Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Last week Facebook reported an important data breach that resulted in between 50 and 90 million accounts potentially compromised. This is more serious than the Cambridge Analytica issue reported earlier this year, because unlike that infamous case, this last breach provided attackers with access tokens for these accounts.
âThe access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,â said Guy Rosen, Facebookâs Vice President of product. Imagine the following scenario then: someone shares on Facebook their favorite vacation spot from Airbnb, and the hackers use the stolen token to access his Airbnb account and get information about the rental properties that this user owns. Any site that relies on Facebookâs Single Sign-On, like Airbnb or Spotify to name a few, is affected by the data breach.
Even though itâs unclear if any of these accounts or access tokens were actually misused in any way (Facebook is still investigating), many security experts recommended affected users to reset their passwords as an added precaution measure. I was one of the affected users, and when I found myself struggling to define my new Facebook password (the 3rd one Iâm forced to use in 2018), I knew it was time to stop using Facebookâs login and start using a password manager.
For years, Iâve avoided using a password manager by setting up complex rules that helped me âgenerateâ my own passwords in a way that I could easily remember them. But with so many recent security breaches around the tech I use, Iâve become increasingly tired of trying to keep this mental system fresh and secure. So after last weekâs incident, I decided to finally migrate. My rationale is that as long as I trust the new recipient of my passwords, and their delivery mechanism is convenient for an everyday use, I can use the craziest passwords without having to remember them, and I can also change them as often as IÂ want.
The obvious next step was to decide whom to trust with all my passwords. There are many third-party options out there that make it easy to share passwords between different ecosystems (for those who use a MacBook and an Android phone, for example), but all of them require some sort of payment to unlock their full potential. I use iOS and Mac OS X across all my devices, so I was really happy when iOS 12 introduced autofill support for password managers. Hereâs a great analysis of the best third-party options available, compiled by PCMag:
The Best Password Managers of 2018, by PCMag
Some options like 1Password have extra benefits like telling you when is the last time you changed a password, or like alerting you when a vulnerability is detected on a specific site, so that you can update your password right away. Regardless, the seamless integration of Appleâs iCloud Keychain with their entire ecosystem made me settle for that free solution. Appleâs security meets my expectations by encrypting the data with a key that is unique to each device that you approve; passwords cannot be read either in transit or once stored remotely on iCloud.
Getting started with iCloud Keychain was really simple since I had already set up two-factor authentication and I didnât need to re-approve my devices. Updating passwords from my old system to Appleâs strong passwords was a slow and tedious process, and I must admit that it felt weird setting up all my accounts with passwords that I will not be able to remember in a million years. I also had some syncing issues between several iOS devices, but the fix was as simple as logging out my iCloud account and logging back in to restore the latest version on my Keychain. In the end, the benefits exceed my small annoyances.
As people store more and more sensitive data online, the impact of a security breach grows. Passwords are an important layer of protection for accessing online banking, email and social media, so itâs critical to follow best practices around online security: use strong passwords as the first layer of defense, but donât stop there, never repeat passwords between different services (especially banks and emails) and enable two-factor authentication everywhere you can.
Did you like this article? Subscribe to get new posts by email.
View all posts by Ivan Rodriguez
Originally published at geekonrecord.com on October 1, 2018.
Facebook forced me to use a password manager was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.