padlocks

One simple way to avoid identity theft

avatar
About Charlie Park

Charlie lives with his wife and three daughters outside of San Francisco. He runs PearBudget, enjoys being outdoors, and really loves a good library.

In light of the Heartbleed bug mess, this seemed like a timely topic to revisit.

Ready to be scared a little bit? The odds are very, very good that — at some point in time — a website you use has been hacked, and your e-mail and password from that site have been compromised.

Ready to set your mind at ease? It’s simple and easy to set up your online life so that you’re totally safe if that ever happens again (and to protect yourself now, in case one of your passwords is out in the wild).

I know that normally I talk about money stuff, but today I’m going to be talking about you, your online life, and how you can make sure the bad guys don’t get to access your bank accounts, your e-mail, your blog, or the other important parts of your identity on the internet.

So, it turns out it’s hard to write a post about “security on the internet” without it quickly falling into a hysterical, doom-and-gloom, panicky mess of a post.

I have no desire to cause anxiety, but I also want you — when you read this — to understand how important it is, and how easy it is to protect yourself. Really, it’s as simple as downloading a free program (takes a few seconds), setting it up (takes about a minute), and then using it to log in to the sites you normally use (no more time than it takes you now).

If a website I use gets hacked, and my password gets stolen, what do the thieves get?

Without getting into the boring details, there are two ways a website can store your password: encrypted (meaning a password like “puppies_are_cute” is stored as something like “c76dae966ba4fe2e427249511e3983ac16beef67″) and unecrypted (meaning it’s saved in the database as “puppies_are_cute”). Even if a password is encrypted, hackers might still be able to crack it and figure out your password.

Ideally, every website would encrypt passwords securely before saving them. But they don’t all do it. If your password gets stolen, it’s probably safest to assume that the bad guys have your actual password. (Yikes!) And that they now have access to every site where you use that password. (Double-yikes!)

If I can’t guarantee that my password will be safe at a website, how can I protect all my other accounts if that site gets hacked?

The easiest way to keep yourself safe is to use a different password for every website. That way, if Site A gets hacked, your password from there will be useless at Site B.

Do you know how many sites I use? I can barely remember to get all the things on my grocery list. You expect me to remember that many passwords?

Ha, no.

“Remembering passwords” is something you should probably commit zero brainspace to. But if you can remember just one (which you’re doing right now), you can use a password manager.

What is a password manager, and why should I use one?

Password managers do three things:

1. They securely store the username and password you use to log in to every site on the internet.

You only have to remember the one password you need to get into your password manager, and you’re all set. Also, when you first set it up, it’ll import all of the saved passwords you have on your computer.

2. They let you create unique passwords for each site.

Instead of using an easily-guessable password, they’ll generate a password that looks like this: “Af!@ADn56Zk*”. And every site you use will have a different password, so if one gets compromised, the rest of your online accounts are safe.

Even better, they remember your passwords for you, and can fill them in automatically. So you don’t have to worry about remembering them.

3. They give you a browser extension that lets you log in with a click of the mouse (or no clicks!), and manage your account across computers.

You might already have your computer set up to do this, but with LastPass and One Password, you can set your computer up to log you in to any site automatically. Further, if you log in to your LastPass account from another computer, or from your phone or tablet, it’ll log you in there, too.

As a bonus, they also store credit card information and other important data that you need. They encrypt it all, so your info is secure.

I have to pay for this, right?

Nope. There are two leading password managers. One of them is free.

  • One Password — a one-time $50 fee, works across all your devices.
  • LastPass — free, but if you upgrade for $1/month, you get an iPhone/iPad/Android app that lets you log in more easily on your phone or tablet.

Personally, I use LastPass (the free one) and when I need to log in to a site on my smartphone, I just enter the password manually.

But … what happens if LastPass/OnePassword gets hacked?

The short answer: nothing. All of your data is encrypted, via methods that make decryption practically impossible. Your data is safe. Not even the folks behind password management tools can see your passwords.

Every few months, I see news that some large site has been hacked, and millions of passwords have been leaked. I used to be afraid. Since setting up a password manager, though, I’m not at all concerned. I’d love for you to have that same sense of peace.

