Password management: how to manage your accounts securely
August 4, 2022
Blockchain technology allows us to exchange cryptocurrencies in a peer-to-peer system, free of intermediaries. Alongside this, the DeFi ecosystem offers the most diverse decentralised services through smart contracts and dApps. However, on the other hand, the distribution of power requires high standards of security: there is no central authority to ‘control’ users’ actions, so the network’s defence relies on cryptography and impartial protocols. On a personal level, each of us is already equipped with protection tools: passwords in the crypto world are essential, so it is important to know how to use and store them safely. So let’s find out how to manage passwords!
Password managers: a digital post-it note
The purpose of this article, as anticipated, is to give useful hints on how to manage passwords. Not only for everyday use, but also in the specific case of crypto security. Your account on the Young Platform exchange or any other crypto wallet always has an access code: creating, storing and retrieving it requires a password management strategy, which should be balanced in terms of difficulty and level of protection.
Who among us does not have a post-it note or a notebook in which we write down all passwords? A convenient solution, but also risky in several respects. By storing all your passwords on a single piece of paper, you can lose all access to them in one fell swoop, should you lose it. Dividing your passwords among several sheets and slips of paper, however, is also not particularly useful. On the contrary, it would multiply the chances of losing them. This begs the question, is it possible to collect your passwords in one safe place?
The solution could be a password manager, a simple but effective tool, even for those who are not very familiar with technology. How does it work? Essentially, the endless list of usernames and passwords is stored by software, protected by a strong ‘master password‘, the only one you will have to remember from now on.
These management software packages are also usually compatible with all electronic devices, simply by downloading a browser extension or smartphone application, so that you have your passwords available where and when you need them. Imagine that you are accessing your profile on a social network: the password manager will automatically fill in the fields, recognising the website, but only after you have unlocked its ‘safe’ with the master password.
Obviously, the password to ‘open’ the safe must be chosen wisely, so that it is strong enough to protect all other codes inside. These software packages often help the user in creating a suitable password by indicating the parameters to be considered:
- Quantity of numeric characters;
- Quantity of special, non-alphabetic characters (such as !,$,#,%);
- Number of alternating uppercase and lowercase letters.
Some password managers are also equipped with a random generation algorithm for master passwords, just like private and public keys when creating a crypto wallet.
Passwords, in general, are all the more secure the longer and more complex they are, so as to prevent attackers from guessing the combination. If you think, however, that managing passwords by means of another password complicates things too much, some password storage and management software also integrates various biometric authentications, such as FaceID or fingerprint: ‘codes’ that you can’t really lose.
2-Factor Authentication (2FA)
Think managing passwords with a password manager isn’t enough? As long as you choose a strong master password and store it securely, no one will ever know the various login credentials you keep. However, you can never be too careful: you can integrate a second level of security, called 2-factor authentication (2FA) or strong authentication, into your password system.
Let’s simulate logging in to a platform to understand how 2FA works: enter your username (or e-mail) and password, or use a password manager to do it automatically; then, if you have set up two-factor authentication, you will be asked for an additional code to ‘open’ your account.
A 2FA sequence is a ‘one time password‘ (OTP) that changes continuously and is generated randomly, usually every 30 seconds. The correct code will be communicated to you by the 2FA software via a smartphone application or SMS. In any case, two-factor authentication verifies that it is the legitimate owner of the account who has access: he/she is the only one who receives the 2FA code, even if the password was stolen. In this regard, your account on Young Platform‘s exchange can be protected by a two-factor authentication system. You can find out here how to adopt this crypto security measure.
There are various Authenticator software packages, also protected by a master password or biometric recognition on access, that you can use to generate 2FA codes:
- Google Authenticator – is the software developed by Google, free of charge and easy to configure;
- Microsoft Authenticator – similar to the previous one, but developed by Microsoft
- Authy – is an App that has been very successful due to its wide compatibility and additional functions, such as automatic backup in the Cloud.
Now that you understand how to manage passwords and logins, there is still something you can do to protect your account. As we said, the more passwords you have, the more likely it is that some will be lost, but even a single ‘master password’ can be forgotten. Thus, it is a good idea to create backups of your access codes, especially for those that are essential to retrieve other credentials or to view 2FA codes. So let’s find out how to store passwords in equally secure backups.
The importance of backup and encryption
Backups protect you: not really against cyber criminals, but actually against yourself. Human memory is fallacious, so it is better to ‘remember’ password character combinations with backups. In fact, if they are strong enough, they are complex alphanumeric strings that have no counterpart in common language: difficult to learn and store ‘in your head’.
Similarly to what you should do with private keys and wallet seeds, it is advisable to make regular backups of passwords, possibly in encrypted format. Encryption adds security to your backup: even if it were hacked, attackers would only find codes and not the real password. This is because the latter have been encrypted according to a cryptographic function known (and thus invertible) only to the owner of the backup.
There are also specific programmes that allow you to encrypt any type of file and also choose the encryption algorithm.
The backup file created can be saved in the local memory of smartphones or PCs, or offline on external hard-disks. Your backup can also be stored via cloud storage services. In any case, by setting an encryption level, the file would not be understandable to anyone but the person who created it, provided it can be ‘opened’ without a password.
Clearly, it is advisable to make several backup copies of the same file, containing the essential passwords, and saving it on different devices. This lowers the risk of losing the backup, in the event of breakage or loss of the electronic devices themselves.
Managing Passwords: More Tricks and Best Practices
Now that you know how to manage passwords, including for crypto security, you are ready to discover some more advanced solutions and ‘tricks‘ to better protect your accounts.
The greatest risk to your passwords, based on what we have said, is the coordinated theft of the ‘master passwords‘, both of your password manager and the Authenticator for 2FA. In this extreme case, the hacker would have all the passwords as well as the relevant 2FA codes at his disposal to confirm access.
There is only one way to prevent this: to set up a 3FA, i.e. a third factor authentication.
If you want even more protection, there are other tips and tricks that are also useful for crypto security. The following are to be added to the 7 rules for using Young Platform safely, already presented here:
- Change passwords every few months – this strategy is especially valuable for accessing ‘sensitive’ accounts, such as social networks or cryptocurrency exchanges. Some websites automatically recommend changing your password, usually every 6 to 8 months. Remember to also update your backup every time your credentials change;
- Check registered devices – many websites and apps allow you to see your active and past ‘login sessions’, in simple terms from which device you logged in, the location and time. Check regularly that the login devices are yours and, if you are suspicious, change the password or disassociate the device in question.
- Reject the automatic saving of credentials – some browsers suggest, through pop-ups or notifications, to store usernames and passwords to access websites. It is a good idea to refuse, or remember to remove access rights to old devices that do not belong to you.
Adopt a strategy that considers every aspect of this guide on how to manage passwords, but remember that complexity is useless without efficiency: a password system must be both robust and easy to use. You already know how: store only the master password in your password manager and set a 2FA: minimum effort maximum protection.