The common refrain whenever there is a headline data breach involving the theft of personal information is that affected users should change their passwords, making sure they are a "strong" mix of unique numbers, letters and symbols.
Given the extensive number of online accounts the majority of people have, from social media to online banking to grocery shopping, it would be a herculean task to remember a different password for each one.
For this reason, security experts encourage people to use password managers, which can generate, store and automatically fill out passwords for users across all their online accounts.
"Passwords are the first line of defence when it comes to protecting our online transactions, so it’s really important to avoid using passwords that a cyber criminal will guess easily," said David Emm, security researcher at Kaspersky. "With complicated password rules to consider and multiple login details to remember, many of us struggle to remember our passwords. Using a password manager takes this responsibility from us."
But some people have been hesitant to trust such a service to protect the keys for their entire digital lives - and rightly so. LastPass, one of the leading password managers, recently discovered a security flaw with its program that could have let hackers steal passwords. "major architectural problem" was discovered by a security researcher at Google and forced LastPass to urge users to be careful using its service. It isn't the first time a credential management firm has suffered a problem of this scale.
1Password, another manager, was criticised in 2015 for leaking users' bookmarks. The news led some experts to warn users against password managers. LastPass isn't alone: Keeper, Dashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user's account without their knowledge," said Sean Cassidy, chief technology officer of Defence Storm.
Despite fears, most experts in the field agree that password managers are still the safest way to secure online accounts. "I really, really hope this doesn't put people off using password managers," said Professor Alan Woodward, a cyber security expert at the University of Surrey, responding to the LastPass news. "In this day and age we have so many passwords and they need to be strong so you can't remember them.
"Ideally we'll start to move onto other forms of authentication like biometrics. Bur for now password managers are still the best option."
He added that the benefits of password managers outweigh the risks, but that software is vulnerable and users should be careful when choosing their service.
"I tend to look at the record of how they've dealt with security incidents in the past. It's almost inevitable that there will be problems, but how they respond to their users is important," he said. "It's a bit like a courier losing your package: it happens, but it's how they deal with it that matters."
When researching the best password manager, users are advised to check reviews and details about the companies behind the services.
"You really need to know that there's a substantial organisation behind it, because there are a lot of free managers out there that are run by a man and his dog," said Professor Woodward. "You really need to do a bit of due dilligence, don't just pick the first one you see because it's free."
Another independent review of the
Top 10 Best Password Managers of 2017 can be found HERE at www.bloomtimes.com
In particular, users should look for companies that fix problems swiftly and are open with their customers. For example, LastPass alerted users about the problem soon after discovering it, and again when it was fixed.
"A cross-functional incident response team quickly confirmed the report and worked around the clock to produce a complete architectural fix that has been pushed to all affected browsers," LastPass said in a blog post detailing the problem after it was resolved. "Now that the issue is resolved, we want to provide a postmortem to our community on what the report entailed and how we are building a better, more secure LastPass going forward."
Some of the most highly regarded password managers include LastPass, 1Password and Dashlane. Technology giants including Google and Apple also offer password storage, but these don't have the same range of password creation and storage functions.
In addition to using a password manager, Professor Woodward advised that people should, where possible, turn on two-factor authentication. "People find it inconvenient, but convenience can often be the enemy of security," he said. "You need to accept now that there are so many breaches that that extra step is really worth the effort."