Use a Password Manager

Because the next couple of posts are going to be variations around graduating college, leaving Boston, moving to Seattle, and getting acclimated there, I decided to make a random post not about any of those topics.

TL;DR: Use 1Password right the fuck now.

My first password ever was baseball. My second password was ps3wii. I used that password everywhere up until around 2012. Honestly I may be using it on a few random sites still. My current main password I've been using since 2012 but late last year I finally started using a password manager. Now almost all of my passwords are randomly generated and managed by my password manager and I only need to remember one password for a few things.

OK, so why should I use a password manager?

Because you've probably been pwned already. You should check your emails and usernames on this site. Tons of sites have been breached in the past. Don't use random forum sites? Don't worry as Adobe (2013), LinkedIn (2012), Dropbox (2012), tumblr (2013), MySpace (2008), and Yahoo (2012) all have been breached (years are when the breach actually occurred) exposing email addresses and most importantly, passwords.

Password reuse is bad but everybody does it. Remembering new passwords is hard so we all try to avoid creating new ones. You may have seen the XKCD comic about password strength. After using a password for 5 years trying to remember a new one even if it should be easy is going to be annoying. Password managers do the remembering for you. You only need to remember 1 master password and the password manager does the rest of the work.

OK, so which password manager should I use?

I use Enpass, others I know use 1Password. I would also suggest Dashlane. If you want a fully free option look into KeePass or Password Safe. You can also look at LastPass. You may see news about LastPass being hacked in the past but overall they're still should be fine to use. I'll explain why this may or may not dissuade you later. You can find other password managers here.

If you want something that's super easy to use go for 1Password. If you want something that's completely free go for LastPass.

Here's some more info.

1Password - $35.88 a year. Works on Windows, Mac, iOS, Android. Syncs passwords between all your devices. Allows you to access your passwords online.

Enpass - Free desktop apps. One time $10 for each mobile app (if you have an iPhone and an Android phone you would need to pay $20). Works on Windows, Mac, Linux, Windows UWP, iOS, Android, Blackberry, and Chromebooks. Syncs passwords between all your devices using a file synchronization service (Dropbox, Google Drive, OneDrive, Box, or ownCloud. This makes it a tiny bit harder to setup. Doesn't allow you to access passwords online.

Dashlane - $39.99 a year. You may also notice they have a free version but that doesn't sync your passwords between your devices which is pretty useless you down own a smartphone. Works on Windows, Mac, iOS, and Android. Syncs passwords between all your devices. Allows you to access your passwords online.

LastPass - Free. Works on Windows, Mac, Linux, Windows Phone, iOS, and Android. Syncs passwords between all your devices. Allows you to access your passwords online.

So, what's wrong with LastPass?

LastPass along with 1Password and Dashlane sync your passwords online using their servers. In LastPass's case they were hacked and people were able to access various things but never actual plaintext passwords. Because all three of these services sync your passwords online, 1Password and Dashlane could also be breached in the future. You may notice that Enpass also syncs your passwords but it uses file synchronization services. If those services were breached then you could also be at risk but Enpass also gives you the option to sync all your passwords manually and not online. So in the end not much is wrong with LastPass.

I've picked one and signed up. Now what do I do?

First off, I'm impressed you actually decided to use a password manager. Most people would just put it off and forget but you, you're a go getter. If you're like me you'll spend the next 4 hours logging into all the sites you can remember, generate new passwords for them, and then save them into your password manager. Yes, it took me 4 hours to move over 60 passwords to Enpass. Yes, it was worth it. Yes, I forgot some sites.

If you're normal you should just migrate passwords one at a time. First download the appropriate apps as well as add the appropriate browser extensions. All 4 password managers above support Chrome, Firefox, Safari, and Opera. Next you'll need a master password. This is the one password you need to remember. This can be that same password you use for all your sites. It shouldn't be as bad as baseball however. Once you've done that as you should start moving passwords into your password manager as you start logging into sites. With 1Password, Enpass, and LastPass (I setup and tested LastPass to check this), they will prompt you to save your already saved password into their manager. Once you login it would be a good time change your password to a randomly generated password. All four can create very secure passwords for you and I recommend that you do that. This makes it very easy to use a unique random password for every site that you use.

Password managers also let you store other things besides passwords like credit card info, bank info, and notes. All of this information is securely protected. Some password managers also have cool features like integrating with Touch ID or Windows Hello so you don't need to type in your master password all the time.

I'm interested in making my life more secure. What's next?

Use two-factor authentication (2FA) anywhere and everywhere you can. This site lets you check which of the services you use support 2FA. You really should use 2FA on your main email account. Seriously, if someone gets into your main email account you're fucked because they can just password reset all of your accounts linked to that email address. Use 2FA for email. Don't use Yahoo email, use Gmail instead. I use Outlook but that's because I like Microsoft. But seriously don't fucking use Yahoo email.

2FA isn't enough security for me

Then get off the internet and live in the woods for the rest of your life. The only hackers you'll need to worry about are bears hacking into your trashcan.