I’ve had enough of password frustrations – here’s how I’m finally fixing them in 2024

Passwords are a pain, let’s be honest – a necessary evil to keep us secure. None of us wants to have to deal with these cumbersome little beasties, but they’re an inescapable part of online life. In the future, things will change – as a new passwordless reality comes to fruition and passkeys evolve. But for now, traditional typed passwords remain prevalent and in need of taming.

There are simple ways to deal with passwords, some of which are terrible. Like having ridiculously simple passwords that are easy to guess. Or ‘remembering’ them by writing them all down in a notepad, where a nosy person might find them and get access to your online accounts, if they’re a nefarious sort.

I don’t do anything like that, of course – perish the very thought – I use mnemonics to help make passwords complex enough, but still memorable, so they don’t have to be jotted down. However, even that’s not an ideal way of dealing with passwords, and so I have some (admittedly dull) new year’s resolutions to vastly improve my relationship with passwords and my overall online security.

A person using the ExpressVPN Keys password manager on their phone and their laptop.

(Image credit: ExpressVPN)

Taking the plunge with a password manager

This is the main pillar of my reformed relationship with passwords – yes, getting someone else to do them. Or rather, getting something else to do them in the form of an application.

Password manager software automatically generates passwords for all online accounts without me having to lift a finger. These are incredibly secure passwords, too – lengthy strings of garbage that I wouldn’t have a snowball’s chance in hell of remembering.

Taking the plunge with a password manager is something that’s been on my computing to-do list for quite some time, and one of those things I simply haven’t got around to doing. Mainly because it seems easier to carry on as I’ve been doing for a long, long time now (I owned a PC before the worldwide web even existed). So, 2024 is the year it’s going to happen, and I’ll relinquish my old system for a more convenient and secure way of dealing with passwords.

Which password manager am I going to run with? After weighing up the pros and cons of the various options out there, I narrowed it down to either Dashlane or NordPass – but in the end, the latter won out. Why? NordPass scored with its wide-ranging support across multiple platforms, regular updates – and plentiful features – not to mention that it represents a great value proposition.

It’s also the top-ranked product in our roundup of the best password managers, so comes with the TechRadar Pro seal of approval (and a deal to make it even better value, it should be noted). For those after the top freebie option, by the way, check out the best free password managers.

Hand increasing security protection level by turning a knob

(Image credit: Shutterstock)

2FA achievement complete

3 tips for avoiding the worst password pitfalls

1. Never, ever, use stupidly simple passwords
‘Password’ is not a good password, much like a riot shield is a bit pointless if it’s made out of tissue paper. Choose a complex password with a decent mix of characters, and a mnemonic to remember it (or better still, use a password manager).
2. Don’t reuse passwords
Never reuse the same password for multiple online accounts. It may seem tempting to do so for easy recall, but if a hacker or other ne’er-do-well gets hold of that password, obviously they could then access more than one of your services.
3. Don’t keep the same password forever
You don’t have to change any given password much, but it’s worth doing so every now and then. Especially if a company you have an account with has a data breach, it’s a good pre-emptive move just to change your password, even before you’ve been told if you’re affected.

Getting a password manager isn’t necessarily bulletproof, of course. What if that company or their systems are somehow breached in some manner? It’s very unlikely that this will happen with a reputable vendor, but it has happened in the past.

At any rate, a robust approach to security doesn’t rely on a single solution, and 2FA (two-factor authentication) is a seriously valuable addition as a second line of defense to back up passwords. This often takes the form of a code texted to your phone, or emailed, after your initial login to an account.

My problem in this department is that I don’t have 2FA enabled on all my online accounts yet. I do have it running on most important services, mind you, but I need to go through my array of various online accounts, check where it’s supported – in theory, on most big sites and services – and implement it, if 2FA isn’t already active.

Much like migrating over to a password manager, this is something I’ve been meaning to do for some time now – and it’s been nagging away at the back of my mind all that time as a task that really needs attending to. In most cases, it'll simply be a case of going into my account > settings > security (or a variation of that process), and turning on two-factor authentication. So, I shall get it done, and tick another niggle off my list of password blues for 2024.

