Akamai Diversity

Akamai Security Intelligence
& Threat Research

The Talk: Keeping my parental units safe

Dear Favorite Parental Unit, 

What will it take to convince you?

You helped me through homework for years. You taught me right from wrong. You reinforced good habits. It's my turn to return the favor. It's time to turn the tables, and make the computer work for you. It's time to talk about passwords and the internet. 

Oh, nobody wants my stuff.  I'm not anyone special.  And if they get my credit card information, well, the credit card company will help me deal with it.  And who wants my password to hulu?  So they can watch videos?  Big deal.

You are my cleverest parent, and you have a point there. It was once said "Given a choice between dancing pigs and security, users will pick dancing pigs every time."  Your time is not worth wasting, and I know you and I know how much you hate dealing with all the forms and paperwork a single compromise can cost, so let me see if I can save you some future time with a small bit of effort today. 

I love you and I promise, there are bad actors out there. They have computers on their side to do most of the hard thinking. They aren't actually after you, they want to add chaos to the big guys - the banks, the industry leaders that you and I like.  We are but pawns in their game of cat and mouse.   Your clever naming scheme you use everywhere with similar characteristics, yeah, that is broachable. Trusting obscurity is an untenable option in today's ever growing dark web, which keeps years worth of your passwords for the bored hacker.  And believe me, there's nothing worse than a bored hacker.  So it's time we had The Talk™, and I taught you about password vaults.

Thank you, luv, I have my paper notebook as backup.

Frankly, this is probably one of the safest ways you could store your passwords from folks on the internet, if all you were doing was creating unique passwords for each thing you use that requires one. That's a whole lot of strangers ruled out. I love that thinking! That said, there are two major flaws with this concept:  

  • It's always in the other room when you are on your phone trying to log in. What about when you are in the car playing Ingress? Your notebook can't be everywhere. For that matter, you wouldn't want to lose it if it was! I mean, it's a small version of your brain. Something you'd feel very sad about losing, and would miss greatly.

  • You have created a predictable and memorable pattern for you, but that means other people can remember it too. Criminals keep records for decades. They can see your pattern. See the problem with bored hackers mentioned above?

Ok, I'm curious, what is a password vault?

It's a kind of safety deposit box. You have one key, and can unlock it and use it to store all your valuable passwords, as well as other secrets. You could even leave yourself secret notes, if you want to. Finally, a password vault is a place that even I, your most trusted child who "borrowed" your shoes, clothes, and precious accessories, can't get to.  There is this to consider as well; when you need it, you don't have to read from your notebook and (mis)type the answer, you just copy and paste from the vault into the field needed.

Suppose I consider this.  What are my options?

You have a lot of reputable choices.  Google and Apple offer to save your passwords in their browsers (Chrome and Safari, respectively) if you have accounts with them, and that works perfectly well.  You can even sign in from multiple places (for instance, if you borrow my computer when you visit after the pandemic).

There are also other products you can use whose sole purpose is to focus on securely keeping your passwords, for all your websites and software, safe. These products can also help track the password to the garage door, the secret to unlock the key case to your best friend's front door, and even notes about which of your kids you like best (It's ok, I know it's me).

There are many reviews of each of them out there and the general consensus talks about  1Password, LastPass, Dashlane, Keeper, bitwarden, LogmeOnce, and PasswordBoss, to name a few. I can point you at reviews by some of my favorite sources and we can talk about the pros and cons over dinner sometime soon:

Sounds complicated.  I still like my system best.

So, let's take a quick look and see if anyone has ever compromised one of your passwords?  If you don't believe me, how about Forbes magazine?  Let's just plug your email address into the reputable site https://haveibeenpwned.com/ and see what comes up?

OH!  I don't like that at all!

Oh wow, me either.  I am sorry.  Let's change the passwords on those accounts next.  And maybe come up with a plan to go through that notebook and update it.

But that's HOURS, possibly DAYS of work.

You taught me to take it one step at a time. We've got this. No, better yet, you've got this!  My suggestion is to go with a password vault system. Take a look at the recommendations above and we can talk over dinner on Zoom. Let me know what you decide. 1Password, for instance, offers a family pack and we can share passwords, so I can take half that list, and you can take the other half and we'll update them together.

You've had my back for years, this time, I have yours.