Articles in Category: Passwords
Why Do Services Like Google and Microsoft Ask for a Phone Number?
Many online services request your phone number. I’ll look at how that’s typically used and why it’s a good thing.
Going Passwordless Without Going Passwordless
Passwords are dying. On some services, you can start playing with the process by creating a secure password… and then forgetting it.
Is a Periodic Password Change a Good Thing?
Conventional wisdom says to change your passwords periodically. I disagree.
Is a Passkey Two-Factor Authentication?
Passkeys are secure, but they’re not two-factor authentication in and of themselves. I’ll run the scenarios that explain why that is and when 2FA might be involved as well.
More Passkey Questions
Passkeys seem like magic, and confusing magic at that. I’ll address a set of questions I received recently.
Changing Your Password After a Hack May Not Be Enough
Changing your password is a common response to account hacks. Unfortunately, it isn’t enough.
What If There’s a Passkey on My Lost Phone?
Losing a device with a passkey isn’t a disaster at all. I’ll describe why that is.
What Is Credential Stuffing?
Credential stuffing: less complicated than the fancy words imply and easy to prevent.
How Can Passkeys Possibly Be Safe?
Passkeys may feel confusing now, but they’re a doorway to a more secure, less frustrating, passwordless future.
How Can I Recover an Outlook Password Without Resetting It?
Microsoft doesn’t know your Outlook.com password. Honest. That makes recovering it without changing it challenging.
Isn’t Putting Two Factor Codes in My Password Vault Less Secure?
Storing 2FA codes in 1Password alongside passwords might slightly reduce security, but the risk is minimal, especially compared to the convenience.
What If Password Autofill Won’t Work?
Password vaults are sometimes unable to auto-fill fields. There are several ways to work around this.
How Do I Change My Password for Google Mail?
There are times when a new password is what you need. Here’s how to change it.
How to Use Just a Single Password for Everything
It’s very tempting to use only a single password everywhere. That’s dangerous, and there are better alternatives.
Passkeys and Disaster Planning
Passkeys are new, convenient, and secure. I’ll review how they affect your disaster planning. (Not very much.)
What Should I Do If I Lose Access to My Password Vault?
Losing access to your password vault is something you can recover from.
No, Don’t Write Down Passwords
The world’s largest magazine dispensed some bad tech advice. Here’s why I so strongly disagree.
Is It Really That Easy to Get Someone’s Password?
We’ll look at some ways that someone else could access your account — or at least look like they have.
How Can Four Random Words Possibly Be More Secure Than 16 Random Characters?
Passphrases are just as secure as passwords — perhaps even more so — and are easier to remember if needed.
What Is a Passkey?
Passkeys are a new form of authentication that promise to be both easier and more secure.
Can I Still Use LastPass Safely?
Selecting another password manager is now the common recommendation. I’ll review what you can do if you elect to keep using LastPass.
Will AI Crack Your Passwords?
We’re seeing AI associated with many things. Cracking your passwords is now on the list.
What’s the Best Password Manager for 2024?
The best password manager is the password manager you’ll use (within reason, of course).
Are Facial Recognition and Fingerprint ID Safe?
Facial recognition and fingerprint ID are quick, convenient approaches to signing into or unlocking your devices. But are they safe enough?
Why Is It Important to Have Different Passwords on Different Accounts?
Using a different password for every login is crucial — and it doesn’t have to be difficult.
Your 6 Strongest Practical Password Techniques, Ranked
Six practical approaches to generating passwords, ranked from best to worst.
How Long Should a Password Be?
For years, the standard practice has been to assume that eight-character passwords made up of sufficiently random characters was enough. Not any more. Not even close.
What to Do About the LastPass Breach
The most recent LastPass security incident has many people concerned.
Should I Use My Password Vault for Two-Factor Authentication As Well?
A new feature in some password vaults has us thinking about security implications. Bottom line: use two-factor authentication.
A Lost-Second-Factor Tale of Woe and How to Avoid Your Own
A tech journalist lost his phone and encountered issues recovering a two-factor-protected account. We can all learn from his experience.
Please Set Up and Maintain Account Recovery Information
Account recovery information is an important yet often overlooked part of account security. Managed poorly, it can lead to permanent account loss.
What You Need To Do About the LastPass Hack
A portion of LastPass was breached. Here’s why it’s not a disaster, and why I’m not leaving LastPass.
How Can I Delete an Old Account If I Can’t Log In?
If you’ve lost your password, there may be recovery steps. If you’ve also lost your email address, recovery becomes significantly more difficult.
I Lost My Phone With My Second Factor for Authentication. How Do I Recover?
My phoned died, and with it, all the two-factor authentication methods I’d used it for. Here’s how I recovered.
LastPass Password Manager and Vault
One of the challenges with current online safety advice is keeping track of multiple different secure passwords. LastPass not only does that, but does it securely across multiple devices.
I’m Told to Change My Password. Why?
If you’ve been told to change your password, do so, but do so in the right way. I’ll explain what that means and why it’s important.
Would You Please Recover My Password?
Every day, I’m asked to reset lost passwords, recover hacked accounts, or retrieve lost information in them. Here’s my answer.
Is a Password-protected Windows Login Secure?
Your Windows log-in password gets you surprisingly little real security. I’ll look at why that is, why you might still want one, and what I do instead.
Will Using a Password Vault Thwart a Keylogger?
A password tool may bypass a few keyloggers, but not all. Think about your overall computer and account safety first.
Is Passwordless Authentication Safe?
Passwordless authentication removes the need for a password and replaces it with something else. But can that be secure?
Do Random Words Make Better Passwords?
As few as three random words make better passwords than strings of random characters — but not, perhaps, for the reasons you think.
Responses to Your Three Common Password Manager Objections
Password vaults are a common recommendation by security professionals to improve your online security. Why do so many resist?
How Do Websites Keep Passwords Secure?
A high-level overview of how websites and services should store passwords security, so next time there’s a breach you’ll know what to look for.
No Email from LastPass? Dealing with Sign-In Problems
While travelling, I signed in to my LastPass account only to be told I needed to confirm an email message that never arrived — or so I thought.
What if I Forget My Passwords If I Use Two-Factor Authentication?
Two-factor authentication is different than passwords, but they both share important recovery steps if there’s a problem.
How Do I Access Gmail Without Phone Verification?
There are a number of ways to confirm your identity if you don’t have your phone. The catch is that most have to be set up before you need them.
Should Your Username be More Like a Password?
Occasionally people suggest that usernames should be treated like passwords. While there’s some merit to the idea, it’s ultimately impractical.
The Easy-to-Avoid Two-Factor Loss Risk
Two-factor authentication is an important tool to keep accounts secure, but prepare for losing the second factor so you don’t lose your account.
Isn’t Storing Your Passwords In One Place a Security Risk?
Yes, password managers put all your information in one place. It better be a very good place.