So Many Passwords, So Little Time
SecureState recently covered how weak passwords can leave your accounts open to attack. However, once you have created complex, unique, 14 character passwords for your social networking, email, shopping, banking, and work accounts, how will you remember them all?
First, we should cover a few things you should never do to remember your passwords:
1. Never write your passwords down on paper (and especially never attach it to your computer via a post-it note
2. Never store them in plaintext in a Word, Excel, text, or similar file on your computer or network
3. Never create shared passwords and accounts for multiple users
4. Never use built-in browser password managers without verifying that the security settings prevent other users on the computer from accessing them
The best way to securely store your passwords is by using a password manager. Password managers store your passwords behind a single, strong master password. Many password managers share similar features to make accessing your accounts easier. This includes automatically populating forms, randomly generating passwords, and functionality across multiple devices. Their most important feature though is how well they protect your passwords. Below is a rundown of popular password managers and their security features:
KeePass is a free, open source application that encrypts your passwords via the AES standard and the Twofish algorithm. AES is a National Institute of Standards and Technology-accepted standard for encrypting data that supports a block size of 128 bits and key sizes up to 256 bits. Since it is open source, KeePass offers a number of user-created plugins to improve functionality, including mobile support, password strength metrics, passphrase generation, and advanced cryptography and key providers. KeePass also helps organizations that support multiple administration personnel by allowing users to store the password database on a network location with access via a single master password or key file.
Similar to KeePass, Password Safe is a free, open-source password manager that uses the Twofish algorithm. Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. Password Safe does not offer the advanced features of the other options, but it does effectively allow you to store and manage your password.
LastPass offers a basic free version and a premium version with additional features and mobile device support. Regardless of which you select, LastPass will protect your passwords with AES 256-bit encryption and routinely-increased PBKDF2 iterations. LastPass also supports two-factor authentication. One of its best features is that it tracks website compromises and can alert you if your password needs to be changed.
Dashlane offers a basic free version and a subscription-based mobile version. Dashlane uses AES-256 encryption with 10,000+ rounds of PBKDF2 salt and two-factor authentication via Google Authenticator. One of Dashlane’s best features is the ability to change your passwords to any site via a single click.
Now that you know some of your options, which password manager will you choose?