Who does not get annoyed with complex passwords policies?
Who hasn’t used the same password across multiple sites/platforms?

Why using it?

First off, as you may have already imagined, using the same password to login to many different services or social platforms is a huge liability. A hacker could easily compromise all of your social profiles (not even mention bank accounts) if they catch your password which is relatively easy if you do not follow some basic rules such as ALWAYS using a VPN when connecting to public wifi’s. By public wifi hotspots we mean the ones at Starbucks or a gas station café (Some places have public wifi’s in parks as well.

A good example would be NordVPN. It is fast, reliable and it excels when it comes to security. Not to mention its top of the line technical support

Even though these wifi’s are password protected, thousands of people has access to them as such password is shared with customers who go to relax, have a coffee and maybe work from there (another risky situation, although many companies provide a private VPN for work from home/out of office scenarios). Say, if a hacker goes to the same Starbucks branch we go then he also has the hotspot’s password, right?

What could possibly go wrong?

Our lovely hacker if knowledgeable, could easily impersonate the hotspot (wifi) in something called “Man in the middle attack” and make our computer believe they are the hotspot (the wifi router) and the router believe they are us. So with some simple tools available to everyone over the internet and free to download, this hacker cannot only see all the addresses we are visiting but also even images of what we are seeing. Needless to say, they will see every single site were we login to as well as our usernames and passwords. We know some people write passwords on a .txt file and copy/paste them, guess what? YES!! The hacker saw it all and took note of everything. Then they notice we use the same password over many different websites. Well we are screwed, locked out of every single social network and worst of all: this person already has access to valuable information they can sell or use against us eventually.

So, how does a Password Manager protects us?

Aside of using a VPN like we mentioned before, a very good practice is to use a password manager. Not only it helps us create many different passwords associated to different accounts but also create secure ones which, by the way, we do not need to remember as the software will keep them safe for us.

Whether you have signed up for many crypto exchanges or have many DeFi crypto wallets with the seed phrase and all associated details, you can now have very strong and hard to break passwords at the ready and you will not need to write them down manually as you can copy passwords even while they are hidden so anyone snooping on you will just see a lot of dots and nothing else.

KeePassXC will allow you to create a master password or master key. You guessed it right: We prefer the key. What is wrong with the password? Well, that one you will have to remember and you might as well not make a difficult (hence strong) one as it would be hard to recall. And there you have a major vulnerability. It is like having a bullet proof Tank but the hatch is made out of cheap wood.

Now, the key is different. Why? Simple: You can store the key in a usb drive (dedicated to that purpose ONLY!) Yes we are scolding you 😝. Now really, DON’T EVER use that thumb drive for anything else than validating your KeepassXC database.  Database? Yes. KeepassXC works with a database file where it stores your keys. This database (or DB) will not open at all unless you have your key. For enhanced security, we keep the DB in one USB stick and the key in a second one. Both are well kept and safeguarded as they hold passwords to access many valuable resources (not just money be it crypto or fiat).

Conclusion

While using a VPN reduces the chance of being affected by an attack like the one we previously mentioned, it is not a magic wand against bad practices. That is why using a tool that aids us when it comes to store our passwords in a manner that allows us to use a password per resource, is not a good idea but instead mandatory if we want to keep our data to us and not loose it to some unscrupulous snooper trying to steal it. KeePassXC is being actively upgraded, it is an open source tool (which means it can be audited by professionals and if it ever has a vulnerability or issue
the open source community will let us and the developers know about it, so it can be fixed) and it’s FREE so there are no excuses to avoid using it.