password manager Archives

Why Do You Need Different Passwords?

Ophtek, password manager, Password Security, Passwork Checkup, strong passwordsOphtek, Password Checkup, password manager, password security, strong passwordsOphtek, LLC

Mar 2023

A password is one of the simplest and strongest ways to deliver high-strength IT security, but it’s also one which has the potential to cause great damage.

We use passwords on such a regular basis that their presence has become the norm. Logging onto your PC in the morning requires a password, unlocking your PC screen is only possible with a password and signing into your webmail needs, you guessed it, a password. In fact, such is their ubiquity, one study has estimated, on average, we use 100 passwords. And remembering all of these is difficult! Therefore, it comes as no surprise that many of us use the same password across multiple platforms. But this is one of the biggest mistakes you can make in IT.

The Dangers of Recycling Passwords

It may be quick and easy to recycle your passwords, but there are some major reasons why IT professionals advise against it:

One password means multiple hacks: once a hacker gets hold of, for example, your webmail password, you can bet your bottom dollar they will try it across multiple platforms. Accordingly, if your webmail password is the same as your PayPal password then there’s a good job your account could become compromised. Ultimately, using different passwords means that you minimize the number of accounts which could be breached.

Passwords need to be complex: rather than recycling passwords, some people favor site specific passwords e.g. using ‘password123gmail’ for Gmail and then ‘password123facebook’ for Facebook. While this may be enough to outwit an automated bot, a sentient threat actor will be able to easily put 2 + 2 together and uncover your strategy. As such, you need passwords which are both unique and complex.

Different passwords are easy: one of the most surprising aspects of recycling passwords is that it’s easy to avoid going down this route. Aside from taking the time to create a complex password, there are numerous automated options to help you create one.

Creating Different Passwords

As we’ve already said, creating different passwords doesn’t have to be difficult, and you don’t even have to remember them. All you have to do is:

Use a password generator: from Google Chrome to LastPass and on to security providers such as Norton, there is plenty of choice when it comes to using technology to generate a password. These applications take your passwords to the next level and will never suggest something as simple as Qwerty123. Instead, they will generate complex passwords which include numbers, mixed case letters and symbols.

Store your passwords securely: as well as acting as a password generator, many password apps also contain or link up to password managers. These secure devices store your complex passwords and take the pain out of remembering those 16-character passwords you struggle to remember. All you have to do is authorize them to fill in your login credentials each time you go to log in.

Final Thoughts

In 2023, there’s no excuse for using the same password across multiple logins. It’s a sure fire way to maximize the impact of a security breach, so you need to take the necessary steps to prevent this. Thankfully, the presence of password generators and managers mean that your passwords can instantly be upgraded and secured.

For more ways to secure and optimize your business technology, contact your local IT professionals.

LastPass Hit by Security Incident

Hackers, LastPass, Ophtek, password manager, Password Security, Security, strong passwordshackers, LastPass, Ophtek, password manager, security, vulnerabilityOphtek, LLC

Feb 2023

What exactly happened when LastPass, a password manager service, found itself at the center of a data breach? And what does this mean for your passwords?

Password managers provide a convenient service , one where complex passwords can be generated instantly and then, going forward, auto-fills when requested. LastPass is a successful example of what a password manager can do, but it’s a role which comes with great responsibility. Login credentials, after all, are often the difference between gaining access and being denied access to a user account. Therefore, password managers need to be sure the credentials they hold are highly secure.

However, as LastPass users are now finding out, password managers are highly tempting to threat actors, and far from 100% secure.

How LastPass was Hacked

Used by millions of users all over the world, LastPass has established itself as one of the leading password managers. Unfortunately, this credibility has been rocked by revelations that the service’s encrypted password vaults have been stolen by hackers. The attack – which took place in August 2022 – was ambitious, and its success even more so.

LastPass’ backup copies of their users’ password vaults were stored, apparently securely, on a third-party cloud storage platform. This, in itself, is nothing unusual; storing backup copies of secure data in remote locations is good practice. Nonetheless, once third parties become involved in storing your data, you relinquish control of this data’s security. And this is exactly where LastPass has fallen victim to threat actors.

