The Uncomfortable Truth About Passwords (To Avoid Getting Hacked)

Be honest with yourself (and with me) for a moment. How many time have you reused that one or two passwords that are easy enough for you to remember but complicated enough (so you think) that someone else wouldn’t be able to hack them?

Have you reused it 5 times? 10 times? 20+ times?

If you’re anything like I was, it’s closer to 20 times.

Now, with that in mind think about the websites that you are reusing passwords for. Were they on last week's list of 107+ companies that were hacked in 2018 alone? Is it your bank, credit card company, social media account?

These are all things to consider as we march forward in this wild wild west of technological advancement and its affect on the safety/security of our identities and personal data.

The Easy Fix   

Dashlane is the easiest, most secure password manager on the planet. Plus, it's free!

Now, let me say at the outset, I was not one of these people that just jumped on the password manager band wagon.

Like you might be, I was turbo skeptical. "Why would I ever consider trusting the passwords to my most sensitive accounts to a software program?", I asked.

So instead, before I started using a password manager (a couple of years ago), I tried keeping a spreadsheet of my logins and passwords manually.

Having over 200 online accounts at that time (it’s well over 300 now), I was completely overwhelmed by the process of cataloging those passwords and was completely exhausted by the idea of trying to randomize them and change them on a regular basis. 

I mean really, who has time for that?

Like I mentioned, I had known about password managers like Dashlane and LastPass for some time, but was very leery of them because I didn’t fully understand how the technology worked.

I felt like by using something like a centralized repository for all my usernames and passwords would just make it easier for someone to steal my stuff.

 Do you "get down" with Pinterest? Would you consider pinning it to your favorite board?

What Changed My Mind?

Then, I started to dig into the research as a result of some YouTubers I respected who recommended password managers for people who are into cryptocurrencies. 

It wasn’t until that round of research did I begin to change my mind.

It wasn't until I heard how many times their accounts had been hacked and how using a password manager stopped that completely.

The “Why” To Have A Password Manager (And How Hackers Hack Your Passwords)

Without going into a ton of technical detail, hackers hack commonly used passwords using a process known as “Rainbow Tables”.

You see, your passwords to sites like Facebook, Gmail, Yahoo, your bank, etc. are actually not saved by those organizations as plain text, rather they are run through a “hashing protocol” and stored as the hash code that comes out the others side of that hashing protocol.

Stay with me, I know this is boring but there’s a payoff…

Hackers are able to hack passwords, especially commonly used passwords like “password123”, etc. because there are these “Rainbow Tables” that contain the hashes many commonly used passwords.

Hackers basically run the hacked hashes from a stolen database (like the 107 we talked about last week) and are able to obtain the corresponding password. 

Pretty crazy, huh? Apparently, there’s a website called “crackstationdotnet” where you can find these “Rainbow Tables”. I know, crazy, right?

But what If I Don’t Use Commonly Used Passwords? 

When rainbow tables fail, there are other hacking methodologies like “Dictionary” and “Brute Force" attacks that are used.

I won’t go into all the detail about how these attacks are carried out as it’s beyond the scope of this content.

Suffice it to say, you want to use a password generator/randomizer like Dashlane or LastPass plus 2 Factor Authentication (2FA) to protect your most sensitive (if not all of) your online accounts.

Do your own research and I believe that you'll find that a password manager like Dashlane or LastPass plus 2 Factor Authentication (2FA) is basically non-negotiable if you want to maintain any semblance of online security.

What Is 2FA?

The Yubikey (Yubico) is an excellent 2FA device. I have one myself and use it for my most sensitive holdings.

2FA is a login methodology that couples requiring a password (something you know) with confirmation of a secondary code residing on a device you physically possess (something you have).

2FA combines something you know with something you have. I strongly recommend that you enable 2FA on as many accounts as is possible. 

The easiest way to explain 2FA is to explain how it’s done.

If your bank requires you to enter a code you receive via a text message in addition to correctly entering your password, you’re using 2FA and maybe didn’t even know it. 