Biometrics

(Image credit: Shutterstock)

Biometric bonus

While I’m fixing password security issues, my final resolution is to actually use biometrics wherever possible. Until fairly recently, I used a hardware token for logins to my online banking, but have since switched to use the fingerprint sensor on my phone (via the bank’s app). It’s a much more convenient and secure way of logging in, and wherever there’s an option to use a fingerprint login, I’ve resolved to switch to it.

Another point on this subject: while initially I wasn’t convinced about the tech, I now love the Windows Hello login on my Surface Pro tablet – it has got better over time, and works pretty much flawlessly now, even in different lighting conditions. 

I’d advise strongly in favor of using facial recognition, fingerprints, or other biometrics wherever you can turn them on, which is usually a case of exploring an app's settings for security options that can enable hardware like fingerprint sensors. None of this is exactly fun, but you'll go into 2024 feeling all the more secure and smug for it.

You might also like

TechRadar – All the latest technology news

Read More

Google’s new Chrome security update to make password management easier

Google is working on a sizable security update that'll introduce a total of seven new features to Chrome for desktop and iOS. 

Four of those features are currently making their way to desktop users, and they all involve the company’s Password Manager software. Be sure to keep an eye out for the patch once it arrives.

Starting from the top, Password Manager will have a new home in Chrome’s Settings menu. There, users will be able to manage their login credentials or adjust their security settings. But if you prefer a more direct approach, “you [can] create a desktop shortcut for Google Password Manager,” according to the post

The tech giant is also adding the ability to write down notes for specific logins. As an example, let’s say you have multiple accounts for one website, but you have a hard time remembering every single detail. You can click the key icon in Chrome’s address bar to open a context menu, revealing your notes that house those details. Clicking the pencil icon lets you make edits. 

Password notes on Chrome

(Image credit: Google)

Next, the company will allow users to import passwords from third-party managers to Chrome on desktop. The Google Help webpage states people must first convert their credentials into a .csv file before uploading anything to the browser. Detailed instructions on how to do this can be found on the Chrome Help website.

However, it appears the tool will only be able to bring in your information from certain apps. Those apps are Microsoft Edge, Safari, 1Password, Bitwarden, Dashlane and LastPass. No word on future plans to support other sources. 

Import password on Chrome

(Image credit: Google)

Coming soon

Regarding the final three additions, they will arrive later in the year.

First, Chrome on desktop will be getting biometric authentication, something that's been exclusive to the mobile app up to this point. Google states that enabling this will add a second “layer of security before” auto-filling credentials. The types of biometric authentication Chrome supports ultimately depends on your computer. For example, if you own a laptop sporting a fingerprint reader, then the browser allow you to sign into accounts with only your fingerprint.

On iOS, Password Checkup on Chrome will begin to flag faulty logins. The tool will urge you to change your information if it detects a weak, reused, or compromised password. The rest of the iOS update consists of minor design tweaks to make some things easier to do. Autofill prompts will be made larger, and whenever you review your saved credentials in the Settings, “multiple saved accounts for one website will be [now] grouped together.”

We reached out to Google for more info on when both the biometric authentication expansion and iOS patch will launch. This story will be updated at a later time.

TechRadar – All the latest technology news

Read More

Google Chrome’s password manager is finally adding this must-have feature

The built-in password manager in Google Chrome is about to get even better as Google is preparing to add the ability to store notes alongside your passwords.

Besides storing your existing passwords, Chrome’s password manager also includes a password generator to help you create strong, unique and complex passwords for each of your online accounts.

While you can use a standalone password manager like LastPass or 1Password to store your passwords securely, Google Chrome and most other browsers now offer similar functionality. However, these paid solutions often come with extra features like secure cloud storage and password sharing in addition to letting you store notes about each of your passwords.

Now though, it appears that Chrome’s built-in password manager will be getting a big upgrade with the next major release of Google’s browser.

Adding notes to your passwords in Chrome

As reported by 9to5Google and first spotted by Leo Varela, the latest Chrome Canary release adds a new feature to Chrome’s built-in password manager that will allow you to store notes with your passwords.

