Software makes it difficult to enter passwords on illegitimate sites.
Domain theft is rampant, and a key way domain names get stolen is when domain name registrar login credentials are phished.
I’m vigilant about monitoring emails for suspicious links and alerts. But with so many emails and accounts to manage, avoiding phishing schemes is a growing challenge.
Here’s one tool to combat phishing: password managers.
The primary purpose of a password manager is to remember online account passwords for you. You don’t have to remember dozens of passwords or write them down on a pad of paper. Instead, password managers such as Roboform save the passwords for you.
A side benefit is that many of these managers can save you from entering your login credentials at a phishing site.
Software like Roboform will only prompt you to submit your password on URLs that match the site on which the password was originally saved. If you show up at what you think is GoDaddy.com, but Roboform doesn’t show a saved password, then you’re probably on an imposter website.
Password managers certainly come with their own security issues. For most people, however, they are a security improvement. They enable you to use stronger and unique passwords at each site you use, taking out the human limitation of memorization.
And if you do accidentally cough up a password, using two-factor authentication will make it much harder for the thief to use it.
Acro says
I would not trust anything in the cloud for storing your collective passwords, even if the encryption occurs on your machine.
Andrew Allemann says
Yes, but there are password managers that are just local software.
Acro says
Pen and paper is your friend 😉
Andrew Allemann says
Well, most people shun that practice as well. Especially if you work outside the home.
…and it doesn’t have the added benefit of anti-phishing.
Lovely.domains says
So many spend a lot of money on domains yet they won’t spend either a penny or take an hour off to learn anything about internet security. It’s beyond me. Nowadays you should always use 2-factor authentication and a long password like 01ui3rjKAJSFKLJD#8iafci3d39qf)#(“R on a self hosted or a trusted password manager. With a backup on a piece of paper locked up somewhere safe.
The setup seriously takes a few minutes to create and will probably save most peoples domains from being stolen.