Everything on the internet now has some form of user login, be it Google, Microsoft, your favourite game or even your energy provider to view your account and bills. Passwords are a key part of using the internet and most people are not secure or safe with their passwords. I'll be taking you through how to best keep track of passwords and never forget your login details again and how to make your accounts much more secure with two factor authentication.
First thing is password management. Many people are guilty of using the same password over and over again because it's an easy and memorable phrase or word, making your odds of a security risk considerably higher. Some people use a variation of the same password which is more secure but then you run into the issue of trying to remember exactly which variation was used for each account, potentially leading to a lot of reset passwords or locked accounts if you can't quite remember the right one.
This is where a Password Manager comes into play. There are many password managers out there and I will detail a few with a couple of pros and cons for each. First off a password manager is exactly what it says on the tin, it manages all of your passwords. This is usually done by having a master password to allow you into your vault of passwords meaning you only need to remember one very secure password to allow you access to all of your other passwords and account information. The password manager also generates passwords for you so all your accounts are far more secure than your average password. So if you use a password manager you only ever need to remember one password which is far easier than trying to juggle hundreds of different passwords in your head.
A couple of examples that we at GoodBiz can recommend is LastPass, KeePass and also Zoho Vault if you are already using Zoho One.
We'll start with KeePass, this is the most secure password manager of the 3 as this is completely offline and all of your passwords are stored on your machine in an encrypted file known as the database. This can only be accessed via the master password set up with KeePass. This is great for those that are meticulous with backups and have multiple ways of restoring any file on your machine like having a CrashPlan account and/or having a local backup stored on site. This is not so great for people that aren't keeping regular backups or copies anywhere as if the database file is lost so are all of your passwords. This is as close to having a diary of passwords locked in an encrypted safe as you can get but like in the real world, if you lose your diary you can't get them back if you didn't make another copy
This is where the other 2 come in where they are easier to maintain but a little less secure, however still much more secure than not having one at all. LastPass and Zoho Vault are both an online service that allows you to autofill and update all of your passwords while browsing the web with a little chrome extension app and mobile app too. It is almost the same as KeePass in principle where you have one master password to give you access to all of your passwords and accounts but this time your data is stored online and not on your machine. This makes accessing your own passwords easier from any device but also means it's easier for others to access too if you're not careful. Be sure to set a long and secure master password so that it mitigates the risk of your account being hijacked. By in large the risk is incredibly low but is never zero with anything online. These apps also come with a few extra security features like checking that you havent been using the same password more than once or if your username and/or password has been used on a particular website that has had a data breach or found on the darkweb, the place where all sorts of unpoliced, unregulated and illegal activities take place.
If you are someone that is very security focused KeePass is the most secure option but you need to remember to keep backups of your database somewhere else. If you are someone that wants something far more secure than just remembering their passwords and easier to set up and use than KeePass to keep your business and personal passwords secure then LastPass or Zoho Vault will be the way to go.
Now how can you double down on security just in case someone somehow does get a hold of some of your passwords or maybe even your master password? This is where two factor authentication (2FA) or even Multi-factor authentication (MFA) comes in. 2FA/MFA is not a particularly new thing in the online space but has been increasingly more popular in securing your different accounts. 2FA is where when you log into an account from a new device, browser or location you receive a notification to authorise the log in from a different medium like a Text or email with a code or an authenticator app linked to your account like Google Authenticator, Twilio's Authy app. MFA takes things a bit further where it takes multiple steps to authorise a login to make even more secure than 2FA like Zoho's own OneAuth MFA app which needs a finger print or unlock code as well as selecting the correct number that is on screen in their Zoho apps. All these MFA/2FA security measures are just like the card readers that banks issued to authorise payments that gave a code you had to enter online to make sure it is you that is wanting to access to your account. They are all very straightforward but this extra step makes it incredibly hard for unwanted guests to access your accounts as you can verify the login from another medium. This is almost as important as having a password manager and in some cases more important as if anyone trying to gain access to your account needs both your username and password and your 2FA account to access your account, making it incredibly secure.
One caveat to this is not all services support 2FA but with increasing demands for security most account containing sensitive information like your card details or anything banking/payments related is quickly adopting a mandatory MFA system