Saturday, March 9, 2013

Protecting Your Identity in the Cyberwar Age

hacker

It used to be a rare thing to hear of a major online website being hacked.  But in 2013, its become a near-weekly event.  Here are a few sites that have been hacked recently: Evernote, LinkedIn, Twitter, Facebook, and Apple.  For every prominent website, there have surely been hundreds of smaller sites suffering a similar fate (or, worse, being hacked without realizing it!).

Some of the elite military cyberwarfare units from China, Russia, and the U.S. have been making headlines for gaining access to increasingly sensitive electronic systems. How do they do it?  Often, by hacking less-secure public websites first for user names and passwords that can then often be used to unlock the more-secure sites.  

See? You’re not the only one who reuses your passwords on more than one website application—people who work in our defense, finance, utility, healthcare, and government agencies (sadly) do too!

So, it seems that increased vigilance in managing our personal passwords is becoming not only an urgent need for our own identity protection, but in some cases, a matter of national security as well.

The good news is, there are free, easy, and excellent solutions to help you do just that!  One I’ve been using recently that’s been getting great reviews is called Dashlane.

dashlane

Here’s how Dashlane helped me when the recent Evernote hack was uncovered last week.  I had just started using Dashlane the week previously and had only done a simple import of all my existing online logins and passwords into Dashlane thus far.

Before getting an email from Evernote, it was actually Dashlane that first alerted to me to the security breach. Dashlane then navigated me to their excellent “Security Dashboard” screen, who’s “Compromised” tab quickly showed me all the other websites where I was currently using that same Evernote password (yep, as you can see, I had been using it on 11 other websites!)

security bar 
From that screen, I could easily click to each site to change my passwords, and when doing so, Dashlane provided a “Generate Strong Password” option to ensure my new password would be  unique and much more difficult for hackers to crack than the single memorized one I’d been using previously.

Once that urgent job was done, I spent the next few evenings using the Dashlane Security Dashboard to review and update all the rest of my unsafe/reused passwords.  The dashboard is quite intuitive and easy to follow—here’s a snipet of some of it’s key fields:

dashboard

Once you have your passwords all nicely unique and robust, you certainly don’t want to have to manually enter them.  No problem!  Dashlane will now automatically log you into each site (or you can tell Dashlane to just prompt you when you click a site’s user name or password field).

auto login

Dashlane also has a “Notes” feature to store non-website info, such as your insurance, banking, and credit card information, corporate application logins, WiFi passwords, and other key bits of information you need to store securely.  These notes can be categorized and color-coded for easy lookup later.

Notes

Additionally, Dashlane makes web form-filling and online shopping a fast and easy experience.  Sure, your web browser can store this kind of data as well, but it’s not always as safe (especially if your PC hard drive is unencrypted or you don’t lock it with an OS-level password). 

Web browsers often have a difficult time distinguishing between a “Street Address” and an “Address” field making you type the same information in each of these variously named fields.  Dashlane is much smarter— your single contact info data can auto-fill virtually any web page.

When making online shopping purchases, Dashlane lets you populate credit card fields automatically (if you’ve stored one in the application), and optionally creates a line-item receipt and screenshot of your purchase so you can easily search and recall it later within Dashlane.  Pretty cool!

online shopping

Finally, it has a nice-looking “freemium” mobile app for iOS, Android, etc to go with the Mac or Windows desktop apps and various web browser plug-ins. 

ios

Dashlane offers good import capabilities to bring your data in from other password management applications (such as 1Password, KeePass, and LastPass) and/or your web browser’s stored password vault.  It also exports data to either an encrypted Dashlane archive file or to an Excel or CSV text file (making it easy to keep a backup copy of your data or migrate to another app in the future).

Some folks are justifiably queasy with the notion of storing all your most-sensitive data in one application or syncing that data via the online “cloud”.  Dashlane’s website provides a wealth of information detailing exactly how they protect your data.  The key points:

  • They never store your “master password” (used to unlock your encrypted data file) on their servers nor do their employees have any way to retrieve it from your device.
  • A two-factor authentication key is used (the master password you create plus a device-specific code).  So, even if a hacker were to get your encrypted data file, they’d also need to get your local device and local master password in order to access it.
  • Your shopping history is never stored/saved where Dashlane can use it
  • You can optionally turn off cloud-syncing and simply use the app’s manual import/export features if desired to share “local-only” data between multiple devices. 

Dashlane’s main competitors to offer a similar mix of features are LastPass and 1Password.   1Password has a more-traditional “pay upfront” model that can run upwards of $70-90 to buy the app for each of your desktop and mobile devices.  LastPass offers a free desktop web app, but then charges $12/year for their mobile app.  Dashlane takes a “freemium” approach too, but also provides users a way to get those premium mobile features for free.

Their reward points system encourages users to use all features of the application more robustly (for instance, the more unsafe passwords you fix or more logins you save, the more points you earn).  It’s also an ingenious way to grow the relatively young Dashlane community quickly by encouraging friends to recommend the app to other friends.

