padlocks

One simple way to avoid identity theft

avatar
by Charlie Park

Charlie lives with his wife and three daughters outside of San Francisco. He runs PearBudget, enjoys being outdoors, and really loves a good library.

In light of the Heartbleed bug mess, this seemed like a timely topic to revisit.

Ready to be scared a little bit? The odds are very, very good that — at some point in time — a website you use has been hacked, and your e-mail and password from that site have been compromised.

Ready to set your mind at ease? It’s simple and easy to set up your online life so that you’re totally safe if that ever happens again (and to protect yourself now, in case one of your passwords is out in the wild).

I know that normally I talk about money stuff, but today I’m going to be talking about you, your online life, and how you can make sure the bad guys don’t get to access your bank accounts, your e-mail, your blog, or the other important parts of your identity on the internet.

So, it turns out it’s hard to write a post about “security on the internet” without it quickly falling into a hysterical, doom-and-gloom, panicky mess of a post.

I have no desire to cause anxiety, but I also want you — when you read this — to understand how important it is, and how easy it is to protect yourself. Really, it’s as simple as downloading a free program (takes a few seconds), setting it up (takes about a minute), and then using it to log in to the sites you normally use (no more time than it takes you now).

If a website I use gets hacked, and my password gets stolen, what do the thieves get?

Without getting into the boring details, there are two ways a website can store your password: encrypted (meaning a password like “puppies_are_cute” is stored as something like “c76dae966ba4fe2e427249511e3983ac16beef67″) and unecrypted (meaning it’s saved in the database as “puppies_are_cute”). Even if a password is encrypted, hackers might still be able to crack it and figure out your password.

Ideally, every website would encrypt passwords securely before saving them. But they don’t all do it. If your password gets stolen, it’s probably safest to assume that the bad guys have your actual password. (Yikes!) And that they now have access to every site where you use that password. (Double-yikes!)

If I can’t guarantee that my password will be safe at a website, how can I protect all my other accounts if that site gets hacked?

The easiest way to keep yourself safe is to use a different password for every website. That way, if Site A gets hacked, your password from there will be useless at Site B.

Do you know how many sites I use? I can barely remember to get all the things on my grocery list. You expect me to remember that many passwords?

Ha, no.

“Remembering passwords” is something you should probably commit zero brainspace to. But if you can remember just one (which you’re doing right now), you can use a password manager.

What is a password manager, and why should I use one?

Password managers do three things:

1. They securely store the username and password you use to log in to every site on the internet.

You only have to remember the one password you need to get into your password manager, and you’re all set. Also, when you first set it up, it’ll import all of the saved passwords you have on your computer.

2. They let you create unique passwords for each site.

Instead of using an easily-guessable password, they’ll generate a password that looks like this: “Af!@ADn56Zk*”. And every site you use will have a different password, so if one gets compromised, the rest of your online accounts are safe.

Even better, they remember your passwords for you, and can fill them in automatically. So you don’t have to worry about remembering them.

3. They give you a browser extension that lets you log in with a click of the mouse (or no clicks!), and manage your account across computers.

You might already have your computer set up to do this, but with LastPass and One Password, you can set your computer up to log you in to any site automatically. Further, if you log in to your LastPass account from another computer, or from your phone or tablet, it’ll log you in there, too.

As a bonus, they also store credit card information and other important data that you need. They encrypt it all, so your info is secure.

I have to pay for this, right?

Nope. There are two leading password managers. One of them is free.

  • One Password — a one-time $50 fee, works across all your devices.
  • LastPass — free, but if you upgrade for $1/month, you get an iPhone/iPad/Android app that lets you log in more easily on your phone or tablet.

Personally, I use LastPass (the free one) and when I need to log in to a site on my smartphone, I just enter the password manually.

But … what happens if LastPass/OnePassword gets hacked?

The short answer: nothing. All of your data is encrypted, via methods that make decryption practically impossible. Your data is safe. Not even the folks behind password management tools can see your passwords.

Every few months, I see news that some large site has been hacked, and millions of passwords have been leaked. I used to be afraid. Since setting up a password manager, though, I’m not at all concerned. I’d love for you to have that same sense of peace.

And with all the things you’re trying to manage in your life, don’t make managing your own passwords be something that you have to handle as well.

Do you use a password manager?

This post was originally published on April 19, 2013.

Join the Conversation
top photo source

Like This? Subscribe for free and have it delivered to your inbox.

Comments

  1. Interesting timing. We just dealt with a major breach ourselves due to a hacker – $2800 dollars worth! Thankfully, the vendor and our bank were great and we were totally protected. But it sure has been a huge hassle. I had to change several accounts, passwords, and get a new debit card.

