Password management tools
Recently, a number of high profile organisations (such as LinkedIn, eHarmony, Last.fm, Formspring and others) have reported that their username and password lists have been leaked online.
Aside from the normal security risks this has, it also underscores the risks of using the same password for multiple services. For example, for users who might have used the same password on their web email account as LinkedIn, once a hacker has access to a LinkedIn account with an email address like “hotmail.com” or “gmail.com”, one of the first things they will try is logging in to those services with the same password.
Statistically, in 73% of the cases, it will work (according to a study by Trusteer).
The obvious solution, and the one I highly recommend, is to use a different, strong password for every website. This can mean dozens, or in some cases hundreds, of different usernames and passwords to remember.
Enigma IT Solutions have evaluated a number of different solutions for managing these, and there are two stand-out winners. Both of them, best of all, are free.
In all cases, they rely on using a single master password, which unlocks a database storing all the other usernames and passwords.
If you only use one computer, then Password Safe, originally developed by highly respected security researcher Bruce Schneier, is an excellent option. It will generate random, strong passwords for you, keep track of them and remind you to change them regularly. With PasswordSafe, the database never leaves your computer – which is great for your security, but difficult if you need to use multiple computers. It’s also critical that you back up the database regularly.
If you use a number of computers, and are comfortable with trusting a third party, consider LastPass, which stores an (encrypted) copy of the database on LastPass’s servers. Plug-ins are available for most popular web browsers, and if you want to upgrade to the premium service (currently $12 per year), and iPhone/iPad app for when you’re using a computer without them and don’t want to log in to the website – which, clearly, you should never do from an untrusted computer such as at an Internet Cafe or public Wi-Fi hotspot.
With either of these packages, they’re only as safe as the database, and how strong you make your master password – so the security of your own computer is still critical. The objective is to minimise the harm if one of your passwords gets loose.
For further details, or other advice on password management and computer security, contact Enigma IT Solutions today!