Once this feature becomes generally available, you’ll see a new “Notes” field underneath the username and password fields in Chrome’s password manager. However, this option will only show up when adding a new password or when you go to edit an existing password. Varela also pointed out in his Reddit post that Google is working on adding the ability to securely send passwords to others as well.

Being able to add notes to each of your saved passwords can be quite useful for those with a lot of different online accounts. For instance, you can add a note to give context to the account, to differentiate between a work and personal account or even if you want to back up the answers to the security questions associated with a particular account.

Users running Chrome Canary can test out this feature now and Google has even added the #passwords-notes flag to make it easier to enable. As this feature is currently tied to the release of Chrome 101, it should arrive in the Stable channel around April or May but the timing of its arrival could change.

Via 9to5Google

TechRadar – All the latest technology news

Read More

1Password Developer Tools want to make it easier to set password guidance

The business password management company 1Password has launched a new set of features called Developer Tools in order to help developers better secure and share their secrets.

With Developer Tools, developers can securely generate, manage and access secrets within their development workflows beginning with Git. 1Password's new offering also helps simplify complex processes and improves security practices to ensure data is protected without slowing down the development pipeline. At the same time, Developer Tools provides developers with secure access to the secrets they need wherever they are and on any device they happen to be using.

Chief product officer and GM of emerging solutions at 1Password, Akshay Bhargava explained in a press release how Developer Tools can make security more convenient for developers, saying:

“Developers encounter a lot of complexity when building and deploying secure software, and it can often seem like security and convenience are irreconcilable. 1Password Developer Tools aims to make their lives easier by making complex security processes more convenient, and making doing the secure thing, the easy thing.”

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

Managing secrets

According to 1Password's recent Hiding in Plain Sight report, a quarter of employees at IT and DevOps companies have secrets in ten or more different locations and have shared them with colleagues using email, Slack and other insecure channels. Over half (61%) of projects are also delayed due to poor secret management and one in three (36%) developers have shared secrets over insecure channels to increase their productivity.

In addition to protecting personal passwords and information, Developer Tools can enhance productivity by enabling quick generation of SSH keys, seamless access to data via a command line interface (CLI) using biometric authentication and secure secrets management in one app.

Once SSH keys have been generated with just a few clicks, 1Password for the browser will autofill public keys into popular sites including GitHub, GitLab, BitBucket and Digital Ocean. Then by using Developer Tools' built-in SSH agent, developers can push code to GitHub and authenticate other SSH workflows in a terminal by simply scanning their fingerprint.

Developers can also use the new set of features to store secrets in encrypted vaults as one of several default item types including API credential, AWS account, database, server or SSH key to help prevent breaches caused by leaked secrets.

Organizations and developers interested in storing their secrets using 1Password can check out the company's Developer Documentation portal for more information on Developer Tools.

TechRadar – All the latest technology news

Read More

Bitdefender wants to take a bite out of the password manager market

Bitdefender has announced the launch of its new password manager which aims to simplify the creation and management of secure passwords across all of a user's online accounts on both desktop and mobile.

While the company is known for its antivirus software, its new Bitdefender Password Manager offering also includes a password generator to create and save unique, highly complex passwords for each online account. These passwords can then be accessed by using a single master password. Bitdefender Password Manager is also backed by strong end-to-end encryption along with simple set-up, easy installation and an intuitive user interface designed to be accessible to all.

According to the recent 2021 Bitdefender Global Report: Cybersecurity and Online Behaviors, half of the over 10,000 consumers surveyed use a single password for all of their online accounts while nearly one-third (32%) reuse just a few passwords across multiple online accounts. 

Vice president of Bitdefender's consumer solutions division, Ciprian Istrate explained why the company decided to create its new password manager in a press release, saying:

“Cybercriminals rely on weak passwords to compromise accounts, steal user identities and profit from selling credentials on the dark web. Despite understanding the importance of strong passwords as a security best practice, the ease of memorizing a few passwords and reusing them everywhere outweighs increased security risk for most. We built Bitdefender Password Manager with this in mind, delivering what we believe is one of the best-in-class password protection without sacrificing user convenience.”

