Topics

Peter Vogel

Time to start using a password manager

Voices April 3, 2019

Now is the time to get a password manager for all those online accounts, writes Peter Vogel. (Kevin Ku/Pexels)

Anyone online in this day and age pretty much needs a password manager of some sort.

Managing all your various online accounts with one email address and one password is asking for trouble. And it is unlikely, if you conduct much of your activity online, that you have fewer than, say, a dozen accounts.

I’m a bit of an extreme example. I just checked in my password manager and found I have 204 accounts. To be sure, many are from my school work, and quite a few could be – no, should be – retired, because they are either no longer used or the companies behind them have closed down.

That last point is important. If you no longer use an account, find a way to delete it. Some companies do not have an option to delete an account online. If that is the case, write to the company and ask to have your account deleted.

Locally we saw, following the bankruptcy of computer retailer NCIX, that customer account data was being sold on the open market. Basically, old online accounts are the electronic equivalent of unshredded forms blowing about in the wind. Eventually the form comes to rest somewhere and someone can potentially make use of it. Can you say “identity theft”?

I began using a password/account manager almost two decades ago, certainly long before any of the current crop of such products existed. I used a very simple product created by a mathematician in Poland. It went by the name Oubliette, a play on the French verb oublier, to forget.

Oubliette never did attract attention outside the techie sector but its basic construction is to be found in modern password managers: encrypted data, often today stored in the cloud, protected by one or more keys.

Eventually I had to move to one of those modern managers as Oubliette was no longer being maintained. Besides, it had been created before there was even the notion of cloud data storage.

For the past eight years or so I have been using My1Login, from a Scottish company. It has evolved into an enterprise product and is no longer something I would recommend for personal use. Having said that, I stress that I have absolute faith in the way My1Login manages account data. Each time I use it I have to jump through multiple hoops to get at one of those 200+ accounts I have it managing. And it nags me about passwords it perceives as weak, or spots as duplicates from other accounts.

I very much appreciate all the security features built into My1Login, but as it evolved into a business enterprise product it strayed from development work for mobile. Nowadays, my smartphone is so powerful it has become my 80/20 device; 80 per cent of what I do computer-wise I do on the phone.

That means in the near future I will be activating one of my accounts for the current generation of password managers. I already have several installed on the phone for testing purposes.

Nowadays there is no shortage of opinions on the various tools to manage passwords and online accounts. Some like purely commercial products. Some prefer open source. Some want nothing to do with cloud storage.

There are several highly-rated products that surface regularly in surveys of these tools. These are all multi-platform tools, good for desktop, PC or Mac (some even for Linux), mobile, iOS or Android. They vary in cost and features.

PC World recently ran one of its reviews of the field and gave the top ranking to LastPass, closely followed by Dashlane. When I surveyed followers of my various social media platforms, LastPass was the service most commonly noted. Besides Dashlane, there were numerous others mentioned, among them 1Password, BitWarden, KeePassXCand SafeInCloud. I am intrigued by SafeInCloud and will be looking into it closely in the near future.

If you’ve been putting off getting a password manager, check out some of the ones you see here. Don’t become a victim of a hack because you were using the same password across multiple online services.

***

So long Google+

By the time you read this column, Google+, Google’s eight-year experiment with social media, will have been shut down. I for one shall miss the high-level interaction I experienced there with the almost 60,000 followers I had at the peak.

Follow me on Facebook (facebook.com/PeterVogelCA), on Twitter (@PeterVogel), or on Instagram (@plvogel)

[email protected]