    We need a new password system, obviously.

  2. I don’t use one at the moment but I will now! Thanks for the great info. I log into a bunch of sites and do worry about it.

    • Identity thefts have now appeared in our sights very often. Since technology has been advanced by time, different ways of identity stealing have appeared. One of the ways that’s used commonly is that they will become your friend. Those thefts could first pretend to be your friend. Then they will chat with you and become good friends with you. At last they will take away your personal information and then at last you realize that he/she’s just imaginary. At the same time you don’t know that if your friend stole your identity or someone else stole your friend’s account and did that. You need to know that not everyone and everything on the internet is reliable. People usually get tricked by people that they trust the most because no one knows that what he/she is actually thinking about. For example in one short clip in YouTube, there’s a girl that found a friend randomly. In his profile picture that boy is really handsome so she decided to add him. They became very good friends. And one day they decided to meet each other. At the day that they meet, the girl arrived very early but no sign of the boy have come. She waited for hours and at last went back home. When she went back home, she noticed that her identity is stolen while she went outside. She told the police about this. At last the police figured out that that boy was actually a 32 year old man. He is an identity theft. His profile picture was actually a picture that was found in google images. The same thing also appears in movie Identity Thief.

  3. We are huge advocates of 1Password. Thanks for sharing this.

  4. I have never heard of a password manager – what a great idea! It certainly beats my little word doc organization method of the many passwords I can’t actually remember :-)

  5. I use 1Password and love it. It took a lot of coaxing from my husband and grumbling from me, but once you get everything set up it’s very easy to use. I just recently learned a neat trick where you can append “op” to the start of the URL (so it reads ophttp or ophttps) and it will open in the 1Password app, which is really handy if you do most of your computing from a mobile device like me. I also store credit cards and user identities in it, so when the autofill on my browser fails me, 1Password still saves me a lot of typing.

  6. What?! I’ve never heard of this. It sounds like a fantastic tool. Great article.

  7. I’d heard of these services but didn’t know how they worked. Thanks so much for explaining this. SO helpful!! I’m definitely going to get this set up!

    I had to freeze our family’s credit this month as the ultimate secrity measure, since our state (SC) had all the online taxpayer’s social security numbers stolen !!! It was a big deal, and the state is paying for credit protection for a year for everyone, including the kids that were named as dependents, but once we finished refinancing our mortgage we decided to do the most secure thing of freezign our credit. Now no one can open any credit account in our name at all! I feel better

  8. As someone who just had her bank account compromised TODAY, I needed to see this! Apparently my debit card info was stolen via a website and someone had a field day with my money! Grrrrr.

  9. Thank you for this post! Seriously I had never heard about a password manager. I am definitely going to have to check this out.

  10. Yup, have been using the password manager Roboform for years. It also syncs with mobile devices too. I highly recommend it!

  11. My Mac computers offer to remember my passwords for me. How safe is this as compared to the password managers referenced in the article?

    • The main benefits of a password manager over just using your browser’s built-in “save this password” option are:
      • a password manager gives you a random password for each site
      • a password manager gives you a password that’s complex enough that it’s not going to be cracked
      • a password manager will help you log in *across different computers*.

      On that last point, let’s say you have a desktop and a laptop. For whatever reason, you update your password somewhere from the desktop. It offers to save your info. You say, “sure.” But then, the next time you’re at a coffeehouse and you want to log in to Facebook (or whatever), you’ll have to do that whole “forgot my password” dance, which is a waste of time. Password managers take care of that for you. So once you log in to your account (regardless of the computer you’re on), it’ll have your up-to-date passwords ready to go.

  12. I use LastPass, and one of the great features it has is 2-step verification. This means that not only do I have to put in my password, but I also have to put in a code off of a table that I keep on me. This means that even if my LastPass password was stolen, without that table, they still won’t be able to get in. I also have 2-step setup and Gmail, so that if they somehow manage to get my gmail password, they will also need to have my cell phone. Sure it looks funny when I want to check my email at a friends house. But my data is as secure as it can be right now. Only thing to make it more secure it biometric, and not all computers have that as an option.

  13. Very timely indeed. My email was hacked this morning. I’m sold!

  14. Sounds like a great tool. I use multiple passwords by creating a very strange initial password like “ljdiaofij&8Km” and then injecting 3 letters associated with the site into the middle, like “ljdiaofijSIM&8Km” (“SIM” for simple mom) that way I don’t depend on software if something should go wrong with it.

    Also, citibank credit cards offer an online virtual number program which creates a virtual number for your credit card whenever you shop online. While you can set the number to extend for a certain amount of time or amount of work, it essentially is only valid for that one purchase. It creates another layer of protection against access to my credit card.

