By Harold Glicken Tribune News Service
WWR Article Summary (tl;dr) If you've been among the estimated 18 million Americans victimized by identity theft every year, one reason you've been targeted is because the passwords you use are ridiculously easy to hack. A new device called YubiKey is helping people improve their passwords and fight back against hacking.
Tribune News Service
When it comes to cybersecurity, a second line of defense can make the difference between being hacked and surfing safely. And all you need to surf worry-free is a unique password and an inexpensive device called the YubiKey.
I've begun using the YubiKey, a slimmed-down thumb drive, to complement my password program, Dashlane, which I use to manage all my usernames and unique passwords.
First, a word about passwords: If you've been among the estimated 18 million Americans victimized by identity theft every year, one reason you've been targeted is because the passwords you use are ridiculously easy to hack. Anyone who uses "password1234" for all the websites he visits is asking for trouble. Without a second line of defense, you're toast.
A typical first line of defense is Dashlane, a password program I've been using for several years. Dashlane will generate passwords containing a random mix of numbers, letters and characters that are nearly impossible to hack.
It also will keep track of the passwords you already use. If one's as simple as "password1234," the program will warn you about continuing to use it, since doing so could leave you vulnerable to experiencing the kind of grief that will keep you on the phone for hours, probably days, trying to straighten out your accounts.
For example, if you're wondering why Amazon is sending you receipts for stuff you didn't order or receive, and the charges are showing up on your credit card statement, you've been hacked. Change your password, and do it quickly. In fact, let Dashlane do it for you. And let it generate new passwords every week for all the websites you use.
You're probably wondering how in the world you can remember a password of random characters. Not to worry. When you launch Dashlane, you enter a master password that only you know. If you forget that password, you're in deep trouble, because even the folks at Dashlane can't get retrieve it for you.
Dashlane records your passwords as you go along. It will remember your username and password for Amazon, your bank and just about any other website. After that, when signing on to Amazon, for instance, you'll need only click on a gazelle icon at the top of your screen to trigger the program, which will then enter your username and password in a jiff. Dashlane can enter your credit card information, but only if you give it your master password, and fills out the blanks, such as name and address, in forms.
Dashlane can be installed on your Windows PC, Mac, phone and tablet. Each time you call up the program, you have to enter the master password, and each time a new device is activated, you'll get a code by email that will unlock the account. That's enough to discourage most hackers, but, like any other security program, it's not foolproof.
If you're convinced that Dashlane is for you, there's still the issue of the master password, what if it gets hacked?
The solution is two-factor authentication, a nerdy term for a second level of security. That's where YubiKey comes in.
Dashlane has partnered with Yubico, which manufactures a collection of USB keys that can be programmed easily to act as a second line of security defense. You can't launch Dashlane or any other program or website without your master password and the YubiKey.
If you don't want to pay between $18 and $50 for a YubiKey, you also can download a free Google or similar authentication app for your phone and generate numerical pass codes to sign on to Dashlane. But I like the key, which is the size of a very thin thumb drive. It plugs into a USB slot on a PC or Mac, and when I leave my desk, I log out of Dashlane and take the key with me. Even if someone knows my master password, they can't launch the program without the YubiKey. When I return to my desk, I type the master password, insert the YubiKey, tap on it, and Dashlane launches.
To get a free authenticator, go to your phone's app store and search for "authenticator." After scanning a bar code that Dashlane and other programs provide, the Google authenticator generates a series of numbers that essentially do the same thing as the YubiKey does, unlock Dashlane or other programs and websites.
YubiKeys also work with dozens of other programs and websites, including Facebook, Google, Symantec, Dropbox and other password programs such as KeePass. Dashlane has both free and paid versions; the latter has many more features. It costs $40 a year, and is well worth it. The YubiKey also works with Android phones; an Apple version is in the works. Tech support, by email, is quite good. Questions are answered promptly.
For more information: www.dashlane.com and www.yubico.com.