With password breaches in recent years, it’s become an imperative not to reuse passwords.
The RockYou breach in 2009 leaked 32 million logins and unencrypted passwords. The Adobe breach in 2013 leaked 152 million logins, encrypted passwords and unencrypted password hints. The Ashley Madison breach in 2015 leaked more than 30 million logins, encrypted passwords and account profiles.
In all three breaches, “123456” and “password” were among the most commonly used passwords.
People use simple passwords because it’s too hard to remember strong ones. This is where a password manager can help. Password managers store your login information for the websites you use and help you log into them automatically. They encrypt your password database with a master password, which then becomes the only one you actually have to remember.
If you’re a Mac OS X user and have ever saved a login for a network share or wireless network, you’ve used the built-in password management application, Keychain Access. Syncing to the iCloud service was added in recent years to help share credentials between all your Apple devices.
The most well-known online password manager is LastPass, which was just acquired by remote desktop service LogMeIn. The system uses a browser plug-in that facilitates creating, storing and entering credentials for you. Since the software is browser-based, it is very cross-platform.
Other popular password manager software includes 1Password, which started on Mac OS X and also supports mobile devices and Windows. Its feature richness makes it a worthwhile purchase for many users, but mobile device syncing has been known to be cumbersome. For Windows users, Password Safe is a popular choice. My personal preference is KeePass for its portability across Linux, Mac OS X and Windows.
It’s unrealistic these days to create strong passwords that you can remember for every website that you use. With a password manager, you don’t have to anymore.
Vincent Hoang is an enterprise architect at Hawaiian Telcom, a certified information systems security professional, GIAC systems and network auditor and Cisco certified network professional. Reach him at vincent.hoang@hawaiiantel.com.