Secure your digital assets – A guide by @rindam


If you are not living under a rock then probably you have a few dozen login credentials to remember which may be email Id credentials, facebook, twitter, cloud credentials, bank accounts, credit cards, social security numbers, loyalty card details, locker numbers etc. Keeping a track of all these usernames, passwords or numbers can be really annoying and hard.

It’s a problem we all have but are too reluctant to look into it. People in general have an attitude of ignoring this problem and assuming that for some unknown reason they are free from being hacked. It’s time we should start worrying about our online world as much as we care about real life assets.
Banking or Identity fraud happens every day with someone or the other. So it’s better to be careful now that repent later. Here are few tips and how you can keep your digital life safe.

Remembering Everything — Remembering passwords is something many people do. Remember all your account details, passwords and anything that you might need on the fly. But the problem lies here is that not all of us are Einstein and hence remembering a few dozen passwords is a tough call. To simplify this most people keep plain passwords like 12345678, or keep a single password for all their logins.

NEVER keep same password in your accounts, NEVER do that. Did I say NEVER?

If you keep same password across all your accounts, and if one is hacked so will be the others. Always always and always have separate, unique & strong passwords for each of your logins. And please don’t keep passwords like 12345678. Keep strong, long and unique passwords. Your password should be something like this : Jg67$@5@38DOp77 (just an example).

Keeping a simple readable password is almost as bad as no password.

 

Use 2 Factor Authentication —Most online accounts now offer 2 Factor Authentication. Never heard of? No problem. It’s a simple concept where you need a 2nd information to login other than your user name or password. Say when you enable 2FA in Google, other than your username & password, you will also need a code which Google will send to your registered phone number (or you can use a Authentication App). Many other services have a hard token for generating codes. There are apps for offline generating tokens also (Google/Dropbox/Facebook all have support for them). Hence even if someone knows your password, he/she cannot login without the second code or sms OTP making it much more secured. So its intelligent to enable 2 factor authentication in all your accounts. Good authenticator apps include Google Authenticator, FreeOTP by Redhat, SAASPAAS etc. Make sure that after enabling 2FA, generate backup codes from respective services.

Writing down passwords – For multiple unique complicated passwords, writing down on a paper and keeping it safe is what many do. For people who wants security over convenience this is probably the safest way. Write all your passwords in a piece of paper and keep it safe in your home. When you change a password just update that. It’s local, with you and always safe (till someone snoops into your house and steals it — we won’t discuss that of course).

Browser Save Option — Most common approach probably is to remember passwords within browser.
This is pretty convenient for logins and easy to use. But the only problem is since you don’t remember the passwords anymore, if you want to login somewhere else other than your home PC/mac/phone, it becomes a problem.

Use an Online Password Storage Solution — There are many apps for online cloud based secured password storage. The concept is simple. You register and create an account in their system (just like you create email or social accounts). Once done, login and store your credentials there. The data is stored in their servers or locally in Encrypted form. Typically most of them use AES 128/256 encryption which is almost full proof and very very tough to crack (practically impossible). For encryption you need to provide a KEY, which is something you and only you have. The key is not stored anywhere in their servers and is only with the account user which gives a piece of mind. This is definitely a very secured approach and helps not only to keep your passwords and credentials secured, safe and always available but also in one click logins (either they have browser extension or apps on ios/android).
Since most come with multi-platform apps so the data is synced across devices (encrypted ofcourse). This is a nice approach for people who own multiple devices and login many times to different accounts from multiple locations or gadgets.

If this is good enough for you, try LastPass or DashLane. Both are pretty solid password managers and have a nice track record, universally used and accepted.

Store Passwords Offline — If you have problems with Cloud and Secured words coming together, for sure you are not alone. No matter what algorithm are used or how secured the servers are, end of the day you are still putting the data on someone else’s hand just based on trust and some mathematics. Why not keep it safe and local which never leaves the device. Ideal for people who are not comfortable with their data in cloud. Though locally doesn’t necessarily means safe. You either have to stick to one device or sync via wifi/cloud solutions. If its in one device, lost device means lost digital world. Anyway coming back to offline password managers.

There are two ways of offline password storages — put all your passwords in a file and keep it in your system or external drive/flash drive. Make sure it’s safe and with you. Better encrypt that file or password protect the file and store it just to be safe if the device/drive is stolen. But this approach will again bring up the problem of syncing and changing passwords, updating etc.

Here 1Password smartly solves the problem. How about data being stored only and only in your device and yet can sync to multiple platforms seamlessly. Sound amazing? Thanks to 1Password we have something like this.

The app is available for ios, android, Mac and Windows too. It doesn’t store your data on any server (though they have Account options now).

All your data is local and stored within the app in your device encrypted using a Master password (which only you know and never saved on server). In short the data never leaves your device if you don’t want it to. Even if the data is stolen without the Master password no one can open it. For someone to steal your credentials, the person has to steal your device, unlock it with device passkey and then know the Master password for the app.

Here is what they have to say about security https://guides.agilebits.com/lpasswordwindows/l/en/topic/security-lpl-win

Now how will you sync the data? Well syncing can be done on Wifi between multiple devices. Again the data never leaves home wifi network. Lastly you can also sync the data with help of dropbox (only the encrypted data is uploaded). 1Password link

Personally I love how 1Password is designed and since the data is always local, it’s a solid choice for millions of people around globe. 1Password is slowly becoming a leader of password management and I hope they keep doing it better every day.

There is nothing absolutely Full Proof in the world but it’s better to stay as safe as possible. It’s high time we should take care of our digital assets. Stay Safe !!

– Arindam for TechDaily24*7

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s