Plus, what the future holds for Passwords at Avast
Are you tired of trying to remember all of your passwords? I certainly am, especially as I login to hundreds of sites. But don’t pity me -- I have no idea what any of my 326 passwords actually are. And that is a good thing, because I have been using a password manager to create and keep track of them for many years (we recently mentioned using password managers in this blog post about ways to protect yourself against various attacks).
If you use the Avast Passwords app to manage your password collection, you probably know the joy of not having to fuss with your logins. However, Avast is putting this product on hold and stopping the sale of new Passwords licenses with the ultimate goal of adding this feature to Avast BreachGuard in the future. If you have an active license for Avast Passwords, you will still be able to renew your license -- once a solution has been integrated into Avast BreachGuard, you will automatically be migrated.
Why your memory doesn’t work for passwords
Here’s the issue: if left to our own memories, we end up reusing our passwords. This post on Beta News says the average is 2.7 times. This is probably the worst thing you can do for your personal security. Many of us choose easily guessed passwords, such as the names of our pets, a string of numbers, a birthday, or such. This just makes it more likely that we will be victims of identity theft. In case you’re interested in having a deeper look into this, the Avast Hack Check tool makes it easy to check the security of your passwords, as well as monitor future leaks.
The next worst thing to password reuse is to rely on your web browser and your underlying computer or mobile operating system to create and recall your passwords. This procedure has two major flaws: first, if you don’t use all Mac (or all Android) devices, you are going to have problems when you move between them. For example, I alternate using a Mac Mini, an iPhone and a Windows 10 laptop – you really need a separate password manager tool to synchronize across all three. Secondly, you are still a target of malware that can collect this information from the browser (something that the Avast Premium Security tool can protect against, by the way).
First, each login is stored in a special encrypted and cloud-based password “vault”.
Second, the vault has a special “master password” login that can be secured with additional authentication factors. I recommend that you use an authentication app such as Google’s Authenticator or Authy.com for this additional security. If you forget your master vault password, you are out of luck, so choose something that you can remember but isn’t too simple.
The manager can typically import your stored browser passwords when it is installed. This is a great start towards building your vault.
Next, passwords for new logins can be easily generated with a special built-in tool that pops up automatically when it senses you are browsing a web page or at a new app’s login page. Have the generator create passwords of at least 15 random characters. Make sure you use all characters: upper and lower case, symbols and numbers.
All of the apps have routines that can be used to identify your weakest or reused passwords and alert or nag you to change them.
In addition to passwords, the managers can also securely store files and credit card numbers.
Finally, many of the tools have a feature that allows the vault to be shared across family members too.
How to pick the right password manager
Here are a few suggestions on how to pick a password manager. You’ll want to ensure that the manager has software versions for all your mobile, desktop and laptop operating systems and will support the particular OS version that you are running on each device. You’ll also want to ensure that the manager supports the particular browsers and version levels that you are using. Next, look carefully at the price. With most of these products, you can download a free version and get the hang of it before you pay for the features of the for-fee version. Each manager’s free version comes with some limits: for example, a shorter list of login entries or lacking the synchronization feature across multiple devices.
The PC Magazine review cited above recommends Keeper, Lastpass (either its free or premium versions) and Dashlane. Each of these vendors offers browser-based versions for Mac and Windows as well as apps for iPhones and Androids. That is a lot of software to download initially, but once you get through this first phase, you will be glad that you put the effort into managing your passwords with these apps.