Why Password Managers are necessary
About 20 years ago when I was still working as a security guard, we had these internet kiosks brought into the mall. You could search the web; albeit very slowly then; and sign up for email. This was my first exposure to email and I hurriedly signed up for a new Yahoo! account. My colleagues did the same and in no time we were chatting to people overseas. It was exhilarating and we felt so connected, to the world.
Part of the sign up process required us to answer a password question as a kind of insurance in case we forgot our passwords. The questions were preprogrammed and were things like ‘What is your pet’s name’ and ‘What was the name of the high school you attended.’ The problem with this was twofold. It was a public kiosk and security guards have a lot of time at night. So of course I began guessing people’s answers to their password questions. Nowadays people just put all that information on Facebook, Twitter and Instagram.
Granted this was not the behavior expected from a security guard but I was young and the mall basically protected itself during the night. The more surprising thing was that it was so damn easy. People actually gave their real schools, or pet names, and if you had enough patience you eventually got in and could read all their juicy messages. This I did, without ever having really touched computers much myself.
FNB Blocked Ability To Copy and Paste Login Info
This is why FNB (First National Bank, South Africa) advised people a few weeks ago to not use their browser to remember their bank’s login details. This is a valid point. Browsers are not impenetrable, in fact nothing is. And hackers usually rely on people’s laziness or blatant ignorance to penetrate systems. Sometimes the fault lies with the software developers that built the browsers, websites or apps we use. Other times it’s us, the end user.
This is scary. And of course you can think of the implications today when a lot of people are constantly connected and sharing their personal information on social media platforms freely. Of course most people do this with the assumption that their really private stuff remains private. We not only keep the passwords for Facebook and Instagram but also Gmail, Netflix and sometimes even our banks. These services have access to our most private information and sometimes more importantly, our money.
I know people who use their names with a few trailing numbers. francois388. I can write a short program that can test for all permutations of 11 characters in less than a few hours. See how easy it is to get an ID number if you have enough patience and fortitude. Some institutions still use your ID as your password. Log in with your ID they say. So that we know that it’s you. Gosh.
The problem with FNB’s block (they have since unblocked it) on browsers remembering passwords is that they extended this to password managers. Password managers are apps that remember all your passwords so that you don’t have to. You can download the app to your mobile and desktop devices, and most have a browser extension. You access the app or extension using a master password you create during setup. This is the one password you need to remember. And no, francois388 is not my master password. I know, I know. You thinking, ‘Quis custodes ipsos custodies.’ Me too, but let’s leave that for now.
There was a huge backlash on FNB’s decision to block password managers and angry customers took to social platforms to voice their concerns. Password managers help people create more complex passwords using a random password generator. With options of up to 64 characters including 10 symbols and 10 numbers, you can get a pretty secure password.
I use 1Password and they have a browser extensions which means that I basically never have to remember lots of passwords ever again. Add to this the fact that I have a fingerprint reader (Touch ID) built into my phone and I do even even have to remember my master password sometimes. Some people even use Face ID and although this technology is even more secure; my girlfriend can open my phone while I’m sleeping using my fingerprint; it is still new and not as reliable.
So FNB; although well intentioned; did not really help customers by blocking password managers. And people were finding ways to bypass these blocks which open them up even further to attacks. Some people would resort to using simpler passwords that could be remembered more easily. FNB relented and removed the password manager blocker but their concern has certainly made me more wary of my own digital security.
I just finished listening to a podcast called Breach which focuses on two very huge hacks that happened in the last decade. First was the Yahoo! data breaches of 2013 of 2014 which involved Russian spies and affected 3 billion users. Yahoo! only reported this in 2016. Then there was the Equifax breach where the personal data of 143 million US citizens got exposed in 2017. No company is safe from attacks, and this gets proven on an almost daily basis. I think people need to take more responsibility of their own privacy and not just take it for granted anymore.
No company is impenetrable and no one cares about my data as much as I do. I want to make technology work for me because it has been so beneficial to me. I do not want it to ruin my life. So I have to take charge.