After my last post, I started thinking about the best way to package this information and guide.
As I mentioned in Privacy is a Terrible Sales Pitch, I originally planned to publish two separate posts: one for quality-of-life improvements, and another for digital security.
But when I sat down writing, I realized a big problem. The post went up to 5000 words, and I wasn't even done writing the whole post. It was a bad idea, publishing a book in a blog post. Most people won't even get past 2-3 paras. Another alternative was to make a list of all the steps and finish it before 2000 words, but that would be too shallow. And I didn't want that.
That's why I changed course and finalized making one separate post on each step.
I'm starting with using a password manager, because I think that's not only a digital security enhancement but a major quality of life improvement.
I keep thinking of how many times (too hard to keep track) someone close to me wouldn't remember their passwords for their various accounts. I have people in my life who would just reset their passwords every single time they get logged out.
And then there are also people who are just using the same password for every single one of their accounts. And even that one password isn't strong enough.
Now, some of you might not be familiar with a password manager. But I'm sure most of you must have encountered one in your life. If you are an Android user, you might have seen this very intrusive prompt by Google for saving your passwords. And I'm sure many of you are already doing that knowingly or not.
On iPhones there's iCloud Keychain that does this.
So what's the problem if you are already using these? The problem is that these aren't the most intuitive password managers. Google's password manager is very locked down and doesn't have a separate app. Same goes for iCloud Keychain.
On top of that they are not cross-platform. Google's password manager is baked into Google Chrome, so you are restricted to that. And iCloud Keychain is only available on Apple devices.
So these two aren't very practical. So what's the solution?
Well before I give you the solution, let me tell you a little bit about good digital hygiene practices when it comes to passwords.
If I had to break it down in terms of absolute basics, the rule is to use strong and unique passwords. So not to use the same password on all the sites. And why is that? There's a very practical explanation for this.
Let's say you have an account on a website where security practices aren't so good, so their data gets stolen, which not only includes your name and passwords but also your email address and physical home address. It most often gets published on the dark web, and sometimes even on the open web, where anyone can access it.
So if you are using that same password that got leaked on all your other sites and accounts, then you are very much vulnerable to a hack. Not only can a random person on the internet target you, but someone who is stalking you might search on such leaked databases and can also target you.
And if you are wondering, well I don't have an account on any shady websites, so I'm fine. Well you would be wrong. Almost all of the major big companies have had data leaks, even Google, Flipkart, Myntra, Zivame, Bigbasket, Boat, etc. (the list is very long). All these companies had data leaks.
And as you can notice, most of these examples I have listed are also e-commerce sites, so in most cases not only your email, password, and name got leaked but also your physical addresses and phone numbers.
It's horrifying and we can't practically do anything about it. The companies need to implement better security measures, but they don't.
So it all comes down to us. How can we reduce our risk? Well since this post is only about passwords, I will focus only on passwords.
Using unique passwords for each website and account is the key here. Well I can already see the frustration with the impracticality of it. You can't even remember one password, how are you supposed to remember hundreds of unique and strong passwords, probably more than 16 characters with numbers and special symbols.
And how are you going to come up with so many passwords? That's why password managers exist.
Password managers make it easy for you to generate very strong unique passwords and save them for you.
I think most people won't even care about the generating unique passwords part but they will care about storing all their accounts and passwords securely in an organized manner. And even if you end up only doing that, I'm fine with that.
The two password managers I recommend are Bitwarden and Proton Pass. Use either. I use Bitwarden, but that's because I have been using it for years. If you want a newer and more modern interface, use Proton Pass.
Now I will give basic steps on using Bitwarden, these aren't in any way comprehensive, but enough to get you started. If you want to use Proton Pass, you can look that up online yourself.
Step 1: Create your account
Go to bitwarden.com and sign up. The free plan is genuinely very good, you don't need to pay for anything to get started.
Step 2: Set a passphrase as your master password
One thing is that your Bitwarden account should be protected by a very strong password, probably 30+ characters or more. Because this contains all your passwords and identities.
Now I know most of you can't remember an eight character password, so how are you supposed to remember something that long.
That's why I will advise you to not use a password but a passphrase. Passphrases are just like passwords but they are long and easy to remember. The one place I trust for generating memorable passphrases is https://strongphrase.net/. Play with the site to understand it.
Find a passphrase that feels most natural to remember, and don't use it right away. Keep practicing it for weeks before using it. I have 4+ passphrases that are 56 characters long that I use for my most important accounts. If I can remember these then you most certainly can, because I am someone who can't even remember a song after listening to it a hundred times.
Also write it down somewhere physically safe while you are still learning it. Do not lose this password. There is no recovery if you forget it.
Step 3: Install it in two places only
Don't overwhelm yourself. Just install Bitwarden in two places to start.
Your phone, download the Bitwarden app from the Play Store or App Store. And your browser, install the Bitwarden browser extension. It's available for Chrome, Firefox, Safari and others.
Skip the desktop app for now. Two places is enough.
Step 4: Enable autofill on your phone
On Android, go to Settings, then Passwords and Accounts, then Autofill Service, and select Bitwarden. The exact path can be a little different depending on your phone.
On iPhone, go to Settings, then Passwords, then AutoFill Passwords, and enable Bitwarden.
Once this is on, Bitwarden will offer to fill in your login details whenever you tap a login field in an app or browser.
Step 5: Start saving passwords as you go
Don't try to move all your accounts at once. That's overwhelming and unnecessary. Just save passwords as you naturally log into things. Over a few weeks your vault will fill up on its own.
When you feel ready, start changing your old reused passwords to new ones generated by Bitwarden. You will find the password generator inside the app. Use it whenever you are creating or updating an account. Set it to at least 16 characters with numbers and symbols.
Step 6: Enable two-factor authentication on your Bitwarden account
Another thing you should do is protect it with two factor authentication. I'm going to cover 2FA in my upcoming posts so I won't dwell much here, just enable it. You will find the option in your Bitwarden account settings. Even email-based 2FA is better than nothing.
Another thing I would like to talk about is passcodes. Whether that's the passcode to your phone or to your UPI apps or to your app locks where sensitive information is stored. Use at least a 6 digit passcode. For most places I use a 6 digit passcode, but for my phone I use a 10 digit one.
And please remember to not use your own date of birth, or your girlfriend's/boyfriend's date of birth, or your phone number as the passcode. Try to come up with a unique passcode. You can use strongphrase.net for this too if you want something random but memorable.
Practice that passcode for a week or two before using it. And also write it down or store it somewhere secure in case you ever forget it. It happens when you don't use a unique passcode regularly or use it after a long time.
That's it. This is enough for you to get started. It might take a while for you to understand how this works or to get used to it. But you will be thankful for this after a few weeks.
Everybody should be using a password manager. Whether you care about privacy or not. It just makes your life much much easier.
If you have any questions, or get stuck somewhere. Send me an email. I will be more than happy to help you out.
Bye.