Tehachapi's Online Community News & Entertainment Guide

Password terror and a better way

Tech Talk

The first half an hour passed quickly. Oh, what fun we had. The job of removing the old computer gave way to the excitement of opening boxes and setting up the new machine.

Turning the computer on for the first time, marveling at how fast it boots up. Seeing how much smaller it is than the old computer and how fast! How quiet it is! And just look at that big new monitor. The picture is so crisp and clear.

But now, the fun is over. I asked a simple question, and now my clients look at each other and then at me, eyes wide and brows furrowed. Their joy is gone, replaced by a palpable dread. You could cut the tension in the room with a knife - if you had a knife and wanted to cut the tension, but why would you?

I clear my throat and ask again. "What's the password for your email account?"

Of course, it's not always the password for the email account. Sometimes it's the email address for the computer's Microsoft account (if we can figure out if they were using one.) Once we have that, we need to figure out the password for that account.

Then it's the password for the bank, or the Amazon password, or the credit union password, or the password for that email address they don't use very often, or the Microsoft 365 password, or some other site's password.

If we can't figure out the right email password, then we need to reset that password.

I might get that same look of dread, or we might all have a great big laugh when I ask if they remember the answers to the security questions on their account or the four-digit PIN, or even if they still have the phone number the site is showing.

Once, or if, we get the email password reset, we'll go through their other websites and any software that needs passwords and reset them all. Then we'll enter the new passwords on any phones or tablets that use the same email accounts, because those devices still have the old stored password on them.

If only there were another way. A way that doesn't rely on scraps of paper slipped between the pages of an old address book. Or a neatly-typed password document dated Nov. 16, 2014. Or a password record book with precisely one entry - and that password doesn't work.

Does it make it better if they use the same password for everything? It makes it easier, but not better. Why is it not better? Because hackers aren't going to get your password from your computer. Ever. Unless you're an international mega-superstar or something, and even then, no.

Instead, the bad guys get accounts and passwords by the thousands, hundreds of thousands, millions, and, believe it or not, hundreds of millions by stealing them. Not from you or me, one at a time. Oh no. They take them in data breaches at companies like Adobe, eBay, Equifax, Marriott Hotels, JP Morgan Chase, Yahoo!, Target and a whole bunch more.

So, how do we solve the problem of remembering our passwords, making sure our passwords aren't super-easy to guess and make it easy to track which of our passwords got stolen in a data breach?

Use a password manager.

Password managers can securely fill in your login information for all of your online accounts. Your passwords are encrypted and stored online with your password manager. Most password managers have apps for all your devices, so you can autofill passwords on your phone or tablet, too. Your stored passwords are searchable, and you can save the answers to account security questions, also.

Password managers also help you create secure passwords for your accounts, let you know if your account info shows up in data breach, and help you change your passwords when necessary.

All you have to do is remember one master password, and the app will do the rest for you.

Currently, the five most popular and secure password managers are Dashlane, LastPass, 1Password, Keeper and Bitwarden.

Passwords, protected

All of my passwords are protected by amnesia.

Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at [email protected].