DEV Community

loading...
Cover image for Online Security 101 or why you Should use a Password Manager

Online Security 101 or why you Should use a Password Manager

Alex Chaplinsky
Full-stack Software Engineer at Railsware. Hacker, Traveller and YouTuber.
・3 min read

Passwords are part of our daily life whether you log in on any website or enter a passphrase for your ssh key. Every person who works with a computer enters at least one password a day.

The majority of people use very weak passwords and reuse them on different websites and rarely change them. Mostly because they don't fully realize how dangerous it might be to use an easily-guessable password or even worse use the same password for every single website. Those are anti-patterns of personal cybersecurity.

Nobody likes remembering long and complex passwords, especially when you need to change them frequently and memorize a new one again. But in order to be sure that your accounts are not an easy target for hackers it is better to follow a couple of simple rules with passwords.

1. Use long and hard to guess passwords

It is definitely not a good idea to use your pet name as a password. Well, actually any name or commonly used words. Attacker already has a couple of giant dictionaries with commonly used words to iterate over and try to match your password.

Combining a couple of words together would also not help. The best solution is to come up with more than 10 characters of letters, numbers and special symbols jumbled together. Something that would be definitely hard to find in a dictionary :)

2. Use a unique password for every website (or service)

Using one password for all your accounts definitely makes it easier to remember credentials for all websites and services. And nobody will ever know, right?

Not really, if an attacker hacks a website and steals all passwords from the database. He now has an ability to log in with your credentials to all other services that you're using. Even though passwords in the database are probably encrypted (well, in fact, they should be!), a hacker can also run your encrypted passwords against a couple of rainbow tables and find a match. And voila, he knows your real password!

So please, never use the same password for multiple different services.

3. Change passwords every once in a while

It is a good habit to change passwords every 3-6 months. This reduces the risk of being pwned. If your password gets leaked into some database that hackers sell to interested parties, it would be useless for them if you change your passwords frequently enough.

So that being said, we have to admit that it is hard to come up with a password complex enough and memorize it when you are creating a new account on some website. But fortunately, you don't have to. A Password Manager can help you with this!

Password Manager is basically a piece of software that helps you to generate strong and unique passwords for every account, store them securely on your device and rotate them as frequently as you want. All those credentials are kept encrypted and secured with one master password that you need to remember.

There are of course a lot of different password managers out there. Some of them can work offline and store data on your computer and some of them sync your encrypted data to their web servers. Which is ok, since data is encrypted and can only be decrypted with a master password that only you know.

Swifty is a Free Password Manager which works offline by default and keeps all your sensitive data encrypted on your computer. It is a simple tool like a notepad where you can write all your passwords and keep them for yourself but a lot more secure than regular notepad :)

Swifty also helps you to easily generate passwords containing letters, numbers and special characters with length up to 50 characters. It also tells you if you have duplicate passwords or passwords older than 6 months (since they were added to Swifty).

If you want to feel a bit safer and not be afraid of losing all your credentials in case your hard drive dies you can sync your encrypted vault file to your personal Google Drive. And then later you can restore your data with Swifty on another computer. Still, no data is sent to third-party web services. Just to your personal GDrive.

And also Swifty is FREE and Open Source! So you can easily check out its code and maybe contribute ;)

Discussion (0)