As I write this, I am shaking my head. Another site hacked, this time one that hold passwords for thousands of people.
What I am commenting on is a service called One Login. It is a password manager service. The idea is to keep all of your passwords in one place and have a program or app on your phone keep track of them so they can all be very long and different. You only need to remember the one password for the service and the rest is done for you.
Well, OneLogin was broken into by hackers and all of the passwords, including the keys to unencrypt them, were exposed. If you have this service, you have already received an email about it. For the people that do not have that particular password manager but do use a similar service I would like to caution you with a bit of reasoning.
The old saying is "Don't put all your eggs in one basket". A password manager does exactly that. It puts everything valuable in one place. You are then trusting some company to keep the passwords to all your valuable information safe. Consider this... if you are a hacker, it would make sense to attack the place where there are hundreds if not thousands of passwords rather than trying to get just one password of yours.
Personally, I solve the problem of having different passwords on different sites by making a formula out of them. It is a rule that I apply to each website when they want me to create a password. If follow the rule, then each site then gets a unique password. I do not need to remember the password, instead I can recreate in my mind by remembering the simple rule.
Here are a few examples:
Let's say this is my formula to make a password for any web site I visit:
First two letters of each word of the website name, followed by the year I was born, followed by a $ and then my initials in lower case
Wells Fargo = WeFa56$DP
Ebay = Eb56$DP
Chiriqui Life = ChLi56$DP
As you can see you end up with both upper and lower case letters, numbers, and a special character ($). That meets all the recommendations and it is unique for each website. Now when I visit in the future, I just think the rule out and I can figure out my password without having it written down or stored in a password manager.
You can add other things and mix it with your own variations to make your formula unique. Perhaps you want to use the first initial of all your kids names or maybe the last two letters of the website name. The idea is to create a simple rule that lets you create a password for each site and makes it unique. Keep the rule the same for every site and it will have enough variations to make a different password each time. By doing this, you no longer need the password manager service and all of your accounts will not suddenly be exposed with a single failure should it get hacked.
It is something to consider. I have always said a password manager works right up until the company disappears or gets hacked. When that happens, you do not have to deal with a single exposure, you have to deal with EVERY site. In today's world, that can easily be 100s.
Now... about saving the passwords in your web browser so you do not have to enter them each time - I will let you consider the risks when your computer goes into the shop for repair !
Stay safe and enjoy the day