Balancing Password Security With Convenience

Raffa Financial ServicesRaffa Financial Services on 03/05/2019

When it comes to data security, you want to keep access to the sites and services you rely on protected. So you go to one of your most important services and think up a complex password. It’s got 10 digits, it’s got a capital letter, it’s got a number, and not one but TWO symbols.

Some time later, you go to another important service and you have to pick another password – a fork in the road. What next?

Finding the balance between easy and safe

It would be easy to just use the same password as the first site. After all, it’s got all the pieces of a strong password – if it’s strong there, it’ll be strong here! So, out of convenience, you start reusing this password for various sites and services. Maybe you use a different number or symbol here and there, but underneath it’s really just the same password. So what happens when one of your services suffers an all-to-common data breach?

Hackers now have your email address and the password you used to sign up for the compromised service. The very first thing they will do is see if you use the same password for your email account itself. If so, that’s the jackpot! Now they can simply do a “forgot password” prompt on any service they are interested in, watch your inbox for the password reset email, and then take over that account as well.

If the hacker can’t gain access to your email account, they will try other popular services just to see if you reused a password. And even if you make small adjustments to the same core password for various sites, it will be significantly easier for a computer script to guess your password, since they already know most of the characters.

If any of this hits close to home, it’s because you're running into the same thing that most of us (including myself) have been guilty of. We all want to be secure, but not if it takes 5 minutes of guessing and password resets to get into every service we use! So what are we to do?

Use a password management service!

There are many password management solutions on the market that you can use, such as Dashlane, LogMeOnce, 1Password, and LastPass. I will focus on LastPass features specifically here, but all options are valid, and much better than the status quo of reusing passwords again and again.

What does LastPass do for you?

LastPass has a plethora of features, and this list is in no way exhaustive of all of them. The primary feature LastPass offers is a single password to manage all of your passwords.

This is done through the creation of a single complex passphrase. Notice that I said passphrase and not password. This is because LastPass has one master password that protects your vault, which can be an incredible risk if you do not pick a complex and lengthy passphrase.

It’s for this reason I suggest using an entire phrase, such as a song lyric or a quote that you can remember. I would then consider writing this master password down and keeping it in a safety deposit box, a safe in your home, or in a random underwear drawer you can access should you ever forget the phrase. If someone is rummaging through your drawers and sees “Straight up now tell me is it going to be you and me forever” on a piece of paper, they may have questions, but I doubt it will lead them to your password vault!

Now, you may be thinking you don’t want to type a lengthy sentence every single time you need to login to a website. Well, good news – you don’t have to!

LastPass comes with plugins that can attach to your web browser, as well as mobile apps. You will have to enter the passphrase initially in the browser, but it is not often and you wont need the password every time. The plugin will give you quick access to your vault of passwords, as well as options to generate random passwords or fill in the login form of a current website automatically with data from your vault. This makes it very easy to generate a lengthy, complex, and unique password for every site you use without the need to remember each of them individually!

Another feature of LastPass that's pretty amazing is the Emergency Access Feature. You can specify someone’s email address and a delay period for that person to access your vault.

For example, in my office I manage many services. If something were to happen to me unexpectedly, my team would find itself in a tricky situation trying to recover all of these services. For this reason, I have added a colleague with the rights to request emergency access, which will be granted after 48 hours of no response by me. So if the colleague requests access and I’m alive and kicking, I will see the request and deny it. But if the worst did happen, I would be unable to respond and my colleague could get into my vault after the specified 48 hours.

One final feature I want to touch on with LastPass is its password audit feature, which will scan your vault of saved passwords and warn you about weak passwords, reused passwords, and old passwords that you should consider changing. This is incredibly useful for ensuring you continue to stay safe in your present and future online activities.

Making password security easy

Whether you use LastPass or some other feature, the implementation is likely to be pretty similar. With so many convenient features built into these tools, it’s a no brainer to get one set up and start generating unique passwords for all of your services. This will ensure that even if someone is able to get one of your passwords, they will not have access to any of your other services. This kind of damage mitigation is important to keep you protected, and is super simple to implement. 

With just a little bit of effort, you can rest comfortably knowing you’ve found the perfect sweet spot of security and convenience.

 

josh-payette

Written by Josh Payette, IT professional at Raffa Financial Services

Raffa's resident IT whiz kid, Josh not only possesses infinite technological know-how, he also has killer design skills. Which pretty much makes him our resident unicorn as well. A problem solver by nature, Josh uses his endless energy and powerful programming powers to keep our various systems running at full throttle— so we can help our clients to do the same.

 

Photo by Ion Chiosea

Want our business blogs delivered to you?

Enter your email address below to start receiving updates in your inbox!