And with all the things you’re trying to manage in your life, don’t make managing your own passwords be something that you have to handle as well.

Do you use a password manager?

This post was originally published on April 19, 2013.

Join the Conversation

Subscribe For Free!

Like reading this post?
Get more delivered to your email inbox.

Comments

  1. Interesting timing. We just dealt with a major breach ourselves due to a hacker – $2800 dollars worth! Thankfully, the vendor and our bank were great and we were totally protected. But it sure has been a huge hassle. I had to change several accounts, passwords, and get a new debit card.

    We need a new password system, obviously.

  2. I don’t use one at the moment but I will now! Thanks for the great info. I log into a bunch of sites and do worry about it.
    Catherine´s latest post: Favourite Finds Friday

  3. We are huge advocates of 1Password. Thanks for sharing this.

  4. I have never heard of a password manager – what a great idea! It certainly beats my little word doc organization method of the many passwords I can’t actually remember :-)
    Heather´s latest post: what i am eating – comfort food

  5. I use 1Password and love it. It took a lot of coaxing from my husband and grumbling from me, but once you get everything set up it’s very easy to use. I just recently learned a neat trick where you can append “op” to the start of the URL (so it reads ophttp or ophttps) and it will open in the 1Password app, which is really handy if you do most of your computing from a mobile device like me. I also store credit cards and user identities in it, so when the autofill on my browser fails me, 1Password still saves me a lot of typing.

  6. What?! I’ve never heard of this. It sounds like a fantastic tool. Great article.
    Jenn @ A Simple Haven´s latest post: My Adventures in Cheese Making

  7. I’d heard of these services but didn’t know how they worked. Thanks so much for explaining this. SO helpful!! I’m definitely going to get this set up!

    I had to freeze our family’s credit this month as the ultimate secrity measure, since our state (SC) had all the online taxpayer’s social security numbers stolen !!! It was a big deal, and the state is paying for credit protection for a year for everyone, including the kids that were named as dependents, but once we finished refinancing our mortgage we decided to do the most secure thing of freezign our credit. Now no one can open any credit account in our name at all! I feel better
    sarah´s latest post: TV Lift cabinet redo: Before and After

  8. As someone who just had her bank account compromised TODAY, I needed to see this! Apparently my debit card info was stolen via a website and someone had a field day with my money! Grrrrr.

  9. Thank you for this post! Seriously I had never heard about a password manager. I am definitely going to have to check this out.
    Lisa´s latest post: Miguel’s Missionary Moment

  10. Yup, have been using the password manager Roboform for years. It also syncs with mobile devices too. I highly recommend it!

  11. My Mac computers offer to remember my passwords for me. How safe is this as compared to the password managers referenced in the article?
    Julia´s latest post: Chocolate Buckwheat Waffles with Coconut Whipped Cream

    • The main benefits of a password manager over just using your browser’s built-in “save this password” option are:
      • a password manager gives you a random password for each site
      • a password manager gives you a password that’s complex enough that it’s not going to be cracked
      • a password manager will help you log in *across different computers*.

      On that last point, let’s say you have a desktop and a laptop. For whatever reason, you update your password somewhere from the desktop. It offers to save your info. You say, “sure.” But then, the next time you’re at a coffeehouse and you want to log in to Facebook (or whatever), you’ll have to do that whole “forgot my password” dance, which is a waste of time. Password managers take care of that for you. So once you log in to your account (regardless of the computer you’re on), it’ll have your up-to-date passwords ready to go.

  12. I use LastPass, and one of the great features it has is 2-step verification. This means that not only do I have to put in my password, but I also have to put in a code off of a table that I keep on me. This means that even if my LastPass password was stolen, without that table, they still won’t be able to get in. I also have 2-step setup and Gmail, so that if they somehow manage to get my gmail password, they will also need to have my cell phone. Sure it looks funny when I want to check my email at a friends house. But my data is as secure as it can be right now. Only thing to make it more secure it biometric, and not all computers have that as an option.

