Short answer: You should use a password manager because good passwords are hard to remember. Long answer: Read this post.
To log on to a website on the internet, you normally have to provide a username and a password. A good password is a long one because the more characters a password has, the longer it takes for a hacker’s computer to guess it. But it’s also generally hard to remember long passwords, and many people tend to use the same password - and often username - on all the websites they log in to.
When you use the same credentials everywhere, there’s a higher chance a hacker can figure out your username and password.
Actually, it’s very likely that it has already happened.
Have I Been Pwned?
Why, yes! Yes, you have1.
Go to the site ;-have i been pwned? and enter your e-mail address in the field. I’m willing to bet that it comes up as part of at least one breach. I’m a rather security conscious fella myself, and even my e-mail address shows up - 7 times.
You’ve been pwned because it happens all the time. Websites are hacked left and right. On July 28 alone, the official Have I Been Pwned Twitter account reported three different breaches. The three breaches contained almost 2.5 million user accounts.
The most recent breach my username and password was lost in happened in February. Hackers got hold of no less than 23 million accounts from the custom merchandise retailer CafePress.com. My information is in the CafePress.com database because I once sold t-shirts with this site’s one-liners collection printed on the back through CafePress.com. That was in 2003. The internet never forgets.
But Hackers Don’t Care About Me?
An all too common misconception among internet users is that hackers aren’t really interested in them. Hackers only go for high-value targets, like rich people with lots of money, right? No, they go after the low hanging fruits.
If the hackers get their hands on your Facebook username and password, for instance, they can use that as a beach head to attack all your Facebook friends. If a friend of yours receiver a file from a total stranger, they probably wouldn’t open it. But if it looks like you’re sending the file - it’s coming from your Facebook account, after all - it’s a lot more likely that your friend will open the file.
The file will most likely turn out to be be ransomware, a piece of software that encrypts all your friend’s files. The files - personal pictures, important documents, e-mails, etc - can’t be accessed until the victims pays the hackers a hefty ransom.
And it’s all your fault. You and your lousy password.
How Can I Prevent This!? Halp!
Using a password manager won’t make the websites you log in to more secure. But a password manager makes it easy for you to use different passwords on different sites. This means that if a site is breached, and the password you used on that particular site is revealed, that information can’t be used to log in on other sites.
In addition to that, a password manager makes it easy for you to use a good, long password. This means that if the encrypted version of your password on a particular site is leaked, it will be very time consuming for the hacker to figure out what the actual password is. This gives you time to change the password, and the hacker will not be able to log on to the breached site either.
So, to summarize: Use a password manager! But what, exactly, is a password manager? Find out in my post, aptly named What is a Password Manager?
This post has no feedback yet.
Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to
vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.
|This post is part of the series KeePassXC|
|InternetKeePassXCPassword ManagersPRISM Break|
|2019-08-19 17:00 CET|