This announcement is from Bret Miller, manager of information technology at GCI headquarters.
Perhaps you know someone who has had an online account hacked. Maybe you’ve been hacked yourself. In most cases, hackers manage to get in using your own password. That’s what happened to me when my accounts were hacked. I had protected them with a one-word password that my wife and I were sharing. That’s a very bad idea!
Simple one-word passwords are easy to crack using dictionaries of commonly-used passwords. It might take longer if your word isn’t common, but it’s still a bad idea. I knew it was, but hey, who’d want to hack me? Thankfully, the hackers only intent was to send a link to a malware-infected website to my mailing lists (my apologies to them!).
There’s a story circulating about a guy in the Midwest who had his bank account drained. He thought he was protected—his password included letters, numbers and symbols. But he used the same password on all his online accounts. That made it easier to remember, but the online newsletter he subscribed to didn’t need as much security as his bank. So the hackers managed to get into the newsletter’s server and got the passwords for all subscribers. Then they used those passwords to try to get entry to bank accounts. They hacked this poor guy’s bank account and drained it.
The best practice is to use a different, long and complicated password for each online account. But how do you remember all those passwords? That’s where a password manager comes in. It will generate a strong password, then remember it for you the next time you need it. I have 421 online accounts in my password manager. It would be a nightmare to try to remember all those on my own. But how do you know if your passwords are securely stored on your computer in a password manager? All good password managers encrypt the data using a master password that you assign.
Several password managers synchronize passwords to multiple devices. How can you be sure those passwords aren’t being stolen during synchronization? Again, the passwords are encrypted before they leave your computer and the master password is never stored. Thus the data is inaccessible by anyone who doesn’t know the master password, including the company who makes the password manager. Therefore, it’s vital not to forget your master password!
Which password manager is best? I use and recommend LastPass because it works well for me. It’s free to use on computers, but costs $12/year to use on mobile devices. KeePass is recommended frequently because it’s also free, though I don’t find it works as well as LastPass in Firefox and Chrome, it doesn’t automatically sync, and it requires more knowledge to use. RoboForm has been around a long time and is well-recommended, but not free. Click here for a recent PC Magazine article rating password managers.