  15. I use KeePass and I love it! I still struggle to not jump in and use my “go-to” password, but KeePass is making it easier to adjust and create unique passwords for every account I have.

    • avatar
      Elizabeth says:

      I too have used KeePass for years and love it. I would also point out that unlike the above two options it is completely free, including the mobile apps.

  16. We use lastpass and love it! I have had my email hacked several times but since using lastpass it hasn’t happened once!

  17. Thanks so much for sharing this! I’ve been thinking about looking into something like this–you’ve saved me time spent researching; I’m taking action today!

  18. Unfortunately, I am one of the thousands of Canadians who’s personal information is “out there” somewhere, because of that government hard drive being stolen after I applied for and received a student loan years ago. While i will continue to be very cautious with all my personal info, it still bothers me that someone out there potentially knows everything that is important about me :(

  19. Thanks for giving information that is helpful and informative without making me feel incredibly dumb or for making me afraid of the internet. I’m checking out LastPass today!

  20. We use KeePass, which has been a memory-saver! We just have it on our main computer right now, but it’s really taken the pressure off my mind. I spent too long trying every single password that I’ve used in the last 10 years. Because I spend time on other computers as well, I have used my own easier-to-remember passwords, but maybe it’s time to create KeePass accounts on my work computer and laptop.

  21. Hi Charlie, Interesting stuff…thank you. I just signed up for your free trial of Pear Budget and I love how easy it is to enter everything! I’m looking forward to trying it out!

  22. Good timing, my husband has been telling me FOREVER that I should stop using the same password everywhere. In my defense, it’s 2-3 passwords but really that’s not enough. Off to check out LastPass!

  23. I haven’t used one because I didn’t really understand how they worked and was concerned about security. Thanks, Charlie, for explaining it in simple terms!

    And thanks for PearBudget. We are users and love it!

  24. I use 1Password – I’ve used it for a few years and I love it! I also use it to track purchase receipts (it supports attachments). Given the hundreds of websites I use, it is the sanest way to track everything. I have also gotten to where I have alerts set up with all of my credit/debit card companies. I get fraud alerts via email, phone and text.

  25. I’ve used PassPack for years. It’s free as well for less than 100 passwords, I think.

  26. I’m a mom first and foremost… AND I also recently began working at LastPass! It’s a fantastic company/software – but regardless of which password manager you choose – please choose one! It accomplishes two MAJOR things for me… simplifies my life (which is desperately needed) and keeps my information secure. Side note: it also has cool features like secure form fill that really speeds up those summer camp registrations ;)

  27. You inspired me to bite the bullet.

    I installed Last Pass and feel like the weight of the world is off my shoulders.

    My learning style is hands on so I started with a site I didn’t care much about (in case I messed up with letting LP generate a password for me, etc.)

    Keep going with various sites that you don’t particularly care about and pay attention as you add them to your vault. Sometimes there’s a glitch (for example, if the site doesn’t require a password confirmation). You can manually fix it.

    I added sites one by one, logging out each time and then letting LP login for me with the new password. Once I was sure it was working correctly, I added another.

    Finally I added a site I cared about (the Dave Ramsey forums) but one that wouldn’t lock me out of our bank account. That worked successfully. I plan to continue adding sites leaving my web broker and banks for the last ones. By then, I hope to be an expert at this!

    Thanks for sharing such a great post. I needed to do this in the worst way. I love how LP will generate a strong password for you. To me, that’s half the battle.

  28. Am I correct in assuming that this would be a bad idea to install on a computer that, say, I let my roommate use? Also, is there any way for my husband and I use it for two separate accounts with the same website? I suppose the obvious answer to both these questions would be to set up different users on the computer in the first place… we’ve just never taken the time to do it. Thanks for all the tips, I am challenged to put some better security in place.

    • Regarding the roommate / coworker / shared computer — As long as you sign out of your password manager, you should be fine. For the software to work, you need to log in to it (e-mail & password), so as long as you don’t leave it logged in (and don’t tell them your password!), you should be alright.

      You can have multiple accounts on a single website, even if you both log in to the same password manager. (Hopefully that made sense.) Another example of that scenario: I have multiple bank accounts at one bank (one is personal, one is business). When I go to the bank website, LastPass gives me options as to which account I want to sign in to.

      I hope that helps!

