It’s been a while I am exploring my own needs and also do some researches on the internet to find out if I really need a VPN service. During this period, I come to realize that I may need a password manager software more, than a VPN service. Do I really need a pasword manager?
This started from several months ago when I notice some of the scams e-mail on my spam folder which mentioned old password I’ve used on some sites, several years ago, during my time on college.
You guessed it, the scam e-mail starts with kind of wording:
I do know, [PASSWORD REDACTED], is your password. You do not know me and you are probably thinking why you are getting this e mail, correct?
Though I do know such a scam e-mail is really popular, I still wonder how those scammers got my old password.
Knowing your credentials were spilled out somewhere is annoying, isn’t it?
After a bit of exploration, I remembered one of my employers suggested me to use one of his recommended password manager software.
I decided to give it a try on my MacBook.
It turns out that the password manager also offered me a feature to scan for data breached when I inputted some of my e-mails I’ve used since the first day I got online.
It turned out there are five sites that have been hacked from 2013 till 2015 and my data on those sites were breached.
Lucky for me, I did remember that I used that same old password mentioned on the scam e-mail I received.
Yes, that’s it. Now I know how those scammers got my old password and e-mail.
The story is most likely:
Either the hacker who cracked those five sites sent me those scam e-mail, claiming they had my password and asked me to pay them with bitcoin.
Or, the hacker who cracked those five sites leaked the information on the internet, and sell it online ( this is more likely, if they wanted the cash quickly )
And the buyers of those datas (which including my credentials), sent me those scam e-mail.
From such encounter, I do think that I need to be more careful when registering accounts.
There should be no more the same password among sites I’ve registered.
And I achieved this with the help of my favorite password manager software.
Since I am a cautious person, I still think this more, trying to explore more, tracing more, and eventually trying to get more reasonings
What if the data sent and received from my devices to the site’s server I register are being listened by third parties.
But hey, I always make sure all the sites I’ve registered until now always used https…but, is it secure enough?
This was the point when I give a try of ProtonVPN service, two days ago.
They gave me 7 days trial of the highest plan available but I still have five days to decide whether to upgrade my subscription with them or just leave it on the free tier plan.
Now, let’s go back to the story of how those five sites got hacked and spilled out my credentials.
Honestly, I don’t really know the details of how hackers cracked them.
Four out of five were already using the https protocol when I checked them using my password manager software.
I am not sure if they’ve had put their https up when I registered to them around 2008. or when they put on their https protocol
But if those sites with https are still vulnerable, isn’t it a time for me to consider an additional layer for protection by never have any same password among the sites you had registered?
I am lucky enough that the leaked password to those scammers was the old password that I’ve never used anymore anywhere.
But, this story does remind me to always do best practice: never use any same password on more than one site.
And having to remember many different complicated passwords is just something I can’t accomplish.
Isn’t this is when the password manager software comes in handy?
Is password manager software really safe?
Not really. I came up with my own strategy when using this password manager.
I don’t completely give up all of my passwords to that software.
You should think creatively when doing such software.
Indeed, it’s very cool software but there’s no guarantee that their vault or server is invulnerable from breaches.
Do I need a password manager software?
Personally, due to the myriad sites and apps I’ve registered on the internet, I do need it.
I bet, in this digital age, there’s a chance that you’re just like me.
Again, never repeat the same password for more than one site. That’s my best practice and it can be yours too.
Why use a password manager?
I’ve explained it briefly on my story above, but here are the summaries:
It’s easy to use the same password, the password that you can easily remember without writing it anywhere. But it’s likely to be easy for others to guess it. This is not safe.
It’s best to use a different, complicated, long password for each site you register. But it’s also the safest way to secure your credentials.
If you’re a care-free person, you can completely let the software to handle all of your passwords. Then, just remember one master password for all of them.
Can it be trusted?
It depends on its developer.
As for best practice, I always tried to use “some strategies” when using it, and remain to be cautious.
I never hand over all of my most important passwords to that software.
I only hand over some less important ones, and just make sure I never use any same password on more than one site anymore.
P.S I am not a security expert, and you should never treat the story above as advice from an expert. Always takes anything with some grains and salts.
If you haven’t used a password manager and you are still confused which one to choose, you can give a try of Dashlane premium. However, I just heard that their price is increasing now.
I had used it for almost a year. I know it from my client. So far, it’s working pretty well. You can use it for free but you can save up to 50 passwords only. And, there’s no ability to sync up between devices or even browsers.
If you need more, you can go with the Premium for $4.99/month, but you will pay yearly.
Or, you can give a try 1Password. Compared to Dashlane premium, their pricing for personal use is much cheaper. This because they just focus on the password manager. Dashlane now providwa VPN services, saving receipt, saving your credit card details. I think it’s on the way to be full spec digital wallet.