Are online password managers safe? Here's the most secure way to store passwords
QUESTION: I’m concerned about the recent breaches at LastPass, so I’m considering a switch to 1Password. Before making the switch and deleting my LastPass account, what should I know, or should I be using a cloud-based password manager at all?
ANSWER: Password security continues to be one of the most challenging issues regardless of how tech-savvy you may be.
We all have a plethora of online accounts, which makes remembering every long, complex password impossible without some form of help.
The go-to for most is to use the same password on multiple accounts, which is extremely dangerous because of the constant threat of data breaches.
Anyone using the same password on multiple accounts can easily be compromised across all those accounts from a single breach to any of them.
Cyber scams happen often:Here's 4 tech tips to avoid cyber scams
A common refrain in the cybersecurity world is that there are three types of companies: Those that have been breached, those that will be breached, and those that have been breached but don’t know it yet.
Stolen credentials are routinely fed into automated bots that will use something known as ‘credential stuffing’ across thousands of popular online sites to see where else the password is being used. If you’re still using the same password everywhere, stop immediately!
Some form of a password manager isn’t an option but a necessity for every one of us.
Recent breaches at LastPass
In the past, I’ve recommended LastPass as a solid password manager, but several recent incidents (http://bit.ly/3HjCnyt) have understandably shaken the confidence of millions of users.
The CEO said that the cybercriminals acquired customer data, including names, email addresses, phone numbers and some billing info, and could attempt to ‘brute force’ the master passwords of the breached information.
The breach itself is unsettling, but concerns about how they handled the disclosure to the public (http://bit.ly/3QSjrK3) may be just as much of a consideration for those on the fence about switching.
Urgent measures for LastPass users
Whether you plan to continue using LastPass or switch to another option, you need to change your master password and all the associated passwords on all your accounts to play it safe.
The stolen passwords, though encrypted, can potentially be broken which would instantly expose you to a massive problem.
Since you’re going to have to go through all this extra work anyway, it’s a good time to consider an alternative if you don’t want to rely on LastPass any longer.
Exporting data from LastPass
The good news is that you can switch to a new password manager with relative ease using the export function in LastPass.
Here are all the specifics of transferring from LastPass to 1Password: http://bit.ly/3kqXKon or just the export instructions for use in any other program.
Should I stop using cloud-based managers?
The first thing to understand is that virtually anything you use for managing your passwords has inherent risks, so it's key to choose the option with the lowest risk.
We’ve established that using the same password everywhere has the highest risk, so anything else you choose will be more secure.
Creating a hidden file on your smartphone and/or computer (http://bit.ly/3ZOOScA) is exponentially safer than using the same password everywhere, but encrypting all your credentials is even more secure.
The ultimate question is whether a cloud-based service’s approach is more secure than whatever you’re doing now.