Privacy online Ep.2 – You should check your accounts and passwordsPosts
When I started to be concerned about my online security and privacy, I tried to figure out how many accounts on the sites I had active and with which passwords.
I’ve always used the built-in password manager in Google Chrome to keep passwords saved. This is certainly not the safest way to save passwords, for several reasons, but the main ones are:
- Anyone who has access to your computer can view passwords. Even if you need to enter your computer’s login password to view them, it may be known to those who logged in to your computer illegally and anyway it is possible to log in to your accounts simply by using autocomplete.
- Passwords are saved in an encrypted database on your computer, or on a server to allow synchronization between devices. In any case, however, they can be revealed by tools such as WebBrowserPassView (if they are not protected by a master password)
My personal problem was that I was using Chrome on my computer at work but Safari on my personal computer. In this case the synchronization didn’t happen, making it boring to go through the new passwords saved each time.
How to manage your passwords securely
The solution that I found and with which I feel very good is LastPass (I’m not affiliated and I don’t take a penny in recommending their product, I just feel good with this service and I feel like recommending it).
With LastPass you can save your passwords securely, and also allow synchronization between devices and autocompletion between different browsers (and apps).
This allows you to save your passwords in one place and not worry about using several browsers/apps.
LastPass has several features that are very interesting to review your online situation. It can also check how many passwords are insecure or reused, and for some services change the password automatically with a more secure one.
During the process of adjusting your passwords, you can also realize which accounts you have that you don’t really need, and delete them, and change unsecure passwords that are reused for multiple accounts.
Moreover with LastPass you can also check if your emails have been leaked, and act accordingly by changing the passwords on the sites that have been hacked.
If, like me, you use a password manager in a browser, you can easily export your passwords and import them into LastPass. Remember, however, to delete them later from the browser!
Pros and cons of LastPass
The pros are definitely greater security in managing your passwords than a password manager in a browser.
The databases are encrypted and LastPass has no decryption keys, so even if their servers were hacked, it would not be possible to decrypt the databases.
It has several interesting features, such as email control, password control, two-factor authentication activation, and several other goodies.
You have a synchronization between all devices and all appbrowsers with autocompletion.
In 2011 they had a security breach, which was immediately managed and closed.
Your master password must be extremely secure. If you use a weak password as LastPass master password, all the advantages of using such a password manager will be in vain, for obvious reasons.
How I managed my passwords
What I did, and what I suggest you do if like me you had all your passwords and accounts in a password manager integrated in the browser, is to take the opportunity of this migration to do some cleaning.
I saw how many accounts I didn’t care about, and I activated myself to delete them one by one by going to the relevant site and deleting the account. (Or by contacting support to have my account deleted)
This has already helped a lot to limit my online presence and to limit which online services had my data.
I then adjusted all passwords to make them more secure and delete all double passwords, i.e. used for multiple accounts.
With LastPass I have definitely limited my online presence with accounts scattered all over the internet, and I have definitely improved the security of my online passwords.
This has to do with both our security and privacy, as you can take the opportunity to report on your online presence and manage it.
I hope it helps. We’ll read again at the next post.