Password Manager Tips

Share
  • December 26, 2022

In this post I’m going to share some lessons learned recovering an MSecure version 4 password manager, but I’m also going to address more universal issues and best practices when it comes to online security and passwords. Since my mother passed away yesterday, these issues have become more dramatic and immediately relevant for our family. Hopefully my experiences can be instructive and helpful for you and others in your “circle of trust.”

If you don’t yet use a password manager, and the adult members of your family don’t use a password manager, you need to start immediately. If you need some persuasion / reasons for doing this (because it DOES take time, and can seem cumbersome, especially as you get started) please see my 2021 TEDx talk, “Technology Fear Therapy,” as well as 2020 webinar recording, “Protecting Yourself and Your Family Online.” In both presentations I recommend using Troy Hunt’s website haveibeenpwned.com, to see directly how many of your confidential web accounts have been hacked / compromised in web breaches, and which of your account passwords are for sale today on the dark web. That knowledge can inspire FEAR when it comes to online security. These two videos and this post can help answer the question, “So what do I do now?!”

2021 TEDx talk, “Technology Fear Therapy” by Wes Fryer
2020 webinar recording, “Protecting Yourself and Your Family Online” by Wes Fryer

When you start using a password manager, it’s important to keep your account and software versions updated. It’s also worth PAYING for a password manager. Most now require a subscription, which can either be paid for annually or monthly. A password manager is possibly your most important software application, so you want to choose a good one, pay for it, and keep your login credentials as well as account recovery “emergency kit” / QR codes safe and secure.

Writing as I am at the end of 2022, I’ll note that the password manager LastPass was recently breached and the extent of that hack was apparently extensive. This is often a primary fear on the minds of people not using a password manager: What if my password manager account is hacked / compromised? Fortunately, most of the top rated / recommended password managers have not been compromised. Even though it’s a risk that your password manager could be hacked, I still think it’s the most viable and practical way to follow best practices for online passwords:

  1. Each password should be long and complex.
  2. Each password should be unique. (Not repeated ANYWHERE, on ANY other website)
  3. Each web account should have multi-factor authentication enabled, if available

Members of our extended family use different password manager solutions. One of them is mSecure. Recently, mSecure significantly upgraded their iOS app from version 4 to version 5. If you didn’t update, the version 4 app just stopped working on the latest version of iOS.

To make matters worse in the situation we just had, the person who had originally setup their mSecure no longer had access to their email account. They never upgraded / paid for the mSecure subscription service, so the only backups of their data which were available had been sent via email to an account they could no longer access.

Fortunately, we were able to use a phone number and backup email address to recover the email account. However, because we didn’t have the verification QR code for the account, we couldn’t authenticate and restore the data from that emailed backup.

We found some documentation about mSecure v4 no longer working, but the eventual solution we used to upgrade and restore the account wasn’t part of that thread or other web documents we found. It turns out by creating a NEW mSecure account on the phone with the old, now not working mSecure 4 app, we were able to IMPORT the data using the original account password, to the new mSecure app version running on the same phone. What a relief.

Here are our lessons learned:

  1. When a new version of your password manager is available, upgrade to it soon. Definitely upgrade before a newer version of iOS doesn’t support it, because you can’t downgrade iOS / go back to an older, compatible version.
  2. Pay for a subscription to your password manager, don’t just use a free version of such an important program.
  3. Setup cloud sync for your password manager, and verify that regular backups are enabled.
  4. Be sure to confidentially share the logins and recovery QR Codes / “emergency kits” of the password managers of your spouse, children, parents, or other family members.
  5. Confidentially share smartphone lock screen passcodes with family members, and periodically check with them to see if it’s been changed.
  6. Setup your own email account and the email accounts of family members with backup email addresses and phone numbers. Print out account recovery codes and store them in a secure location. Prepare to recover an email account in advance. Enable multi-factor authentication, and ensure your email account passwords are complex and unique. Do everything you can to prevent the pain and difficulties which accompany losing access to an email account!

Life is unpredictable, and things can happen quickly. Don’t be caught in a situation when a loved one can no longer speak or answer questions, or is deceased, and you don’t know what their smartphone passcode is or the password to their password manager.

Life is also more complicated that ever, with multiple web accounts using different userIDs and passwords required to manage money, pay bills, and live life in the twenty-first century. Password managers can help. “You need the keys” to unlock a loved one’s password manager, however, and there is no time like the present to prepare for unexpected tragedy.

For more about emergency preparedness, in the digital as well as face-to-face / physical worlds, check out my (relatively new) website on being a “Communitarian Prepper:”
https://commprep.wesfryer.com

“Password Manager Tips” (CC BY 2.0) by Wesley Fryer

If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.

Source : Password Manager Tips