Far too many people either use the same password for all their accounts, or use easy-to-remember passwords (entire words with a variation, like “3xtr0v3RT”, or even worse “hello111″). Such password practices make accounts extremely easy to hack, and like it or not, using a different password for every account is good practice. Even the casual Internet user will have a few accounts, whether it be eBay, social media, or most important of all to protect: online banking.
Adding an extra number to a bad password – “houses1” – doesn’t significantly improve security. Completed or partial words are to be avoided; allusions to your initials, company name or user name are terrible ideas. Completely random passwords work best, like “H@4qtypu$F?A” (created using a password generator, 12 characters, includes specials). No, they’re not easy to remember, but they work. Some people write their passwords in a little notebook, hidden in their wardrobe. A Chinese hacker certainly wouldn’t be roaming around in your house, looking for your list of passwords, but supposing one day you forget your little notebook when you’re at work? Panic ensues. Password managers exist for this reason. They are a piece of software which helps a user organise their passwords.
I’m going to look at two popular password managers, KeePass and LastPass, though there are others. KeePass is desktop-based, whereas LastPass is a plugin for most browsers. Both are free, and both are secure.
KeePass is a popular desktop application that stores passwords on your computer in an encrypted database. Clients and ports are available for Windows, Ubuntu, Linux, Mac, Android, iOS and more. It is incredibly easy to install and create a new database file. There are controls for generating a very secure password, where you define the character set and password length. Typing in a password shows how many bits encryption it will provide, and how secure it is.
Because the data is stored on your computer, you are responsible for these passwords. You would have to sync between devices manually and remember your Master Password. The Master Password, as the name suggests, is a password that grants you access to all your other passwords. If you forget your Master Password, there is no way of restoring your passwords. Whilst remembering one Master Password might be a pain, it’s certainly better than trying to juggle twenty in your head. KeePass is good if you use one computer, annoying if you regularly swap between computers, but really, it’s not difficult to save the file on a USB stick (and remember your automatic backups!). Alternatively, you could keep your KeePass database in a cloud, such as Dropbox.
LastPass is a plugin that works on most browsers. You’d have to install the plugin on all browsers you use across various computers, but it’s easy to install and log in via email address and password. Like KeePass, you have to remember your Master Password. LastPass doesn’t store this Master Password, but they do store a password hint just in case you forget. If you still forget, you can’t restore your passwords.
Passwords are stored in a cloud; some people might be uncomfortable with this, but LastPass confirm that they do not store passwords on their servers, and encryption occurs on your computer. LastPass has extra security settings, like: logging off when the browser is closed, logging off when idle, protecting a particular site (like a bank login), sending password change emails, a virtual keyboard, one-time passwords, and more.
It is has a simple password generator, with options for password length and character choices. It doesn’t tell show how many bits encryption it will provide, however, but does show how secure it is with a coloured bar. It is easy to import passwords from other password managers. LastPass Premium costs $1 a month to access LastPass on mobile devices.
The longer the password, the better. The more variety of characters (uppercase, lowercase, underscores, specials), the better. Which makes it extremely frustrating when some websites limit a password to 6 – 8 characters, or disallow special characters.
So: don’t put your passwords where others can find them (a sticky note on a monitor), don’t share passwords and don’t repeat passwords. Use a password manager.
And if your password is “password123” or “ilovecats”, you probably deserve to be hacked.