A reader has some very valid concerns about passwords:
“I believe it is time to do away with passwords. After I got over my initial fear of using 2FA (is that term even used anymore?) I find it very easy to use 2-factor for ID and I feel secure using it now. I believe it’s a much better way to identify myself. Everyone has (and uses) cell phones now and we always have one close by. UMC (United Medical) recently got hacked here so every one of my medical records, along with Humana records are out there somewhere. That includes passwords, too? This hacking goes on daily, somewhere in the U.S. I have a 3×5 box FULL of my passwords to websites I’ve been to so I don’t have a fear of losing them, plus Google keeps them for me too, but just how secure are they?”
You’re so right about hackers being out there getting into accounts on a daily basis. Enabling 2-Factor or multi-factor authentication is the most important step to take to protect your accounts. Your Google password manager does encrypt your passwords and uses the multi-factor authentication measures you have in place for the rest of your Google account.
Could passwords saved and synced in a Google, Firefox, Apple, or Microsoft account be attacked by hackers? Yeah, it’s possible. They are at it all the time. As you well know because of the medical records hack, your passwords are far more likely to be compromised when you account with the bank, hospital, insurance company, etc… is breached by hackers.
One extra step you can take is to make sure you’re alerted if your saved passwords turn up online. Go to https://passwords.google.com/. Click on the settings icon.
Make sure Password alerts are turned on.
Enabling multi-factor authentication is the best protection you can have against that happening. Even if hackers were to get into your password manager, they can’t get into your account without the additional code or authenticator app confirmation.
Nothing is 100% safe these days but multi-factor authentication is the most important step you can take.