain). If you are primarily using a single system (such as iPhone, Mac, and Safari), the features that come with these browsers are sufficient.

But third-party password managers can run on multiple platforms (from applications to different browsers, including Google and Apple products).

The real security advantage lies in the lengthy and complex passwords generated by the password manager, which is definitely safer than any password system you think of yourself. “For most people, maintaining good password security habits is very difficult because there are so many accounts they need to manage,” said Shuman Ghosemajumder, chief technology officer at cybersecurity firm Shape Security.

One important reason worth considering using such services is that millions of emails and passwords have fallen into the hands of criminals who may try to exploit this information. For example, a list called "Collection #1" is said to contain more than 700 million email addresses and about 21 million passwords. This data is not derived from a single security breach, but the result of multiple security breaches accumulated, and criminals will try to use this information to log in to accounts they should not be accessed, such as banking websites. This strategy is called credential filling, and in 2017, an average of 80% to 90% of retailer website traffic comes from such attacks, according to an estimate by Shape Security [PDF].

But if each password you use is different and complex, the password leaked in one vulnerability will be completely useless on other websites. Want to further strengthen security? Physical devices like YubiKey or Google Titan security keys can help improve the security of two-factor logins.

Password manager is not perfect, and there are some shortcomings in user experience - for example, using a system like 1Password requires you to first provide it with an existing password and then change that password so that it creates a new password for you.

Nevertheless, even an imperfect solution is better than the password scheme you keep in mind. “Any non-security expert should use a password manager instead of relying on any manual system you think of,” Ghosemajumder said.

The above is the detailed content of You should start using a password manager. For more information, please follow other related articles on the PHP Chinese website!