FIVE PASSWORD MANAGEMENT RULES AND WHY YOU NEED TO USE ONE
Need a reminder of why strong passwords should be at the top of your technological priority list? Consider the story of Houston, TX, parents Marc and Lauren Gilbert, who on August 10th discovered a hacker had compromised their video baby monitor and was shouting lewd comments at their sleeping two-year-old daughter.
How did it happen? According to the family’s Internet service provider, a weak or nonexistent password for their Wi-Fi connection was the main culprit. Other high-profile password breaches include the Syrian Electronic Army hacking into the Facebook and Twitter accounts of high-profile news outlets like The New York Post and Washington Post, along with the recent proliferation of security researchers (or “ethical hackers”) pointing out the vulnerabilities of home automation systems.
What does this mean for you? Well, according to Ars Technica and a Microsoft study, the average web user has 25 different online accounts but only uses 6.5 passwords to protect them. This means that people commonly reuse passwords, which dramatically increases security risks since a breach of security on a first site can lead to access to an average of three or more other compromised accounts. Security penetration testers report that while they couldn’t dream of cracking 16 character passwords several years ago, it is now very feasible because of massive improvements in computer power. A single chip can try 8.2 billion password combinations per second!
Add to that, hackers now have a new and much better understanding of how people choose passwords. A hacked list (“Rockyou”) of 32 million passwords provided hackers with a rich enough database to show that people use common rules when choosing their passwords. As examples, capital letters almost always come at the beginning of a password, while almost all numbers and punctuation are at the end. It is also very common for people to use first names followed by years, such as Bill1956 or Susan1991.
So what should we do? Start by creating strong and unique passwords that are not based on words or names, do not follow the simple rules, and include at least eight characters that mix upper- and lower-case letters, numbers, and symbols. But what do you do with all of those unique passwords once they’re created? Write them down on a “secure” piece of paper? Count on your browser to remember them all? Hope you can figure them out when you’re using a mobile device?
That’s where the password management tools listed below come in handy. Some are free, some charge a nominal fee, and some are capable of doing much more than just remembering that random string of characters you generated.
Dashlane (free for single-use; $20/year to sync computer and mobile accounts)
Dashlane remembers all your passwords, automatically logs you in to password-protected websites, and also autofills other personal information, all of which is encoded via the two-factor authentication AES-256 encryption method.
LastPass (free for basic, $12/year for premium)
LastPass is very similar to Dashlane: it stores encrypted password data on your computer, unlocks everything with one master password, automatically fills forms, and syncs across browsers. The paid version adds support for mobile phones and tablets.
Norton Identity Safe (free)
The cheapest option of the bunch, Norton Identity Safe features basic password functionality across multiple computers, browsers, and mobile devices. A Norton toolbar also includes Safe Search browsing protection, and mobile apps for iOS and Android are also available.
RoboForm Everywhere ($9.95/year for first year; $19.95/year thereafter)
Roboform Everywhere provides unlimited access to password data on multiple computers and devices, also creating secure automatic backups of everything. The Everywhere level is pricy, but also includes desktop, Mac, and RoboForm2Go licenses.
1Password (From $49.99 – $99.99 depending on platform and number of licenses)
1Password creates, remembers, and restores strong and unique passwords directly within your browser, and also features automatic form-fill and personal information capabilities. 1Password also has its own iOS app and offers a 30-day 100% money-back guarantee.
Just remember when you create a ‘master’ password using password management tools: your password must stand up well against major computing power and the now-known password “rules”. So devise your master password well, and – in this case – don’t “follow the rules.”
Terry Whearley is owner of CMIT Solutions of Fairfax, a leading Northern Virginia firm which delivers enterprise-class IT services for the small business. Technology is a critical tool in running a business, and we ensure that our customers’ systems perform at peak efficiency every minute of every day. To do that, we provide cost-effective managed IT services that keep the business running while our customers run their businesses. Our mission is to worry about IT, so you don’t have to.