Every year, every month, the number of access data we need to use certain services grows: Logging on to the computer, iOS, Android, Facebook, Twitter, Instagram, Spotify and Netflix, online banking and another online store - and another online store and another.
If you make it easy for yourself and use the same password for all services, you are taking a high security risk.
The password is then only as securely protected as the most insecure of the services used. Again and again, large amounts of user data, even from large and established providers, fall into the hands of hackers, who then test the misuse of the captured logins with other services. We therefore strongly advise against using a password across the board.
Some services allow you to log in via a Facebook account, for example, so that you only need to remember your Facebook login details to log in to Spotify, for example. This process is also known as "social login".
If you run web applications yourself, you can benefit from the convenience of social login functionality more easily than most people think. Mainetcare develops web apps with corresponding login options based on Laravel Socialite. This makes it possible to log in with accounts from Facebook, Twitter, LinkedIn, Google, GitHub, GitLab and Bitbucket.
This is convenient, but in principle the above applies: a password for several services also opens up several services to misuse if it falls into the wrong hands. In addition, when using your Facebook account as a login service, you must also be aware that further information about your activities and interests will flow to the data-hungry social media provider.
The clean and secure way is to choose a specially selected secure password (What is a secure password? A topic in itself, which will be discussed elsewhere) for each access. But how are you supposed to remember all this?
Password manager programs that store passwords and other access data securely in encrypted form offer a secure and user-friendly solution. There is a selection of such programs for every device and operating system (1). If you choose one of these programs under an open source license, you don't have to pay anything and also have a potential security advantage. Open source security software allows the community to check the security functions in the source code, which usually brings any security gaps to light quickly.
With a password manager, you simply store all accesses centrally and only have to remember the login data of the manager itself. Depending on the software, the access data is stored in an encrypted database either locally on the device or in the cloud, which has the advantage that you can access your access data from multiple devices.
Many of the programs also help you to enter the data in the corresponding input fields, so that you no longer have to type or copy and paste, but can log in almost automatically with a tap or keystroke.
Especially when it comes to managing online access data, a password manager can also be used as a browser add-on. Here, too, there are various offers for every common browser (2). Or you can directly access a web-based solution such as 1password.com (3) which in principle makes it possible to access the data from any device with Internet access simply via the browser.
What if the access data is lost?
The usual way is to simply click on the "Forgot your password?" link/button that is usually available. This usually triggers the sending of a new password generated by the provider to a previously stored e-mail address, often together with a link that must be used to activate the new access within a certain period of time. As the password is transmitted via public networks, you can replace the received password with a new one of your own choosing after logging in for additional security.
More and more providers (such as Google and Microsoft) are also starting to make the definition of personal questions mandatory when setting up accounts, the answers to which should be "unforgettable", such as "The name of my first pet".
So if you forget your password for such an account, the answers to such questions provide you with an additional "authentication feature" that ideally cannot be forgotten and can be used to restore access.
So what to do?
- Choose a secure password for each access.
- Use a password manager instead of "remember".
- If passwords are lost, replace the automatically generated new passwords with your own.