  29. Good evening Charlie,
    I’m in the process of following your suggestion today, having signed up for LastPass this afternoon.
    I am finding the credit monitoring feature interesting, as well as the obvious simplicity and security of pass word maintenance.
    Thanks mucho for the article, and thank you Simple Mom for making the article available on your site

  30. Great article! And yes, I use a password manager. Mine is called Sticky Password (www.stickypassword.com) and I use for couple years. Now the changing of all the passwords because of Heartbleed will be easy :)

  31. I wanted to add a quick note, specifically about Heartbleed (linked at the very start of the piece). The Heartbleed website is aimed more at web developers than at the normal everyday web user, so don’t worry if it uses a lot of technical jargon that you don’t understand.

    Here’s the core issue around Heartbleed: Most of the Internet had a bug in its code that meant that someone (in theory) could have observed traffic that was supposed to be encrypted. Think of it like a party where you need a password to get in past the bouncer, but there’s some dude standing within earshot of the velvet rope. If he hears the password when you say it, he can now get in, since the bouncer will think he’s you. It’s even worse if that same password gets him in to every private party in town. And to the bank, and library, and so on.

    What you should do about Heartbleed:

    There’s no evidence that anyone knew about this bug before it was reported to web developers, but it’s still a good idea to A) use a password manager like I described in the article, and B) to start changing the passwords you use on the web.

    Now’s an especially good time to do those things if you happen to use the same password on every website! :)

  32. Yes! We use LastPass. I love that it will generate complex passwords for you, so I don’t have to sit there looking around my room or flipping through books trying to find something to spark a unique but memorable password in my brain. The passwords it generates can be 10, 20, 30 or more characters, including numbers and symbols. I would never remember those types of passwords, but Last Pass does it for me and logs me in automatically!

  33. I use my tablet 90% of the time. Do you have any recommendations for secure, free android password managers?

  34. Never heard of this before, but I’m sold. Everything is so risky now days…this should help.

  35. I have been using Keeper to store my passwords. But I am making the switch to LastPass and changing all my passwords to be encrypted.

  36. I’m wondering how LastPass can be free? I’m feeling hesitant to trust it.

  37. How do this work on our e-mail when we are logged in using the icons on our iPhones or iPads? Same question with the apps? Also, do I need to manually change my passwords on the different sites or will it do it for me?

  38. Standard principles of the watch that one can take pleasure from commencing today.

  39. Magnificent web site. A lot of useful info here. I’m sending it to some friends ans additionally sharing in delicious. And naturally, thanks for your sweat!

  40. Excellent post. I was checking constantly this blog and I’m inspired! Extremely helpful information specially the ultimate part :) I take care of such information much. I was looking for this particular info for a very lengthy time. Thanks and good luck.

  41. One simple way to avoid identity theft | The Art of Simple
    [url=http://www.gs55md64ij5g71kru82218g8bctn30p0s.org/]urgwnygxrvf[/url]
    rgwnygxrvf http://www.gs55md64ij5g71kru82218g8bctn30p0s.org/
    argwnygxrvf

  42. Battle Dragons Growth Seaside Castle Conflict
    Clash of Clans Defenders & Dragons Dragon Metropolis Dragon Story
    Dragons World Dragonvale Eternity Warriors 3
    Gizmonauts Jungle Heat Knights and Dragons Monster Legends My Singing Monsters
    Samurai Siege Tiny Fortress Tiny Monsters Boom Seashore joins the ranks of being Supercell’s newest sport released after
    their success with Clash of Clans and Hay Day. The
    boys can be knights and the girls can be princesses or maidens – this theme works very well for mixed birthday parties.
    This is the birth of the spirit of the Christ, the inner warrior, priest,
    healer, teacher, and king in one’s consciousness.

  43. It should look stylish and appropriate for your baby.
    And, to top it off, the design and interface are extremely attractive.
    Totally his fault, he wound up with a gouge on the lens
    goofing around.

  44. The white ball of fur fell silently to the ground with a cute grin, “Here we are in a new world,” it
    squeaked, before being distracted by the beautiful flowers, “Oh, pretty, pretty, pretty,” it piped, happily picking
    a number in its tiny paws, “Fai, aren’t they. This amazing RPG comes from the makers of Harvest Moon, Dragon Quest, Final Fantasy, and Kingdom Hearts- but surpasses them all in different areas. Tradition states that, at the beginning of the world, God created the soul of Prophecy, and that this soul gave birth to the 124,000 Prophets who have since walked the earth.

  45. For one, war among the frontier between Native Indians and Europeans was constantly engaged.
    For the quiet, mousy Bess and the garrulous, hyperactive Macon, the
    west promises an abundance of riches and adventure.
    The individual history, primarily that of Ramsay Crooks, definitely hints at the proposal Turner makes of the
    person who begins on the ground floor of the business and works his way
    up through the ranks to a position of importance.

Speak Your Mind

*