The Passwords You Keep Using Are Already In The Hands of Hackers
Even Google’s tired of internet users who show a fundamental inability to create decent passwords and keep them up to date, which, to be fair, is pretty much anyone not using a password manager.
Google is so sick of seeing the same tired passwords (including the ever-popular password, “password”) being used time and again, that’s why it’s introduced a Chrome extension designed to kick us up the proverbial butt and remind us to change vulnerable logins.
Oddly enough, however, research conducted during the first month of Google releasing its Password Checkup extension indicated that over 25% of users carried on using the same repeated and outdated passwords even after numerous warnings. And they say stranger things have happened at sea!
The Dangers of Password Apathy
We all know about hackers and have been told time and again about the best practices for online security, but when it comes to generating a new password for our online banking service or email account, we’re all too likely to revert to using our pet’s name or our mom’s maiden name. Sadly, this is no longer considered secure enough to keep the cyber threats at bay.
While coming up with unique, strong passwords is a serious challenge for many internet users and especially those with many different accounts, another difficulty is trying to remember them all. Randomly generated passwords like “tslnvN8NhHouqxz” for instance are virtually impossible to remember unless you’ve total recall, which is why many of us revert to the tried, tested and already hacked passwords of yesteryear.
According to Google, “Out of roughly 21 million login credentials that were scanned using the extension… roughly 316,000 were flagged as unsafe”. It turns out, there are still over 20 million people relying on the good old “123456” to protect their data so it’s unsurprising that hackers continue to reap the rewards of our poor cybersecurity practices.
Whether it’s an online financial service, your Electronic Federal Tax Payment System account or dating site login, failing to secure your information with an effective password could have some serious consequences. Take the Marriott Hotels data breach that compromised the details of 383,000 people, including their passport numbers and email addresses, and leaving them vulnerable to identity theft.
Why We Cling to Passwords Past Their Sell-By Date
Although Bill Gates predicted the death of the password over a decade ago and yet here we are in 2019, trying to stay on top of numerous accounts and their associated login information. Gates was right insofar as he said, “People use the same password on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure”. All true but we are still heavily reliant on passwords and are forced to carry that increasingly heavy burden.
According to one report, people’s online behavior is primarily driven by fear and the fear of a data breach does positively influence the behavior of some. The fear of forgetting a password, however, is far more influential, causing 59% of people to reuse the same password over again.
A study of the psychology of passwords revealed that we develop many of our poor online practices because of the challenges we face in creating, learning, and remembering passwords. These bad habits include:
- Creating passwords with personal significance (like your name or date of birth)
- Using passwords that are too short
- Reusing the same password on multiple accounts
- Keeping a physical record of a password
- Using overly simplistic passwords
The fault doesn’t all lie with the user, however, and the demands of security-conscious sites with their restrictions on password length and structure are contributing to our password fatigue. Changing the way we think about passwords can help to combat this and research indicates that mnemonic techniques can help us create secure yet memorable passwords. For instance, the first letters of a song verse “can be as memorable as simple words and as secure as random strings”.
Perking Up our Password Practices
Aside from Google Password which simply admonishes you for having weak or easy to crack passwords, other sites offer more proactive advice, including instructions on how to create the perfect password. Some of the top tips for improving password strength include:
- Increasing password complexity by using longer passwords that contain a variety of numbers, letters, and symbols
- Avoid reusing passwords
- Use two-factor authentication where available
- Don’t write your passwords down and don’t use post-its to save it on your computer screen
- Change your passwords regularly
- Forget everything and use a password manager
While better practices can improve our online security and stop the Chrome Password extension from shouting at us, there is a much easier alternative available in the form of a password manager.
These simple cybersecurity tools not only generate random passwords but also remember them, offer them up when they think you might need them, and sync them across multiple devices.
If you’re going to put your sensitive login information into the hands of a password manager, however, you need to know it’s going to keep them safe and respect your right to privacy. To help you out, we’ve compiled a list of the best password managers of 2019.
The Best Google Password Managers
Two-factor authentication and zero-knowledge cloud storage make Dashlane one of the most secure and trustworthy ways of keeping your passwords in order and out of the hands of hackers. An abundance of features takes the hassle out of good password practice and boosts online security.
Dashlane includes a password generator as well as storage and autofill options. The identity dashboard gives users an overview of their online status and notifies them of recent data breaches. Advanced tools include secure sharing, so you can exchange account credentials with colleagues, friends and family members without compromising the security of your passwords.
Cross-platform compatibility means you can use Dashlane on a Chromebook as easily as you do on a Mac. Dashlane a free password manager available that will store up to 50 passwords on a single device and includes the basic functions of form autofill, password generator, two-factor authentication, and emergency contact access.
Those signing up for a premium Dashlane plan get the additional benefits of a VPN, dark web monitoring, remote access to their accounts, and priority customer support. Given that the premium package costs just $4.99 per month, that’s pretty good value for money. Dashlane’s Premium Plus package costs $9.99 per month but includes both credit monitoring and identity theft insurance and help in restoring a stolen identity.