  13. Very timely indeed. My email was hacked this morning. I’m sold!

  14. Sounds like a great tool. I use multiple passwords by creating a very strange initial password like “ljdiaofij&8Km” and then injecting 3 letters associated with the site into the middle, like “ljdiaofijSIM&8Km” (“SIM” for simple mom) that way I don’t depend on software if something should go wrong with it.

    Also, citibank credit cards offer an online virtual number program which creates a virtual number for your credit card whenever you shop online. While you can set the number to extend for a certain amount of time or amount of work, it essentially is only valid for that one purchase. It creates another layer of protection against access to my credit card.
    Sarah @ Your Healthy Home Biz´s latest post: Hard Work

  15. I use KeePass and I love it! I still struggle to not jump in and use my “go-to” password, but KeePass is making it easier to adjust and create unique passwords for every account I have.

  16. We use lastpass and love it! I have had my email hacked several times but since using lastpass it hasn’t happened once!

  17. Thanks so much for sharing this! I’ve been thinking about looking into something like this–you’ve saved me time spent researching; I’m taking action today!
    Wendy´s latest post: an experiment kit (inspired by martin & sylvia of sparkle stories)

  18. Unfortunately, I am one of the thousands of Canadians who’s personal information is “out there” somewhere, because of that government hard drive being stolen after I applied for and received a student loan years ago. While i will continue to be very cautious with all my personal info, it still bothers me that someone out there potentially knows everything that is important about me :(

  19. Thanks for giving information that is helpful and informative without making me feel incredibly dumb or for making me afraid of the internet. I’m checking out LastPass today!
    Kelly Wiggains´s latest post: Vulnerability: Our Greatest Asset

  20. We use KeePass, which has been a memory-saver! We just have it on our main computer right now, but it’s really taken the pressure off my mind. I spent too long trying every single password that I’ve used in the last 10 years. Because I spend time on other computers as well, I have used my own easier-to-remember passwords, but maybe it’s time to create KeePass accounts on my work computer and laptop.

  21. Hi Charlie, Interesting stuff…thank you. I just signed up for your free trial of Pear Budget and I love how easy it is to enter everything! I’m looking forward to trying it out!
    Debbie´s latest post: Aunt Missy’s Pizza Sauce

  22. Good timing, my husband has been telling me FOREVER that I should stop using the same password everywhere. In my defense, it’s 2-3 passwords but really that’s not enough. Off to check out LastPass!
    Tiffany´s latest post: Fluffy Pancakes (gluten-free)

  23. I haven’t used one because I didn’t really understand how they worked and was concerned about security. Thanks, Charlie, for explaining it in simple terms!

    And thanks for PearBudget. We are users and love it!

  24. I use 1Password – I’ve used it for a few years and I love it! I also use it to track purchase receipts (it supports attachments). Given the hundreds of websites I use, it is the sanest way to track everything. I have also gotten to where I have alerts set up with all of my credit/debit card companies. I get fraud alerts via email, phone and text.

  25. I’ve used PassPack for years. It’s free as well for less than 100 passwords, I think.

  26. I’m a mom first and foremost… AND I also recently began working at LastPass! It’s a fantastic company/software – but regardless of which password manager you choose – please choose one! It accomplishes two MAJOR things for me… simplifies my life (which is desperately needed) and keeps my information secure. Side note: it also has cool features like secure form fill that really speeds up those summer camp registrations ;)

  27. You inspired me to bite the bullet.

    I installed Last Pass and feel like the weight of the world is off my shoulders.

    My learning style is hands on so I started with a site I didn’t care much about (in case I messed up with letting LP generate a password for me, etc.)

    Keep going with various sites that you don’t particularly care about and pay attention as you add them to your vault. Sometimes there’s a glitch (for example, if the site doesn’t require a password confirmation). You can manually fix it.

    I added sites one by one, logging out each time and then letting LP login for me with the new password. Once I was sure it was working correctly, I added another.

    Finally I added a site I cared about (the Dave Ramsey forums) but one that wouldn’t lock me out of our bank account. That worked successfully. I plan to continue adding sites leaving my web broker and banks for the last ones. By then, I hope to be an expert at this!

