04 Dec Password managers

This is a story about passwords. When you see something in the news about “compromised credentials at Target” it usually means that a password was used to break in. If someone can guess that my used-everywhere password is “Fido” they don’t have to mount a sophisticated attack to own my bank account. Passwords are still important.

For a very light computer user I recommend unique long passwords like “23DogsAreChasingTheCatAgain!” written on a piece of paper.

The rest of us face a more difficult situation. How can I remember many (long, complex, frequently changing, unique) passwords? The answer is easy.. use a password manager. They store really complicated unique passwords like one of mine, 9_g6M+Z@z%ZJx8*yAp%*. These passwords are kept in an easy to use format with other information like web site address, username and format for automatically doing the web site login. Using a unique password for each web site is a great idea because it means when Home Depot is breached the compromised password doesn’t also work for my bank.

Obviously the one password used to open a password manager is critical. No room for “Fido” here.

The bottom line is: Use a password manager.
—For web site logins LastPass stores passwords in the cloud and synchronizes between phones, PCs and Macs. Additional security can be added with a hardware token.
—If you want to avoid the cloud, store passwords on a computer or removable device and use KeePass.
—To increase password manager security use a hardware token.
—Mac and iOS users can use Keychain, the built in tool that stores passwords in iCloud

Hey, how about a new year’s resolution to use different passwords for all web logins?