Personal Security: Password Management

Posted by Ken Moire & filed under Security.

Every year, companies spend billions of dollars on IT security infrastructure. Despite that, hackers continue to adapt and find new ways to exploit vulnerabilities and expose sensitive user data. Many go unnoticed, but in the last year alone, several high profile hacks were reported, most notably Target and more recently, eBay. In the case of the notorious Heartbleed Bug, a back door was left open with a vulnerability in OpenSSL, used by most of the Internet for encrypted, secure connections.

Given these large-scale security breaches, it can feel like there’s very little one person can do compared to the scale and severity of these exploits. But in fact, there are measures we can take to help protect our online information and minimize the impact of these breaches. In this Personal Security series, I’ll share ideas, tools and steps to keep your online activities more secure.

Password Managers

In many cases, the first thing that users are asked to do following a known breach on a website or application is to change their password. But if you’re using the same password across multiple sites, that means you need to update your password everywhere it was used. Do you remember all of the places you’ve used it? Probably not. And the risk for you is even worse if you’re using a weak password because they can easily be cracked. If your password is ‘admin’, ‘12345’ or your kid’s birthday, it’s time to upgrade your passwords and start using a password manager.

In a nutshell, password managers allow you to create unique, complex passwords for each website or application that you visit and store them in a central secure system. The best ones use AES 256-bit encryption and other strong security measure like one-way salted hashes. The passwords are not stored locally (like in your browser) — rather, when you visit a website, your password manager passes an encrypted token between your machine and your password service’s server, assuring a secure connection before a password is retrieved. Once the secure “handshake” is made, the password manager can auto-complete the login form, so in essence you will never need to remember the password stored for any particular website (trust me, it’s better this way).

There are several popular password managers on the market. Dashlane and LastPass are two of our favorites, but there are many more, each with their own price models and feature sets. You should explore all of the options and pick the best password management system for the way you use passwords.

Benefits of Using A Password Manager

Besides generating and storing complex passwords, there are other benefits of using a password manager:

  • They keep track of all accounts you’ve created across the internet. Without a password manager, it’s easy to forget your account history.
  • Many password managers provide helpful security reports, like a list of accounts that are compromised by known exploits. When Heartbleed was announced, LastPass provided a report for all of the sites that could be affected so you knew immediately which passwords needed updating.
  • Most password managers alert you if you’re using the same password across multiple websites. It’s a habit that most of us fall into if we’re not paying attention. Password managers help pay attention for us.
  • Some password managers include a mobile app that lets you retrieve passwords while on your mobile device.

There are several other best practices for using passwords, however, using a password manager can make the job of managing your accounts and passwords easy. Do yourself a favor and use a password manager service and get peace of mind.

Comments are closed.