Let’s be honest, nobody likes passwords. Sometimes, not even notable computer scientists.
Unfortunately, they are necessary, for our own safety.
For most people one or two passwords would be enough, but this modern life comes with a multitude of applications used on everyday basis. How do we handle remembering tens of passwords at once?
1. Having short, easy to remember passwords? Doesn’t work, because they are easy to crack.
2. Having only one password and using it everywhere? Doesn’t work because if someone can get a hold of your unique password, they have access to all your accounts.
3. Writing them down on a paper? Doesn’t work because post-its can get lost and everyone can see your passwords.
The solution is to create strong, unique passwords for each account and somehow remember them all.
Password managers offer just this. Password managers work by storing and encrypting all of your log-ins and passwords in one location, protected by a “master” password.
The master password becomes the one password you have to remember. It also helps you create strong unique passwords for all your accounts.
Your browser has a built-in password manager, or you can choose a third-party password manager like LastPass, Dashlane or BitWarden or you can install one on any of your devices.
So, can we finally stop worrying now that we have a password manager and have created strong unique passwords for all of our accounts? Unfortunately, no. Our passwords are only as safe as the password manager account is. And they are never 100% safe.
So, attackers could get a hold of your passwords. How can we keep them out of your account?
In comes 2FA (2-factor-authentication). What is a factor? A factor is a type of authentication. Your password is one factor of authentication.
But you may need another. Services that support Two-Factor Authentication often give you the choice to receive a One-Time-Password via SMS or an authenticator app like Authy or Google Authenticator.
Is two-factor authentication the ultimate way to secure your account? Of course not. There isn’t a 100% proven way of securing anything.
Accounts protected with 2FA can also be attacked. How?
1. When your second factor is an SMS sent to your phone a way of circumventing this security measure is called a sim swap attack. Lesson learned here: don’t share personal information on social media.
2. Another type of attack is a prompt bombing attack. Lesson learned: When you get an unsolicited request on your phone, don’t follow up and immediately change the password for that account.