Preventing the Nightmare, Part 2 - Your Password Vault
Using a password manager is like having your own technology concierge. Without having to leave a tip.
No one wants to be a victim of the Nightmare Scenario. I sure as sugar would never want my beautiful wife to start a conversation with me that begins with, “Christopher, I just checked our checking account online. We have a balance of $42. What happened?” When she uses my full name, I know I’m in deep trouble.
The New Mindset
It’s time to end the idea of one password to rule them all. It’s 2021, and it’s not safe on the internet. I firmly believe each of your online accounts should contain a different password. This way, if one website gets hacked, your password cannot be used to sign into another online website. I believe in something that most people would find insane: your unique password for each website should be at least 30 characters long. I also believe in something else, but I’ll share that at the end of this newsletter. Let’s stay focused on the topic at hand.
You can manage unmemorizable, long passwords for each of your website accounts by setting up a password vault with Bitwarden. Setting up an account with Bitwarden is easy. Watch this three-minute video. It explains the process much better than I could:
The full eight-video series of Bitwarden 101 can be found here. If you pay attention to these videos, you will have learned all you need to effectively use this highly-recommended password vault and all its features.
The Main Benefit
Bitwarden will auto-fill your username and password fields on web browser login pages after you save those account credentials to your vault. It eliminates the need to memorize your passwords, so there’s no reason your passwords shouldn’t be updated to 30+ randomized characters moving forward. How do you come up with a 30+ character randomized password? Bitwarden’s software contains a password generator feature, and you can go to this website to generate a long password yourself to check things out before diving in.
The Master Password
I don’t know any of my account passwords since Bitwarden stores and auto-fills that information on my web browser. But there is one password that I do have memorized: my Bitwarden account password to sign in. I enter this every time I launch my web browser in the morning. What strong password do I use to sign in? I chose four random words separated by dashes. For example:
Salt-drag-fatal-skip
Great-here-closer-myself
Forest-each-expect-clay
Swell-corn-fatal-duck
I memorized my password by opening a text document (not Google Docs, which will autosave your work every few seconds) and typing in the password over and over again. It became muscle memory for my fingers to pound out my four words when signing into my Bitwarden vault every day.
Four Pro Tips
1 - I did not use my personal email address when signing up for my Bitwarden account. I created a different email account solely used for this Bitwarden account. If my personal email somehow gets hacked, the adversary won’t be able to reset my Bitwarden Master Password. But if Bitwarden were to be hacked…?
2 - I set up multi-factor authentication with my Bitwarden account. In addition to my four-word passphrase, I have to enter in a 6-digit number that changes every minute. Stay tuned to a future newsletter for how I set up MFA to protect my important online accounts.
3 - I add important information in the Notes field of my specific online accounts such as responses to security questions (stay tuned for a newsletter on how I have this set up in my online life) and other “mental breadcrumbs” such as PIN codes, names of customer service reps I spoke with, purchase data, and other relevant information.
4 - After adding all my online account into Bitwarden, I export my vault to an Excel .CSV file. This file is then stored in an encrypted, password-protected container on a USB drive in my home. Same password as my Bitwarden vault. I’ll be discussing how I store sensitive files in an encrypted password-protected container in a future newsletter.
Oh by the way…my beautiful wife does not have the same affinity for online privacy and security as I do. Should something happen to me, she knows there is a book in our home with a sheet of paper in it containing the vault password to my Bitwarden account and the location of that USB drive.
Finally, that other thing I believe in. In addition to different 30+ character passwords, all my online accounts have different email addresses. How do I pull that one off? I’ll be covering that in an upcoming newsletter.
Thanks very much for your time. I do appreciate it,
— Chris