Managing Your Passwords

With the proliferation of websites, subscriptions and access points all requiring you to establish an ID/account, managing your passwords becomes a challenge. Using the same password for many sites is not a secure practice, as it risks the possibility of ID theft or unauthorized access to your information. Many of us have difficulty remembering the unique credentials and password we used, especially if it is for a site you do not visit frequently. For these reasons, using a password manager could be a worthwhile effort.

Password managers are software applications or services that allow you to build a directory of the applications/sites that you access, the login ID and password used to sign in, and helps you to organize these details. Many will generate a secure password when you register for a new site and then load the details into your profile. It can also fill in your credentials when you navigate to a site you want to use. Storing details in a password manager is much safer than storing in your browser, as values held in the browser are often not encrypted or secured.

Password managers require you to remember one thing: your master password. You set a master password when you set up your account; if you lose it or can’t remember it, it can be very difficult to recover your data. When you visit a website, the password manager will either log you in automatically or auto-fill the values so you can manually login. Password managers can also fill in online forms; you build a standard profile for name/address etc. and the data can pre-fill a registration form for you. As an example, it can automate the entry of your data for online shopping, rather than entering your billing and shipping address every time.

There are several password managers available without cost or for a small annual fee, depending on the package and devices involved. Their method for keeping your data secure breaks down into three main types:

 Encrypts and manages your passwords and related data on their secured cloud-based website, for access to any device (PC, Mobile device, etc.) that you are using. Cloud based tools also allow for you to store a backup archive on your PC, on a USB drive or you can print your profile. Some examples of cloud-based password managers are: Last Pass, Password Genie, DashLane, MSecure and KeePass.

PC-based storage

Stores and manages your data on your computer in an encrypted file. Downside: you have to manually move/manage the data if you are using a mobile device or other computers. Examples of PC-based password managers include: RoboForm, DirectPass and Norton IDSafe. (Some software bundles include password managers, including Trend, Norton, etc.)

Hardware based

Typically using a USB drive, the device encrypts and stores your credentials and accesses it when you log into a site to authenticate you as the user. The USB drive is portable for travelers, but may not work easily with some mobile computing devices. Examples of Hardware based password managers include: Kaspersky, Splash ID Safe, MyLok+ and others.

If you use a mobile device (smartphone or tablet computer) in your work, make sure there is a mobile app of your password manager that can port to your device as well as to your desktop or laptop computer. Additionally, always use the highest level of encryption that the tool you select offers, and be sure there is a secure way to periodically export your profile/passwords to be stored in another device or location.

Finally, a few tips on making your passwords more secure:

• Use a group of random words together. Four unrelated words that you can easily remember is a simple and secure way to set a password.
• Use uncommon patterns which would slow the cracking of a password. Example: instead of using 'thequickbrownfox' mix up the order to 'quickfoxthebrown' as this does not match commonly available word strings used to crack passwords.
• Don’t use biographical data – don’t use your birthday, house address, phone number, spouse’s name, etc. in your password. These details are all too easily found.

Some experts recommend using symbols along with upper and lower case letters and numbers. Current thinking is that it is more important that the length of the password for more security.

Here are some examples of how long it takes to crack a password:

• Five characters gives 10 billion possible combinations – can be cracked in five seconds
• Six characters – takes 500 seconds
• Seven characters – takes 13 hours
• Eight characters – takes 57 days!

The moral of the story: Make your passwords long!

Use a password manager – it is a simple and effective way to protect your information and your data.

Most password manager software allows you to access a free trial version. Check it out for yourself and see if it can simplify this part of your computing.