Bitdefender Password Manager

In addition to allowing users to store their passwords, Bitdefender Password Manager can also be used to manage and auto-fill payment data. All of this data is encrypted and decrypted locally and the account holder alone has access to the master password so that no third party has access to their financial information.

While there are mobile apps available for Android and iOS, Bitdefender has also created browser extensions for Windows and macOS that support a wide range of browsers including Chrome, Firefox and Edge with support for Safari launching soon.

If you already use another password manager like 1Password or LastPass, Bitdefender Password Manager allows you to easily import data and passwords from other platforms including browsers like Chrome and Firefox which have their own built-in password managers.

An annual subscription to Bitdefender Password Manager costs $ 29.99 per year but the company is currently offering an introductory discount where new customers can save 33 percent and pay $ 19.99 for the year or as little as $ 1.66 per month.

TechRadar – All the latest technology news

Read More

Microsoft Edge’s half-baked password manager might now be worth a look

Microsoft is preparing to roll out a new version of the in-built password manager for its Edge web browser.

Currently under development, the new-look password management feature will allow users to add credentials to their roster manually for the first time.

At the moment, Microsoft Edge requires users to visit a website, log in and wait for a prompt from the browser. By introducing a manual option, Microsoft will minimize the friction associated with adding passwords en masse.

The ability to add account credentials manually first featured in an early-access build of Google Chrome, which is based on the same Chromium engine as Edge. Microsoft appears to have built upon this foundation to port the functionality over to its own service.

It’s unclear precisely when the feature will make its way into a full public build, but it is currently available to members of the Edge Canary channel under the Profile menu.

Microsoft Edge password manager

Microsoft first introduced password management functionality to its flagship browser in January last year, offering users a simple alternative to fully-featured services like LastPass and Dashlane, which cost in the region of $ 40/year.

The idea was to give users a cost-effective way to limit the risk of credential stuffing, brute force attacks and identity theft.

However, recent reports suggest it may still be ill-advised to store your account credentials in your web browser, as opposed to using a dedicated service.

According to security company AhnLab, info-stealing Redline malware is capable of both evading antivirus software and stealing passwords and other sensitive data from its victim’s browser.

In a recent incident, an infection resulted in the compromise of a corporate network, after VPN credentials were stolen from a remote employee’s web browser.

From a cybersecurity perspective, although storing unique passwords in Microsoft Edge is better than deploying an identical password across multiple accounts, it shouldn’t be considered the perfect solution.

Via WindowsLatest

TechRadar – All the latest technology news

Read More

iCloud for Windows now has its own password generator

Apple has released a new version of its cloud storage service for Windows and iCloud for Windows 13 now includes a password generator among other new features.

While the iPhone maker released an update back in August that allowed Windows users to leverage its iCloud Keychain password manager app, at that time they could only access their stored passwords.

Now though with the release of the latest version of iCloud for Windows, Windows users can generate strong and unique passwords for all of their accounts regardless of whether they're currently using Apple or Microsoft's operating system.

Apple also released a Chrome iCloud extension at the beginning of this year to make it easier for its users to access their stored passwords from Google's browser or even on a Chromebook.

ProRaw and ProRes support

In addition to bringing a password generator to iCloud for Windows, Apple has also added support for its ProRaw and ProRes photo and video formats to its cloud storage service.

While the ProRaw photo format was first introduced with the launch of the iPhone 12 Pro last year, ProRes is a new video format that debuted with the launch of the iPhone 13 Pro earlier this year. 

As Apple's latest pro model iPhone support both formats, adding them to iCloud for Windows makes a lot of sense as users will now be able to view and edit photos and videos shot using them on their desktop PCs.

Apple users that want to use iCloud on a Windows machine at home or work can now download iCloud for Windows 13 from the Microsoft Store.

We've also rounded up the best password manager, best password generator and best identity theft protection

Via The Verge

TechRadar – All the latest technology news

Read More