Speaking of which—here’s a way you can help me!  If one of you signs up via this link below, I’ll get enough points for a free year of mobile app premium features, and you’ll get 10,000 points deposited to your Dashlane account (to get you some free premium features as well).

https://www.dashlane.com/en/cs/3b9d7a9d

If you find Dashlane as useful and cool a tool as I have, when you refer your friends to use it, you’ll get the same great deal for yourself and your friends! 

So give it a try, and let me know how you like Dashlane!

10 comments:

  1. All well and good until Dashlane gets hacked too. The only way to by truly hack-proof is to stay off the Internet entirely...and not all that many people are willing to do that.

    ReplyDelete
    Replies
    1. I think my mom is one of the few who doesn't need a password manager-- she only visits 3 internet sites!

      I, on the other hand, need to manage over 100 logins/passwords, and earn my living via the Internet, so not using the Internet is not an option...and a good password management program is absolutely critical.

      I used to have a "local only" program that just stored my passwords in an encrypted file on my laptop or mobile phone. It served me well for over 10 years, but as it had no auto-login or auto-formfill capabilities, I found myself storing passwords within my internet browser (unsafe), or memorizing a half-dozen passwords that I reused on all 100 sites (very unsafe!) because trying to manually copy/paste unique passwords from my password manager was always too cumbersome.

      I also found myself copying that master password file to cloud servers (such as Dropbox) to share it with my various devices. Not a very safe move either, because if a hacker got that file, they'd only need to hack the password alone to gain access to my data.

      Dashlane now solves all those problems for me.

      Due to Dashlane's two-factor authentication key (which is not stored anywhere at Dashlane), the likelihood of your Dashlane data getting hacked is much less than with the older "password only" approach.

      When you first log into Dashlane from a new computer, it will not let you fully launch the app until you enter a verification code (that gets emailed to you and only stays active for 30 minutes). So for a hacker to gain access to my Dashlane data, they'd have to first steal the data file off of Dashlane's servers, then try to figure out my strong password (not stored anywhere at Dashlane), and finally would have to hack into my email account and watch for the verification email! Yes, in theory, I suppose that elaborate system is conceivable to hack, but it's a far stronger/safer system than the "password alone" scheme I'd been using previously.

      With Dashlane's auto-login/auto-formfill capabilities, I'm now finally able to easily maintain unique, strong passwords for my 100+ online accounts. Certainly, there's risk in all Internet activity, but best to adapt to the best solutions available at the time, and keep backups in multiple locations to minimize the risk of leaving "all eggs in (any one vendor's) basket".

      Delete
  2. I may give it a try. I am a little leary of it though. Is that normal? I mean I don't like the idea of getting hacked and yet here I am giving all my private data to Dashlane. How long have you had the service?

    ReplyDelete
    Replies
    1. Completely understandable Randy. Read my reply above, and read the Security page of Dashlane's website.

      I researched a number of password managers the last few months before deciding to place my trust with Dashlane. The other strong contender was LastPass (which offers a similar security approach and similar features, but I didn't like the look and feel of their app as much as Dashlane).

      A couple things eased my fears about going with them--

      1. PCMag awarded Dashlane as their "Editor's Choice" password management app last year only a few months after they had come out of beta. That's a pretty impressive achievement to me! PCMag is pretty conservative and usually only picks ultra-reliable, ultra-dependable software for their top honors.

      2. Every other review I could find online that mentioned them, always seemed to rank them at the top (& better than their competitors). I could not find any review that ranked them lower than #1.

      3. Dashlane's co-founder is the former founder, CEO/Chairman of Business Objects, a very well-respected major data analytics software solution (that was acquired by SAP a few years ago). My employer (a Fortune 50 Healthcare software vendor) used this solution for our analytics products to major US Hospitals and were always very impressed with the company and it's software. I believe he will build Dashlane into the same kind of high-quality company.

      A nice option is that you can choose to not enable the cloud syncing if you wish and just leave the encrypted file stored locally. You can also export the records to a backup file (or Excel file), so if Dashlane's offices should close down tomorrow, you'll still have a way to easily transfer your data to another solution.

      Those things made me comfortable enough to give them a shot.

      Delete
  3. i probably need this apps. thanx for sharing dashlane to us.

    ReplyDelete
  4. Thanks for sharing. I'm going to give it a try.

    ReplyDelete
    Replies
    1. Thanks Leigh-- let me know how you like it!

      Delete
  5. My new computer, an HP, came with a fingerprint sign-in, which I really like. No one can turn on my computer except me and my fingerprint. I can use that program for a number of other sites, such as financial sites and some others. But it will only cover a certain amount of sites, and I'm going to try your suggestion for the rest. It looks like a winner. Thanks for the tip. :)

    ReplyDelete
    Replies
    1. Biometrics are cool stuff. Sounds like a good combination to use w/Dashlane for the rest!

      Delete

Share Your Views!

Shop Amazon With Us

Gear We Love

Join Us On Facebook