#2 True Key
The best password managers combine ease of use with superior security – two things the grandfather of cybersecurity, McAfee, knows a lot about. Unsurprisingly, then, McAfee’s password manager, True Key, uses the latest AES 256-bit encryption and multi-factor authentication to protect you and your sensitive data.
While not as feature-rich as Dashlane, True Key is a simple and effective password management tool that’s available for free if you just want to store up to 15 passwords, or at the cost-effective price of $19.99 per year for unlimited storage. One of the unusual features of True Key’s free password manager is that it allows you to store information across an unlimited number of devices, whereas most free password managers restrict you to just one.
True Key focuses on the fundamentals of online security, including password management, the creation of strong, unique passwords, and a digital wallet in which to store passport and social security numbers, credit card details, and other sensitive data.
By prioritizing multifactor authentication, True Key is fast-approaching Bill Gates’ vision of a password-less online existence and its mobile apps support both fingerprint and facial recognition. This is augmented by the Trusted Device feature that asks for a second verification factor if you log in using an unfamiliar device.
With a range of packages designed to suit the needs of individuals as effectively as families and businesses, 1Password has some of the most comprehensive password management solutions currently available. The same AES 256-bit encryption keeps your sensitive information shrouded in secrecy while the Watchtower feature keeps you up to date with the latest data breaches and alerts you to any vulnerable passwords.
An unusual feature of 1Password is its Travel Mode which removes sensitive data from your device for the duration of your journey, after which it can be restored with a single click. Although there is no free password manager available from 1Password, you can take advantage of its 30-day to get a feel for its capabilities.
Although powerful, 1Password keeps its pricing reasonable, with an individual account costing just $2.99 per month and giving a single user the benefits of secure password protection and management, as well as 1 GB secure storage and two-factor authentication.
The family package covers up to five people and allows for the seamless sharing of account credentials, secure notes, and credit cards. Priced at $4.99 per month, 1Password’s family plan is more expensive but is also more functional, with options to create a personal vault and configure shared access to give children the freedom to browse while remaining safe online. 1Password also has password management solutions for teams and businesses which include shared vaults and additional secure storage.
Whether you’re looking for a password manager for yourself, your family, or your business, 1Password’s specialized plans are worth considering. If that’s enough to convince you, why not sign up with 1Password today? If you’d prefer to get to know this password manager a little better before taking the plunge, check out our full review here.
The first thing to love about RoboForm is its awesome name which immediately brings to mind a crazed cyborg dashing through cyberspace destroying vulnerable passwords as he goes. The real RoboForm is a little more professional with management and syncing options making it both user-friendly and efficient.
RoboForm excels at auto-filling online forms and password organization and management. Notable features include offline access, multi-factor authentication, a tool for checking password strength, emergency access, and options for storing bookmarks and contacts safely as well as passwords and credit card information.
The free password manager RoboForm offers gives personal users unlimited logins, autofill capabilities, password auditing, and secure sharing options. The paid version, known as RoboForm Everywhere, is competitively priced, starting at $23.88 per year for an individual subscription, and $47.75 for a family package. RoboForm is also one of the few password managers offering multiyear subscriptions so you could save 10 to 16% by making a long-term commitment.
RoboForm also offers a little more versatility when it comes to browser compatibility and is one of the few to have developed a browser extension for Microsoft Edge. It is also compatible with all the major operating systems, like Android and Windows.
In the past, the only aspect of RoboForm’s service that doesn’t quite cut the mustard was its customer support but even this seems to be improving. A comprehensive online support section is packed with pertinent information and FAQs while user manuals can be referred to on the website or downloaded for future reference.
Using the same cutting-edge encryption as our other best password managers, RoboForm is as secure as it is easy to use so why not sign up with RoboForm today and give your online security a boost. Alternatively, you can read our full RoboForm review here.
Conclusion to Chrome Password Extension
While Google’s efforts to improve our online practices and password strength by introducing its Chrome Password extension haven’t gone unnoticed, they’ve also proved ineffective. Alerting users to the weakness of their passwords doesn’t seem to provide enough motivation to make them change their apathetic approach to online security.
While there are ways of introducing better cybersecurity practices, improving your password policy, and reducing the risk of hacking and identity theft, using a password manager is the easiest and most effective way of staying safe online. Not only can you rest assured that your passwords are as strong as they can be, but you also get the benefits of secure, encrypted storage, and not having to remember anything ever again.
The best password managers allow you to sync passwords and other secure information across unlimited devices and even share important data with others without exposing your passwords. Using a tool like Dashlane means you’ll never suffer from password fatigue again nor fall back into complacency when it comes to storing and sharing sensitive data.
By all means, give the Google Password tool a try but don’t expect it to magically revolutionize your online security – you’ll need one of the best password managers for that.