    Thanks for sharing such a great post. I needed to do this in the worst way. I love how LP will generate a strong password for you. To me, that’s half the battle.
    Mary´s latest post: New (free) ways to learn skills that can earn you money

  28. Am I correct in assuming that this would be a bad idea to install on a computer that, say, I let my roommate use? Also, is there any way for my husband and I use it for two separate accounts with the same website? I suppose the obvious answer to both these questions would be to set up different users on the computer in the first place… we’ve just never taken the time to do it. Thanks for all the tips, I am challenged to put some better security in place.

    • Regarding the roommate / coworker / shared computer — As long as you sign out of your password manager, you should be fine. For the software to work, you need to log in to it (e-mail & password), so as long as you don’t leave it logged in (and don’t tell them your password!), you should be alright.

      You can have multiple accounts on a single website, even if you both log in to the same password manager. (Hopefully that made sense.) Another example of that scenario: I have multiple bank accounts at one bank (one is personal, one is business). When I go to the bank website, LastPass gives me options as to which account I want to sign in to.

      I hope that helps!

  29. Good evening Charlie,
    I’m in the process of following your suggestion today, having signed up for LastPass this afternoon.
    I am finding the credit monitoring feature interesting, as well as the obvious simplicity and security of pass word maintenance.
    Thanks mucho for the article, and thank you Simple Mom for making the article available on your site

  30. Great article! And yes, I use a password manager. Mine is called Sticky Password (www.stickypassword.com) and I use for couple years. Now the changing of all the passwords because of Heartbleed will be easy :)

  31. I wanted to add a quick note, specifically about Heartbleed (linked at the very start of the piece). The Heartbleed website is aimed more at web developers than at the normal everyday web user, so don’t worry if it uses a lot of technical jargon that you don’t understand.

    Here’s the core issue around Heartbleed: Most of the Internet had a bug in its code that meant that someone (in theory) could have observed traffic that was supposed to be encrypted. Think of it like a party where you need a password to get in past the bouncer, but there’s some dude standing within earshot of the velvet rope. If he hears the password when you say it, he can now get in, since the bouncer will think he’s you. It’s even worse if that same password gets him in to every private party in town. And to the bank, and library, and so on.

    What you should do about Heartbleed:

    There’s no evidence that anyone knew about this bug before it was reported to web developers, but it’s still a good idea to A) use a password manager like I described in the article, and B) to start changing the passwords you use on the web.

    Now’s an especially good time to do those things if you happen to use the same password on every website! :)

  32. Yes! We use LastPass. I love that it will generate complex passwords for you, so I don’t have to sit there looking around my room or flipping through books trying to find something to spark a unique but memorable password in my brain. The passwords it generates can be 10, 20, 30 or more characters, including numbers and symbols. I would never remember those types of passwords, but Last Pass does it for me and logs me in automatically!

  33. I use my tablet 90% of the time. Do you have any recommendations for secure, free android password managers?

  34. Never heard of this before, but I’m sold. Everything is so risky now days…this should help.
    Lisa´s latest post: Family History – What’s the big deal?

  35. I have been using Keeper to store my passwords. But I am making the switch to LastPass and changing all my passwords to be encrypted.
    Bethany Turner´s latest post: What items should you switch to Fair Trade?

  36. I’m wondering how LastPass can be free? I’m feeling hesitant to trust it.

  37. How do this work on our e-mail when we are logged in using the icons on our iPhones or iPads? Same question with the apps? Also, do I need to manually change my passwords on the different sites or will it do it for me?

  38. Standard principles of the watch that one can take pleasure from commencing today.

  39. Magnificent web site. A lot of useful info here. I’m sending it to some friends ans additionally sharing in delicious. And naturally, thanks for your sweat!

  40. Excellent post. I was checking constantly this blog and I’m inspired! Extremely helpful information specially the ultimate part :) I take care of such information much. I was looking for this particular info for a very lengthy time. Thanks and good luck.

  41. One simple way to avoid identity theft | The Art of Simple
    [url=http://www.gs55md64ij5g71kru82218g8bctn30p0s.org/]urgwnygxrvf[/url]
    rgwnygxrvf http://www.gs55md64ij5g71kru82218g8bctn30p0s.org/
    argwnygxrvf

Speak Your Mind

*

CommentLuv badge