The day of using a single password is over.
The day of using a birth date password is over.
The day of using a child’s name as password is over.
Internet Security? What Internet Security?
It’s a new world out there and it sure is scary as hell!
I use to be one of the crazy ones. Yes. I freely admit it. I use to use the same single password for EVERYTHING! And in all my time on the Interwebs, I never had a problem; except for an issue where my password was hijacked while logging into an Apple website. Other than that, I’ve been exceptionally fortunate.
There are those who fared less well. But I’m not here to tell you horror stories of stolen identities, etc. I’m also not here to compare password apps; there are plenty of other articles on the webs that will do a better job. This little ditty is more about my reasoning for now having a different password for every login on every website and what I’m using. It may not convince you, but I feel a lot better, and a bit safer; though even that may be an illusion.
Let’s all face one real truth of the Internet: Our safety is less in our hands than we’d like.
We see it every day … yet another website is forced to admit they had a security breach and some of our precious data has been stolen by another evil entity. I have had it happen several times. Even our government, banks, credit companies, or public utilities are not secure enough. I can’t tell you how many free Experian or TrustedID accounts I have because a multitude of these entities have had data breaches. It’s a sickening trend, and one there should be stricter laws for.
But I digress.
Between companies who blatantly gather and sell our information just for visiting their website, or those who have been breached for lack of security, I’ve come to this conclusion: Though my personal info may not be secure out there, and I must rely on others for that security, there is one thing I can do—I can be responsible enough to realize a single reused password is no longer good or secure enough.
There are now many more tools out there to help us create and store passwords, on our computers, and our phones, than ever before. It’s now even built into macOS and iOS with iCloud Keychain. I now use iCloud Keychain more and more because of how integrated it’s become with the underlying OSes and it’s ease of use. I also use AgileBits 1Password. I’ve been a 1Password user since v1.0. I can store software licenses, passwords, credit card numbers and associated security codes, and so much more. And I have. But one of the things I never used was its password generator. Call it craziness. Call it laziness. Call it that feeling of imperviousness. But in this day and age, I really do have to put on my big-boy pants and make a conscious effort to give myself and my data a better chance of survival out there.
Very recently I made the jump from paying for every 1Password update, to biting the bullet and going with a yearly subscription. I hate the subscription model for most software—but—I figured in the long run, it really was less expensive with a 1Password subscription. The programmers at 1Password are ALWAYS updating and improving the software. And the new version 7 of 1Password is a big upgrade, both the user interface, and under the hood. The list of features is now mind-boggling. The recently added “Watchtower” feature is wonderfully amazing and maybe a bit magical. Between that, the password generator, and storing all my passwords on AgileBits servers giving access on any device, or browser I’m using, are major reasons I jumped to v7.
Watchtower checks your currently 1Password stored website logins against an always updated list of compromised websites and shows which logins of yours are compromised. It also shows, vulnerable passwords, reused passwords, weak passwords, as well as websites you log into that don’t use the more secure “https”. When I made the jump, I started out with well over 800 logins and passwords. I checked every single login. Some for websites I may have bought software from ten years ago, that are long out of business. Or websites I no longer wanted to be associated with, or storing my data. I canceled accounts, as best I could, and even contacted support on others to assist in canceling accounts. And where there was no possible way to do so, I would change all the personal data to a fictional person I created, and all the fictional data that went along with it, including a 25 character password. No way for anyone to trace that login or data back to me. Yeah … that might have been a bit much … but I certainly felt better after doing it.
That list of 800+ logins had shrunk to 400+ logins and new passwords; using a different 25 character password, with 5 digits, and 5 special characters in each. Now some sites have very special criteria for password creation, some seemingly less secure because they only allowed 12, or 15 characters, and only certain special characters. But no matter what, 1Password and I were able to work with the criteria and create the most secure password we could. This entire endever took me a few weeks to complete. Yeah … when I put my mind to a task, I finish it. No matter how long it takes.
Along with using 1Password I also used Apple’s iCloud Keychain. Every time I created a new or updated a password with 1Password, the system would always ask to update a current or create a new login/password in iCloud Keychain. Now my passwords are stored in 2 places. But the cool thing is how well iCloud Keychain is integrated into Apple’s macOS and iOS. When I’m on my iPhone 8 Plus I use iCloud Keychain and TouchID login method as much as I can. It’s pretty simple once set up. If I’m missing a password in Keychain I can easily look it up with the 1Password app on my iPhone, because 1Password is also integrated into the OS as much as Apple will currently allow it.
All in all, I feel safer—illusion or not. I have all new, and different passwords for every login, and I no longer have to remember any of them. I leave that to 1Password and iCloud Keychain. Now if all companies holding any of our data were that diligent at security we could al sleep a little better—a little.