READ ALSO -> How to save site passwords on Google account
How to manage site passwords
To correctly manage all the access credentials of the sites, we advise you to carefully read all the chapters of the guide, so as to understand what to do to avoid credential theft and, at the same time, avoid the inconvenience of having to remember thousands of passwords by heart…
Secure password rules
The rules for choose secure passwords that are impossible to discover are, briefly, the following:
- Use a password of at least 10 characters
- Use a strong password containing numbers, letters, and special characters
- Change it periodically (at least once a year)
- Do not use dates of birth, anniversary dates, or names of relatives
- Do not use the same password for all accounts
- Avoid using the “Remember password” function of browsers.
In order to apply these rules perfectly, we must find one password management strategy more realistic, comfortable, that keeps accounts safe, without slowing down any operation.
In another article, we saw the best ways to create secure passwords that are easy to remember.
How to create a truly secure password
For what concern way to create passwords for the various accounts, you absolutely need to have your own algorithm or thought process that no one else can understand. Instead of having an identical password for each account, you can think of a basic password and change it based on the website name. For example, you could start with a basic password like “cfg345l &” and then, for Facebook make it ” Fcfg345l & K “, for Gmail” Gcfg345l & L “and so on. Whichever method you use, the important thing is don’t always use the same password and, on the contrary, not having to remember different keys for each website. If no effective mental algorithm comes to mind, you can always take advantage of an automatic password generator.
For example, the bookmarklet of SuperGenPass is an algorithm implemented as a browser extension or bookmarklet. It creates a master password that you will need to remember and then, for each account, a different key is created that cannot be discovered. These passwords are not saved either online or on your computer, they are simply extracted by the SuperGenPass algorithm. So just install the generator on every browser you use and use the same master password everywhere.
Alternatively, we can also use one of the password managers reported in the following chapters, which include random password generators that are difficult to guess or hack.
Use a local password manager
One of the simplest ways to manage all passwords is to use an ‘app to manage passwords, using a service or program that stores login data and protects them behind a single master password that becomes the only one to remember in mind.
The best free program to manage passwords on your computer is KeePass, which I described and explained some time ago.
KeePass runs on your PC and does not store online data on external sites and servers, thus remaining out of the reach of hackers (who often target online password management services to steal credentials).
If we wish to carry the passwords with us on the smartphone or tablet we can use KeePass in combination with an online file storage service such as Google Drive to synchronize the protected file with all the passwords and be able to use it from multiple computers together; on the portable device, we will have to install an app to open KeePass files even remotely, such as Keepass2Android (Android) and KeePass Touch (iOS).
To learn more we can read our guide KeePass on Android and iPhone: how to save passwords on a personal cloud.
Another very good password manager is the free and open-source Buttercup for Windows, macOS, Linux, Firefox, and Chrome. The program does not store passwords in the cloud, but locally on your computer or mobile phone or you can save them online on one of the supported cloud services such as Google Drive and Dropbox. Buttercup can import the password database from other programs like 1Password, KeePass, and LastPass.
Use an online password manager
The best online service for synchronizing passwords between various browsers and between various devices is Bitwarden, available under an open-source license and accessible from the official website.
With this service, we will be able to synchronize all passwords and enjoy automatic authentication every time we enter a site we know, protecting all passwords with a single master password, the only one we must remember from now on.
Bitwarden can be installed on Windows, Mac, and Linux, as well as being available as a browser extension on Google Chrome, Microsoft Edge, and Mozilla Firefox.
If we want to use the passwords saved online also on smartphones and tablets, we will have to install the Bitwarden app from the Google Play Store or the Apple App Store.
Another service we can use to save passwords and synchronize them online is LastPass, which allows you to create a protected account in which you can write all your passwords and use them automatically every time you connect to a site.
When connecting with LastPass, the encrypted file containing all passwords is downloaded to your computer and encrypted only locally and only if you are authorized. This type of service also helps to manage and remember other important information, notes, notes, and even PINs and codes not linked to websites. The security of the account can then be strengthened with the double-verified authentication procedure via mobile phone, which ensures complete protection even if a stranger learns the master password.
Unfortunately, LastPass has imposed severe restrictions on free accounts, forcing us to use it only on PC or only on Mobile (while remaining free of charge). In another article, we saw the list of alternatives a Lastpass, including Bitwarden already mentioned above.
To make life easier, you can manage access to accounts of little-used sites on the manager integrated into the browsers, leaving the most used passwords or sensitive passwords only to the chosen password manager. Another very effective method involves using the online password management service (such as Bitwarden) for the passwords of sites used every day and with low risk of data theft and instead of using KeePass for bank passwords, PayPal passwords, for the password. Facebook or any e-commerce site.
To know how long it takes to get a password for an automatic or brute-force scanning program, you can do it test to see how long it takes to discover a password.
Finally, I remember the article on Popular techniques for stealing passwords on the internet to understand how easy this can be even without being a professional hacker.