1234. 123456. qwerty. Password. Are any of these your passwords? If so, you’ve unfortunately got one of the worst passwords of 2014. Are you also one of the 55 percent that use the same password for almost every website you visit?
UPDATE 6/15/2015- LastPass has confirmed that email addresses, password reminders, server per user salts, and authentication hashes were compromised. CEO Joe Siegrist said that the majority of users should be protected, although an email will be sent out regarding the incident. He explains further on LastPass’s official blog:
“We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.”
It’s time to change.
For better or worse, we live and (figuratively) die by our passwords. A good password is the barrier between your emails, private photos, your bank account, or your company’s data. As people sign up for (and later forget) more websites, it can be an absolute hassle to keep up with all your passwords.
A way to solve and manage this problem is through password managers which centralize access to your sites and apps.
How they work
On Google’s page about how to make a strong password, the company makes an excellent point:
“Choosing the same password for each of your online accounts is like using the same key to lock your home, car and office – if a criminal gains access to one, all of them are compromised.”
To avoid using the same key for everything, password managers work as a keychain that takes care of all your different passwords. That means that as long as you have your keychain, you’ll have access to all your sites. Ironically, this means that you’ll need a master password to access your password manager.
Assuming that you’re using a decent password manager, your passwords will be stored and encrypted either on their servers or locally on your computer. Even if they wanted to, employees of the password manager can’t access your passwords.
Another important feature to consider when choosing a password manager is two factor, or multifactor, authentication. In case someone gets access to your master password, two factor authentication adds another step to the logging in process.
Save time and headaches
Security issues aside, password managers are becoming more common across different companies because they’re very practical. One example of this practicality is that password managers such as LastPass will let you know if you have matching passwords and will generate a newer password and stronger password for you.
“Every time a team member has to sign up for a new account or service, they can just generate a new password with LastPass, save it to their LastPass vault, and then LastPass will remember it and autofill it when they return to the site. So they are saving time and hassle at multiple steps – when signing up, and when logging in to any website,” LastPass’s marketing manager Amber Gott said.
Another perk of your password manager generating new passwords is that it makes regularly changing your password (even if it might not be too helpful) much easier. Determining how often you should change your password is tricky business; making someone change their password too often can lead to people forgetting their passwords or choosing passwords that are easier to remember, but far more vulnerable. A password manager takes care of this by generating strong passwords and remembering them for you.
Some password managers also support shared accounts. For example, your company might use a bunch of different programs which all require separate logins. Instead of you sending out sensitive password information to your employees for access to a company app, you can use your password manager to assign access to different users. This can be as simple as setting up one email address and password which can be shared with all employees. As long as they have the password manager, they can access the site. The employee who gains access never actually sees the password that the company has chosen.
What’s out there
There are lots of password managers out there and I’d recommend that you do plenty of research before you commit to anything, especially when considering it for your business. Here are some options from the big players in the password management game:
LastPass is probably the most popular of the bunch. It has plenty of helpful features and is easy-to-use.
Dashlane is another popular password manager with a sleek design and interesting wallet integration.
KeePass sports a retro look but it’s free and open-source with a long and respected history.
1Password is multiplatform and sports a practical design. Aside from some reported kinks with OS X updates (not 1Pass’s fault), 1Password receives tons of positive reviews.
Sticky Password was PCMag’s editor’s choice for password managers due to its strong security features. It also supports importing passwords from its rivals, such as LastPass.