We get out of bed one day, and when we go to check our mail, or our social networks, we realize that someone has had access to our accounts, has stolen our data and has unleashed chaos. Getting back to normal takes time, and everything seems to be working against us. But, when we have a few seconds to think, we ask ourselves, how was it possible? What has unleashed this chaos? And most likely the answer is that we have trusted our password manager too much.
In the last few months we have seen many problems related to passwords. One of the most notorious is the massive hacking of LastPass, one of the best-known and most widely used password managers in the world, which, in 2022, have achieved steal millions of passwordsand other information, which users kept securely in the cloud.
Also, this is not the only high profile case. Without going any further, another of the most used password managers, KeePass, has woken up one day with a serious vulnerability that could allow unauthorized access to the entire password database of users who used it to save passwords. And these are just two examples of how, at any moment, our passwords can end up in the hands of hackers.
Many times we follow the basic advice to protect our accounts. For example, we usually use a master key that prevents hackers from breaking into our account, double authentication systems, or, when we work with local databases, apply military encryption to prevent them from accessing the data. But, no matter how many layers of protection we put in, if the problem depends on the program or server, we can do little.
Prevent hackers from stealing your passwords
If we want to prevent hackers from ending up with our passwords through a massive hack, it is necessary to take several factors into account. In this way, we are going to leave you 6 recommendations thanks to which we will be able to minimize the probability that our data ends up in the hands of hackers.
The first one is especially protect master accounts. That is, if we use a cloud server for passwords, or a program that manages a database like KeePass, the main accounts that have access to the passwords (our cloud user, or the Windows user account) They must have special protection, that is, we must use random, unique, secure passwords, and change them periodically to avoid being guessed. Another very important point is always use double authentication. Either through SMS, email, and even with Google Authenticator, a random access code, which we receive at the time of login, will prevent them from accessing our accounts if they are made with the passwords.
If we bet on the cloud to save passwords, it is very important to know how they work. The ideal is to bet on zero knowledge platformsthat is, they do not store passwords, but encrypted hashes that can only be decrypted with a key that the user has.
Of course, it is necessary to have a good password policy. We must avoid reusing passwords, using keys that have already been hacked in other computer attacks, and heeding password manager recommendations. Also, we should always save recovery keys in a different place. In this way, if we lose the password, or they are stolen, we can recover access to our accounts.
Finally, if we read news that our password manager has been hacked, it is necessary migrate our data as soon as possible to a different one. And, in the process, we must take the opportunity to change the keys of all the websites that we had in it. In this way, if they manage to access the passwords, if we have acted quickly, it will not do them any good.