How do I manage RSI

Manage your logins with a password manager

  1. Audio & Podcasts
  2. counselor
  3. Current article

A login for all websites is convenient, but carries great risks. The alternative: a password manager.

Author: Méline Sieber, moderation: Sandra Schiess

To subscribe to this podcast, you need a podcast-compatible software or app. If your app isn't in the list above, you can simply copy the feed url into your podcast app or software.

It's very convenient: we can log into many websites with a Facebook or Google account. So we don't have to create a separate account for websites such as Tripdavisor, AirBnb or Ebooking, we just have to give Facebook or Google the OK to allow us to log in to these third-party websites with the same login data. It's practical and convenient.

But with this we create a single, major weak point: If information about our Facebook login ends up in the wrong place, attackers can also access our data on all of these authorized third-party websites. This is exactly what happened last week: Unknown people stole data from 50 million Facebook users (Facebook statement). Part of the theft was not the login data itself, i.e. user name and password, but so-called “access tokens”. These give the okay that a user can log into a third-party website via Facebook. The attackers can use these "access tokens" to access these authorized websites without knowing the Facebook login data.

The incident illustrates that while single sign-on is convenient, it involves major risks. The only remedy is inconvenience: Always create a separate login for each web page and avoid single sign-on. This leads to an abundance of login data that can best be managed with a password manager.

These password managers are recommended:

  • Under “Facebook settings => Apps and websites =>“ Active ”tab, check which third-party websites you have activated“ Single Sign-On ”for your Facebook login and can deactivate it.
  • Do not use any (password-protected) Word or Excel files for password management.
  • Password managers also help create good passwords.
  • Password managers primarily run locally on your computer, but are also available in the “cloud”. While this allows you to access your passwords from anywhere, it poses an additional risk.
  • The password for the password manager should be treated like other sensitive content: Write the password clearly legible on a piece of paper and keep it like the jewels of the great-grandmother or the tax return. Because if this one password gets into the wrong hands, all of your remaining login data will also be compromised.
  • Make a regular backup of your password manager on a separate medium (CD, USB stick, external hard drive). Password managers often offer this backup option within the program.
  1. Audio & Podcasts
  2. counselor
  3. Current article