While the mechanics of the breach remain under wraps, LastPass has had to admit that personal identifiers – including addresses, phone numbers, credit card details and IP addresses – are among the stolen data. The password vaults – which are encrypted – have also been stolen, so this means the threat actors are closer to knowing your password. And, given they now have access to your personal identifiers, it makes brute force attacks easier.

What to Do if You’re a LastPass User

LastPass has been keen to stress that, although stolen, the password vaults are secure due to the encryption protecting them. However, these encrypted passwords are now in the hands of an unauthorized party and means they are seriously compromised. Therefore, it’s crucial all LastPass users take the following decisive actions:

Change your LastPass password: your master password will be the password used to access the LastPass service, and this needs to be changed immediately. Any data breach means access has been compromised, so changing your master password is the first step to take. With your master password changed, you will instantly be reducing the risk of your passwords falling into the wrong hands.

Change all your stored passwords: the passwords stolen from LastPass are encrypted, but it makes bad sense to rely on this. Accordingly, we would recommend going through all your passwords on LastPass and changing them to new ones. With this completed, the details within the stolen password vaults will become redundant.

Make sure your LastPass password is not recycled: following a data breach, it’s always good practice to make sure your master password isn’t used on other platforms. For example, a threat actor may take your login details for LastPass and use a bot to automatically try them in thousands of different other platforms. As such, if you recycle your login credentials across platforms, you run the risk of these being compromised too.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The Best Free Password Managing Software: KeePass

Softwareaccount, keepass, password manager, securityOphtek, LLC

Feb 2014

Keepass is simple software to manage your passwords.

Computers such as desktop PCs and smartphones have greatly enhanced our lives, but they also bring about many inconveniences. One of which is managing countless accounts that range from emails to a simple PC login screen. Most people have the capacities to remember a few important phone numbers and maybe a few more pins or passwords for various services. However, when it comes to all the services and accounts that a person must manage on a daily basis, it’s often hard to recall what the screen names and passwords of these accounts are right off the bat.

Rock, Paper, Software

Many computer users, despite the advantages that the computer age brought about, are still using stickies or notepads to store their digital usernames and passwords. While this method of management isn’t at all a bad idea, it does come with quite a few inconveniences. We can go on and on about what these are, but if you can just conjure up some common sense you’ll realize that a piece a paper isn’t going to cut it (pun intended) in this day age.

Rather than risking losing all their digital account information in the blink of an eye (i.e. misplacing your paper notepad), a lot people are now relying on software-based account organizers. These account managers, aka ‘password managers,’ have become quite popular, as they are easily accessible whenever and wherever.

KeePass: Rock Solid Password Manager Without the Fuss

There are many password management options available, but nothing beats free—especially when it does the job. One such freeware (free software that is fully functional) is KeePass. This particular program isn’t flashy, but it is simple and extremely easy to use. It lets you store virtually all your digital account information in one place, and it even lets you synchronize this data with your Dropbox and Google Drive account. Just like a conventional paper notebook, you can record all your usernames and passwords into one place, and when you need to retrieve the data you can login into the program with a key file or just a password to obtain what you want.

Open Source and Free

Another nifty built-in feature of KeePass is its password generator. One of the best ways to keep your personal information safe is to secure it with a password that’s difficult to guess, and KeePass’ password generator will help you do just that.

Generate a password so hard even you can’t guess it.

KeePass is also open source, which means programmers (or overly enthusiastic computer users) can examine the program’s code to see if it’s safe for use, and they can even modify some of the software’s settings to fit their needs.

Onsite PC Solution recommends KeePass to all clients because it gets the job done, and with little hassle. Did we mention it’s completely free?

For more tips on how you can better manage your digital accounts and cloud services, contact our IT professionals.

Tag Archives: password manager

Rock, Paper, Software

KeePass: Rock Solid Password Manager Without the Fuss

Open Source and Free