Back

Password creation and protection

Author- Julian Blundell, w34u
Published. Friday 17th Jan 2020, Updated. Friday 17th Jan 2020

Passwords are hard to keep track of, but are absolutely critical to security. A lot of people use the same weak password for every site, e.g. password123 or some such.

The objective of this article is to help people use strong different passwords in all websites with the help of a password vault.

So why is it important to use strong and different passwords?

No sites security is absolutely perfect so there is always a chance that they will loose user information, and if they have not encrypted or only lightly encrypted the passwords then the hackers have can use those passwords in conjunction with other details like emails to hack other sites of which you might be a member.

Even if they cannot crack the passwords if you use the same weak password for all sites there is a chance that they can guess it and use the other information they gleaned to get in anyway.

Hard Copy

One of the better ways to keep passwords secure is to actually write them down on paper. They still have to be easy to type in and you still have to come up with them but its still better than using something memorable.

One of the down sides of this is keeping track of where they are written, post it notes are OK if nobody or only trusted people are liable to use the room where your computer is located, a note book is better and works for a laptop, just don't loose it.

Password Vaults

This is my preferred method of creating and storing passwords, these programmes are available as plug-ins for browsers and apps for mobile phones so they will work both with websites and phone apps.

How are the passwords stored?

One of the usual questions I get asked about password vaults is what if they are hacked? Well the passwords and other information stored in them are heavily encrypted and only the person whose account that is can read the information using their password, the main upshot is hackers might steal this information but they can't read it.

So onto using a password vault, all the examples are made using Bitwarden, my current vault of choice, however all the others work in a similar way.

Installing Bitwarden

Go to the firefox addons menu or settings->appearance->themes->extensions in Google chrome  and search for Bitwarden and click on Bitwarden - Free Password Manager and follow the prompts to install the plugin.

Once the plugin has been installed you will see the Bitwarden shield icon in the browser bar Bitwarden shield

click on the shield show the menu

Creat account or login

Clicking on Create Account will get you here:

Biwarden account creation

Fill it all in, using a nice long password as its its going to be the only one you need from now on. If you are not sure about remembering the password write it down.

You will now be prompted to login

Bitwarden login prompt

do that using the email you specified and the long password you created and you should see the vault with no entries as we have not created any yet.

Bitwarden vault with no entries

Adding entries to Bitwarden

So now you have an account up and running, once you are logged in the shield turns from grey to blue, Bitwarden icon logged in and if you have saved passwords for the website displayed you will see this Bitwarden Icon with saved passwords.

Adding entries is pretty simple, just go to a site that you want to save the login credentials for and login as normal and bitwarden will display the following at the top of the screen:

Bitwarden save site on login

simply clicking "Yes, save now" will add this site to your vault.

Now you might want to improve the sites password, to do this go to the change password option of the site, in the new password boxes either right click and select the bitwarden option and select "generate password (copied)" or click on the bitwarden shield in the browser bar and select the password generator Bitwarden password generator icon at the bottom.

Bitwarden password gnerator

as you can see you can change the way passwords are generated for those sites that need something different but generally a length of 14 and all the options ticked will do the job.

Past the new copied password into the new password fields on the site and save  it, bitwarden will display at the top of the screen:

Bitwarden update password prompt

clicking on "yes, update now" will save the new unguessable password for the site into Bitwarden's vault.

Now logoff from the site. Logging in now consists of going to the sites login page, clicking on the Bitwarden shield and selecting the entry for your login for the site which will fill the correct credentials.

Bitwarden Selecting login auth credentials

and then you click login to enter the site.

So now as you use sites you have signed up to you can gradually add them to bitwarden's vault and replace your passwords with stronger ones.

Remember you have to login to Bitwarden, usually on starting your browser, to save site login details and auto fill the login form.

Bitwarden app on mobile devices

One of the great things about using a password vault is that you can use them on multiple platforms such as your phone, pad, all computers and browsers such as firefox, chrome and safari.

On you phone simply go to your app store and look for Bitwarden and install, then connect using the same email and password as you used for your browser plugin and low and behold there are all your site credentials on your phone!

The mobile app will work both for your browser app and other applications such as twitter and facebook so effectively crosses the barrier between those and websites. Another nice thing is that once you have authenticated to login to Bitwarden once you can authenticate using your fingerprint if you have that capability on your phone and never have to use the password again.

Occasionally the the app equivalent for a website won't show the login credentials and you may have to search the vault for the correct ones, you should only have to do this once.

More advanced facilities

As you gain confidence using Bitwarden you will find yourself using the more advanced facilities:-

  • Multiple logins for a site
  • Editing the the description for vault entries
  • Saving text notes for critical information
  • Changing the url conditions for particular site credentials
  • and many other facilities.

Family, team and enterprise accounts have even more facilities

  • A shared the vault if needed
  • Much larger storage
  • File storage
  • Vault health report
  • Technical support
  • Self hosting
  • and many other options

Password Managers

There are quite a few password managers out there, don't be shy try one, if it annoys you export your saved sites and import them into another and try that.

Here is quite a good article on some of the better on Cnet

 

Back