A couple of other relevant 2FA mechanisms are apps that reside on your phone like “Authy” and “Google Authenticator.

2FA can also be accomplished by having a physical device like a Yubikey (Yubico) that you have to plug into the actual device in order to log into your account.

Enter Dashlane Password Manager

Here's an entire blogpost I wrote on why I chose Dashlane over the other password managers.

Like I mentioned earlier, I started researching password managers about two years ago and after I tried a couple of different ones, I landed on Dashlane.

Dashlane was an excellent point of entry into this process because: 

1) It's super easy to use.

2) It's free (although there is also a premium version that allows you to sync across devices).

3) It's secure (in all my research, I learned that their competitor, LastPass has been hacked, so I steered away from them).

4) I'm able to use it for both my personal as well as work passwords (which number well over 200 now!). 

So, What Is Dashlane? 

One of the best things I ever did for my "password sanity" was to start using Dashlane.

So, what is Dashlane? Essentially, it is a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android.

Like I mentioned earlier, the app's premium version enables users to securely sync their data between an unlimited number of devices on all platforms, but you can use the free version and get by just fine.

Honestly, it’s fantastic and, at this point I don’t know how I ever lived without it...

Complex Password Generation

Another great feature of Dashlane is the ability to allow the application to generate very complex passwords with its “password generator” feature.

So, you can use Dashlane generate varying levels of complex passwords for your accounts that you would never be able to remember.

The password generator inside of Dashlane can generate password up to 28 characters long with the following options:

1. Letters
2. Mixed Case Letters
3. Digits
4. Symbols
5. Avoid Ambiguous Characters

These would be passwords that would basically be impossible for you to memorize, particularly if you had to try and memorize multiples of them.

Now, you don’t have to remember them because Dashlane is your powerful “external password memory”.

The Question Of Security

The obvious question: “But is it secure?” 

The truth of the matter is that everything digital can be hacked, yes even Dashlane. Hacking is just a reality we all have to live with in the digital age.

However, the wisdom in using a service like Dashlane is that you’re adding more layers of complexity and inconvenience to a would-be hacker and therefore likely causing that person or entity to move on to "lower hanging fruit”. 

Speaking of low hanging fruit, there is plenty I assure you. Just think about how many people still use simple words like “password” or “admin” as their passwords. Then think about how often they reuse those as passwords for multiple accounts. That’s called low hanging fruit for would-be hackers!

In other words, employing a system like Dashlane is not going to guarantee that you won’t be compromised, but it does give you a rather large buffer between you and the hackers, particularly if you are vigilant about changing your Dashlane password and guarding your two factor authentication device (i.e. typically phone, or other 2FA device).

For more information about their security protocols, you can check out this article:

https://blog.dashlane.com/what-if-dashlane-gets-hacked/

The Challenge

So this is my challenge, at the very least start making a list of all the websites, banks, social media platforms that you have accounts with and start making a record of your usernames and passwords. 

Just go ahead and start writing them all down. I think you'll be surprised.

You might be doing this for weeks or months. Every time I think I have them all, I remember another or even have to create another.

If you’re overwhelmed, don’t worry I was too. That’s when you might think about using something like Dashlane to help you reduce the headache you’ll soon find you’re engaged in.

The Bonus

The basic version is always free. The "Premium" version just lets you access across multiple devices. 

Actually, Dashlane recently sent me a free trial of Dashlane Premium for up to 3 of my friends. So, if you want to check out how powerful and easy to use Dashlane is, give it a whirl for 3 months.

Just follow the instructions here to claim your free trial.

1. Click here to automatically apply the promo code. 
2. Confirm your email address using the "Don’t have an account?" option.
3. Enjoy Dashlane's password and identity protection!

Link not working properly? Copy your promotion code 'DDFZFR6ERB8O' and paste it here.

Be sure to let us know how it’s going and share your struggles and best practices in the comments below.

And now that we've addressed your identity and data security, let's talk about your financial security. :)

The 8 Steps To Obliterate Your Debt