Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Last week Facebook reported an important data breach that resulted in between 50 and 90 million accounts potentially compromised. This is more serious than the Cambridge Analytica issue reported earlier this year, because unlike that infamous case, this last breach provided attackers with access tokens for these accounts.
āThe access token enables someone to use the account as if they were the account holder themselves. This does mean they could access other third-party apps using Facebook login,ā said Guy Rosen, Facebookās Vice President of product. Imagine the following scenario then: someone shares on Facebook their favorite vacation spot from Airbnb, and the hackers use the stolen token to access his Airbnb account and get information about the rental properties that this user owns. Any site that relies on Facebookās Single Sign-On, like Airbnb or Spotify to name a few, is affected by the dataĀ breach.
Even though itās unclear if any of these accounts or access tokens were actually misused in any way (Facebook is still investigating), many security experts recommended affected users to reset their passwords as an added precaution measure. I was one of the affected users, and when I found myself struggling to define my new Facebook password (the 3rd one Iām forced to use in 2018), I knew it was time to stop using Facebookās login and start using a passwordĀ manager.
For years, Iāve avoided using a password manager by setting up complex rules that helped me āgenerateā my own passwords in a way that I could easily remember them. But with so many recent security breaches around the tech I use, Iāve become increasingly tired of trying to keep this mental system fresh and secure. So after last weekās incident, I decided to finally migrate. My rationale is that as long as I trust the new recipient of my passwords, and their delivery mechanism is convenient for an everyday use, I can use the craziest passwords without having to remember them, and I can also change them as often as IĀ want.
The obvious next step was to decide whom to trust with all my passwords. There are many third-party options out there that make it easy to share passwords between different ecosystems (for those who use a MacBook and an Android phone, for example), but all of them require some sort of payment to unlock their full potential. I use iOS and Mac OS X across all my devices, so I was really happy when iOS 12 introduced autofill support for password managers. Hereās a great analysis of the best third-party options available, compiled byĀ PCMag:
The Best Password Managers of 2018, byĀ PCMag
Some options like 1Password have extra benefits like telling you when is the last time you changed a password, or like alerting you when a vulnerability is detected on a specific site, so that you can update your password right away. Regardless, the seamless integration of Appleās iCloud Keychain with their entire ecosystem made me settle for that free solution. Appleās security meets my expectations by encrypting the data with a key that is unique to each device that you approve; passwords cannot be read either in transit or once stored remotely onĀ iCloud.
Getting started with iCloud Keychain was really simple since I had already set up two-factor authentication and I didnāt need to re-approve my devices. Updating passwords from my old system to Appleās strong passwords was a slow and tedious process, and I must admit that it felt weird setting up all my accounts with passwords that I will not be able to remember in a million years. I also had some syncing issues between several iOS devices, but the fix was as simple as logging out my iCloud account and logging back in to restore the latest version on my Keychain. In the end, the benefits exceed my small annoyances.
As people store more and more sensitive data online, the impact of a security breach grows. Passwords are an important layer of protection for accessing online banking, email and social media, so itās critical to follow best practices around online security: use strong passwords as the first layer of defense, but donāt stop there, never repeat passwords between different services (especially banks and emails) and enable two-factor authentication everywhere youĀ can.
Did you like this article? Subscribe to get new posts byĀ email.
View all posts by Ivan Rodriguez
Originally published at geekonrecord.com on October 1,Ā 2018.
Facebook forced me to use a password manager was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.