The security rules regarding passwords :
- use a different password everytime
- use complex (special characters, uppercase, lowercase, digits…) and long passwords
- change passwords over time
I must confess that I’ve used the same three passwords for a long long time. It was easy and convenient but now it’s enough, we are in 2020. Let’s raise the bar !
There are different solutions to help me reach that goal.
First option: Stateless Password Manager
I could use is a Stateless Password Manager like lesspass it will generate a password derived from the website address, the login, and a chosen strong password. You just have to remember your login and one chosen strong password.
- it’s convenient, just one password to remember
- it can generate easily a reliable different password per site
- no sync needed accross devices
- it’s easy to change the password over time
Not a bad idea I must say.
But I prefer not to use a derivative password manager for now cause doesn’t support autofill on android for now.
Second option: simple password manager combined with a password generator.
That’s a bit old school, but it has been proven to be a reliable solution.
I’ve chosen bitwarden, it has some great advantages :
- it’s easy to use
- it’s free
- it’s opensource
- it can be selfhosted
- it can check if one of my password has been compromised
- it can make password field autofill
I’ve chosen to selfhost the server, but you can choose to rely on bitwarden’s servers for free. I’ve installed it on my phone and on my computer’s webbrowser, it works nicely with a clean unified interface.
What’s next ?
The report on exposed passwords shows me that I really need to change my passwords. Second step: delete my account on old websites I’ll never use again and change my password everywhere.
I’ve also decided to use two-factor authentication whenever it is possible. Let’s raise the bar !