Safe and Easy Ways to Store Your Passwords
After the recent Heartbleed vulnerability became news, many of us are concerned about the security of our data on the web. Tech Talker describes some easy tools to safeguard and manage all your passwords (no memory tricks necessary).
Now that the Heartbleed bug is mostly fixed across the internet, let’s take a look at the wake produced by this online fiasco.
Here at Quick and Dirty Tips, we’ve covered the Heartbleed bug in a blog post by yours truly and in a podcast by the Get-It-Done Guy. These summarize really well exactly what happened and how your data was vulnerable.
As I’m sure you’ve noticed, almost every company that you’ve accessed online has sent you emails telling you to reset your password just in case it was intercepted by a hacker. This is a great time to bring up password management and how exactly you should go about changing and managing your passwords.
Both the Get-It-Done Guy and I have done a number of episodes on the topic, but today I want to tackle some specific apps that will help you to manage your passwords easily.
Sponsor: Visit GoDaddy.com to get your $2.95 .COM domain. Some limitations apply, see website for details.
Why You Need Strong Passwords
I’m sure you’ve heard this advice before: “Never use the same password for everything!”
In the early days of the internet, this was probably pretty easy. You would probably have your main computer login and then a few websites and email passwords to remember. Now it seems like every forum, blog, and website requires a username and password.
I don’t know about you, but at last count I had around 60 different logins to various sites across the web. Remembering those passwords would be next to impossible, and I definitely don’t have enough room on my arm to write them all down!
This is why I suggest using a password management system.
Why You Need a Password Management Tool
One of my favorite tools out there for managing passwords is called LastPass. It’s free to use the basic version, and there are premium features that you can pay for such as mobile apps and multifactor authentication. I simply use the free version and it works great.
LastPass acts as an add-in to many popular browsers and it will remember all of your passwords and keep them secure with one master password (which is the only one you’ll have to remember). An awesome feature of LastPass is that it keeps your passwords in the cloud so you don’t have to manually update your passwords as you switch between multiple computers and mobile devices throughout the day. So for example, if you want to log into your favorite retailer’s web site from your home computer, and then again from your work computer, LastPass will know your password automatically.
This, however, is the thing that concerns many people about using LastPass. If all your passwords are stored in the cloud, what if LastPass gets hacked? The hacker would then have access to all your private information.
This was a concern of mine for quite some time, too. However, LastPass is a security company above all else and has put many different safeguards in place to protect your passwords from prying eyes.
First and foremost, everything on LastPass is encrypted. Your master password acts as the encryption key to your vault of passwords. Now, while I’m not sure of the specifics of LastPass’ encryption scheme (it’s a closely guarded secret), good database password management tools add something called a “salt.”
As I mentioned in a previous episode on How to Encrypt Your Files, a salt is a secret ingredient thrown into the encryption process that makes your encryption unique.
It works like this…….
Let’s say all of LastPass’ password databases were stolen and an attacker was trying to break the encryption. To do this, the would try every possible password to break in. This is called a brute force attack and it generally takes a very long time to be effective.
With traditional encryption schemes, once the password is broken the attacker would have access to the entire database of passwords. However, since every user has their own secret ingredient (aka, the salt), the attacker would have to perform the brute force password process over and over again for each user!
Given that some brute force attacks can last anywhere from weeks to years, means that it is not very feasible for an attacker to get at everyone’s data easily.
There’s something else you can do to be doubly sure that your data is secure. You can enable a second method of protection called two-factor authentication. This is like needing two keys to open a lock. The first key would be your standard password just like before and the second key is entirely different. This second key varies from website to website, but LastPass gives you a few options.
My favorite option is a smartphone app called Google Authenticator. This free app will give you a code that is only good for about 30 seconds. You’ll type this code in just like a secondary password and go from there. This is pretty cool because you need your master password and your phone (or some other form of Google Authenticator) in order to access your LastPass account. You can check out LastPass’ website to see other forms of two-factor authentication, including fingerprint scanners and thumb drives.
A Cloud-Free Password Management Tool
Now let’s say that you’re just not comfortable with your passwords being accessible in the cloud. I can sympathize with you 100%. That’s why my other favorite program is called KeyPass. This simple and free password management program stores everything locally on your hard drive. It’s open source so anyone can see the code (but not your passwords). I use it in conjunction with LastPass to make my password vault as safe as possible.
With that, here are your 3 Quick and Dirty Tips for managing your passwords:
-
Password managers such as LastPass and KeyPass are great ways to keep your passwords securely locked up, but still easily accessible.
-
LastPass allows you to sync all of your passwords between your devices by saving them to the cloud, whereas KeyPass only stores your passwords on your local hard drive.
-
If you want to strengthen your online password security, enable two-factor authentication wherever you can.
Well, that’s it for today! Be sure to check out all my earlier episodes at quickanddirtytips tech talker. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on Facebook QDTtechtalker.
Until next time, I’m the Tech Talker, keeping technology simple!
Password and computer security images courtesy of Shutterstock.
You May Also Like…
About the Author
Tech Talker demystifies technology and cutting edge devices so that even the most tech illiterate can understand what’s going on with their computer or gadget — and what to do when something goes wrong.
