Image for post
Image for post
IMAGE: HaveIbeenpwned

Make life and security easier: use a password manager

Enrique Dans
Nov 22 · 4 min read

In the image, a fragment of the email I received this morning from the brilliant site created by security expert Troy Hunt, HaveIbeenpwnd, informing me of a problem with a service I haven’t used in a long time, 123RF: an intrusion that managed to take over the email addresses, user names, IP addresses, names, passwords (in principle encrypted), telephone numbers and physical addresses of more than 8.5 million users.

First point: this can happen to anyone. It is not even evidence that this site, 123RF, had bad security practices: practically any site is vulnerable if someone invests the necessary resources and time. This happens all the time, and the thing to do is simply to be prepared for when it happens.

The problem with this type of hack is that, generally, the stolen information ends up on several easily accessible sites, allowing anyone to download the file and then try to access accounts on other sites belonging to the many reckless people who still recycle the same password for different services or who use easy to guess rules to generate them.

A problem? Not for me. The password I was using at 123RF was generated by my password manager, LastPass, which I never knew (or wanted to), and of course, it wasn’t used anywhere else. In the event I might want to use 123RF again, I went onto the site, changed my password, and put in another, equally impossible to remember: 25 characters with numbers, letters and symbols, that would take a computer something like a hundred octillion years to figure out :-) criminals trying to try to use the previous password elsewhere would fail. As long as quantum computers are not in common use, I can sleep at night. If only I could solve all my problems so easily.

What do you know about your passwords? The first thing should be that all those absurd rules about replacing an “E” with a “3”, an “A” with a “4”, etc. don’t work. Today’s cybercrooks are much smarter. If you are going to start creating your own passwords, which I don’t advise, at least take a look at the recent research of this group of Carnegie Mellon scientists. If you want to know how long it would take a criminal to figure out your password, check out this chart, or enter it on this page, which claims not to save it or share it with anyone.

The second thing you should do is enter the email addresses you usually use on HaveIbeenpwned, which will tell you how many data dumps it’s on, and then not only change the passwords of these sites if they were services you used regularly, but also, think about whether you have recycled these passwords for other services (and if so, change them too). I’ve been using HaveIbeenpwned for a while now: I’m even using the feature that allows you to enter your email and get a warning when new security violations are made public, and I haven’t gotten any spam as a result. The latest versions of some browsers also warn when you enter a password on a site if that password has already been exposed or when you try to use the same password on several sites, and invite you to change it. If so, listen to them.

If you run an organization and are still following the classic rules for periodically changing passwords, stop now: all you are doing in terms of security is confusing your workforce, who will probably resort to writing their password down on a post-it stuck to their computer screen. You are not going to improve your company’s cybersecurity with these practices.

If you’re going to take your internet security seriously, then sign up for a password manager. There are many articles out there on which are the best to use, some of them are free. This way, even if the security of your password manager was breached, the criminals would only take away a useless list of encrypted passwords. From then on, you will only have to remember one password, so just make sure you choose that one well. I would also recommend choosing a password manager with a version for smartphone, and that you spend around an hour when you have installed it browsing all the services you use regularly and not so regularly to register them, as well as changing all the passwords you have for other new ones generated by the manager, which can be very long and impossible to remember or guess.

If you don’t want to use a separate password manager, you can use the one offered by most browsers. It’s not the best option, nor the most comfortable if you use several browsers, nor the safest, but it’s definitely better than using nothing or your cat’s name.

In any case, use the tools I have provided links for to at least diagnose your security level. We spend a lot of time online and shouldn’t allow criminals to test our security. Doing things right costs very little. Think about it.

Oh, and one final piece of advice: Even if, as is probably the case with most of the internet-savvy people reading this, you think your security practices are good enough, think about your friends and family. It is often older people who still use extremely weak passwords or just one password for everything. Better safe than sorry.

This article was previously published on Forbes.

(En español, aquí)

Enrique Dans

On the effects of technology innovation on people…

Enrique Dans

Written by

Professor of Innovation at IE Business School and blogger at enriquedans.com

Enrique Dans

On the effects of technology innovation on people, companies and society (writing in Spanish at enriquedans.com since 2003)

Enrique Dans

Written by

Professor of Innovation at IE Business School and blogger at enriquedans.com

Enrique Dans

On the effects of technology innovation on people, companies and society (writing in Spanish at enriquedans.com since 2003)

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store