Print Friendly, PDF & Email

PASSWORDS – Problems We Face

There was feedback from my last post about the security problems with smart phone apps. The realization that your apps may have access to your contact list, where I know many of you store passwords hit some alarm bells. Folks suddenly realized that their entire digital lives, passwords they can’t even remember themselves, could already be in the hands of people they do not know.

The other problem we have is that out of sheer necessity we reuse the same password over and over again. I have counted no less than 60 different sites that I have logged into in the past month. At best, I am able to remember about six passwords so I obviously am guilty of password duplication in my personal life.

I did some thinking on how to resolve this problem. How to be secure and still be able to quickly and easily logon to all those places we all go.

PASSWORD MANAGERS - This Changed My Life

The answer is to start using a password manager, and I must say that this is going to be something that you rely on and use every day. Not only will this help you begin to setup unique passwords for all the site you logon to, but this gives you the ability to logon to sites you have not visited in years, places you forgot you even had an account.

How Password Managers Work

A password manager is a program that stores an encrypted database of all your passwords and other sensitive information. You will be required to remember a master password to be able to open this database. This database is stored to the manufacturers cloud storage and then accessed from all other computers, cell phones and tablets you own. Even though this sensitive information is now in the cloud, no one should know that master password. So if you forget the master password there is NO way of opening this database. This means even if someone were to get a copy of the database, they could not get any information from it without this master password.

Password Manager Network Diagram

Password Manager Network Diagram

Some password managers have add-ons for Internet Explorer, Firefox, Chrome, Opera and Safari. What is nice about these add-ons is that they make logging into websites a breeze. No need to cut and paste passwords between windows, just click a button, enter the master password and your credentials are entered securely. Password managers often provide apps for smart phones and tablets that will let you log onto websites from these devices as well. The apps can be trained to use a PIN instead of the long master password for ease of use while you are on the go.

You can also create a shared folder with passwords you might want share with family or co-workers. Shared folders can be setup so the users you share passwords with can logon to sites using the shared credentials, but optionally not be allowed to see the passwords themselves. You can stop sharing the password folder to prevent users for using the passwords in the future.

Lastly, many of these products allow you to fill out forms. What this means is that it can auto populate your name, address and credit card information with a single step.

Which Password Manager to Choose

PC Magazine did a recent comparison between several password managers out there. The one I have chosen to use is called LastPass. This one seemed to have the best support for the Windows phone I use and the company is located locally in Fairfax, VA.

Click on image to read reviews

A Quick Word about Passwords

So what makes a password secure? From the point of view of a brute force attempt to decipher your password the one thing that challenges the decrypting machine is the length of the password. The use of capitals, symbols and numbers have no effect on making a password secure, just harder for humans to remember.

There are 94 characters in the English ASCII character set. These are the letters, capital letters, numbers and symbols you can type on an English language keyboard. Therefor each additional character added to a password multiplies the possible combinations by 94.

With current technology a good password should have:

  • At least 8 Characters
  • Should not be a single dictionary word
  • Should not be something someone might guess as your password i.e. pet name, birthday, address, nick name
  • A random two word combination can be a good compromise between security and ease of use

Conclusion

Password Managers seem to work best with websites. You can store your network logon and application passwords like the one you use for QuickBooks as a secure note in the encrypted database. However, you will still need to type these passwords into the logon screens that are not in a browser.

There is some risk in using a password manager. I have no way of knowing if the vendor has enabled some sort of back door to the database. If the master password is compromised, then ALL your passwords are compromised. That being said, I think the benefit of managing your passwords yourself, instead of using google, microsoft or facebook for example to access other sites (that they do share your personal data) is a win for the typical user. A password manager also enables you to use different passwords at every site, so if one site is hacked (i.e. Home Depot, Target, Adobe, Sony etc.) you can feel safe that that password is not being used elsewhere. I encourage you to discuss the options with your friendly Invario Network Engineer.

INVARIO REFERRAL$

If you know of a company that would be interested in the services of Invario Network Engineers, please reply to this e-mail with your suggestions, and with whom we should contact.

That is all you will have to do! Upon receipt of the first payment from a new customer, Invario will pay 10% of the retainer or labor portion of the first project to the referring person or company. If a new customer signs up for a Worry-Free IT or Server contract the referring party would receive the equivalent of one month of the agreed to contract.

Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

FEEDBACK

If there is an IT topic you would like to know more about please e-mail me your suggestions.

Dave Wilson