Passwords & Two-Factor Authentication

During a recent morning on 3740 kHz we discussed the two big Yahoo email breaches and the need for effective password use and management. A detailed Q and A about the Yahoo breaches is available in this article by Brian Krebs. Today we depend upon online accounts for many purposes. Our most important accounts (e.g. finance-related) must have strong passwords that are not reused at other sites. A good way to meet these requirements is by use of a password manager. (Paper records are also popular, but require manual typing of login details and secure handling.) Below are links to two (of many available) password manager programs that have good reviews from security analysts and journalists. Both are free and have versions for Windows, Mac, Linux, iOS and Android.  If you have not used one, I suggest that you try one with one or more of your existing logins to explore the features.

• LastPass
• KeePass

You can find these and many others reviewed in many web articles such as the following:

• The best password managers for PCs, Macs, and mobile devices
• The Best Password Managers of 2017

Several programs provide automatic fill-in of username and password blanks on web sites that you log into. Some or most can use secure cloud storage to make it easy to access your password data from multiple computers or mobile devices. These programs can also generate a complex, random unique password of any length to use with each online account.


Note that use of any password manager requires you to choose a strong master password since it must protect all of your stored passwords.


For additional security you should consider two-factor authentication (2FA) which requires entry of an additional piece of information when a login is attempted from a previously unknown device. This is strongly recommended for online accounts that involve your financial matters. Below are links to articles that discuss how two-factor authentication works and why you should use it.

• Multi-factor authentication
• Two factor authentication: what you need to know
• Websites that support 2FA

At the very least, you should make sure that your important / finance-related online accounts use unique and long passwords. Password complexity is important too, but if you must sacrifice complexity, use longer length. For an appreciation of the importance of password length see this article by Steve Gibson. With a password manager you can use long and complex passwords since you are not burdened with manually typing them in at each login.

Your comments and questions are welcome.

John