Protecting Your Passwords; Because You Really Only Have Three, Right?

You have exactly three passwords, don’t you? The first is one you use for all the logins that you don’t think house anything worth stealing. You use it when you are signing up for a Web site that you might not visit ever again. It’s the default password you deploy when you’re required to “create a free account” to read an online newspaper or RSVP to an e-invitation.

It was reading this excerpt that has caused passwords to become the number one area of concern to me in my online life.  Perhaps it the nearly daily email or DM on Twitter that I get from  friends hacked accounts offering to sell me little blue pills or the latest work from home scheme to the more sinister hackers stealing passwords account numbers and names address and social security numbers.

Regardless this has gotten me thinking about my own passwords how strong or weak they tend to be.  Upon closer examination it’s occurred to me that I have been using one of four passwords for most of the past decade.

For some decades, investigations of passwords on multi-user computer systems have shown that 40% or more are readily guessed using only computer programs, and more can be found when information about a particular user is taken into account during the attack. Automatic password generation, if properly done, can avoid any connection between a password and its user.

For example, one’s pet’s name is quite unlikely to be generated by such a system. For a password chosen from a sufficiently large ‘password space’, brute force search time can be made so long as to be infeasible. However, truly random passwords can be tricky to generate and they tend to be difficult for the user to remember.Wikipedia

 My concern is what set me on a mission to find a better way to generate and store more securely my passwords. There are a number of free password generators and keepers that are available but I am of the “trust no one” generation and of the belief that nothing worth having is free so I chose the premium version of LastPass which costs me $12 per year and allows me to install it on my Android powered devices and as many machines as I like. It integrates seamlessly into every major web browser ranging from Google Chrome, Mozilla Firefox, Safari and yes even Windows Explorer.

There are a ton of password safes out there including KeePassRoboFormPasspack,Password SafeLastPass, and 1Password. If and when I recommend any of these I always count on LastPass and 1Password. – Stepcase LifeHack

Once installed LastPass has a feature called Security Challenge that analyzes your user names and passwords to determine your overall security risk. The computer I use has been owned by me since 2002 and must be a testament to the quality product once made by Dell! The report revealed 268 user names and passwords most of them contain the same or variation of the four passwords I have been using,. Needless to say I failed miserably with a 28%.

After an initial period of getting used to which took about a week I became confident enough in LastPass that I have replaced all of my old passwords with randomly generated 16 character passwords on sites like facebook, twitter and all of my mail and banking accounts.

Security gurus tout the relevance of password managers, which generate unique passwords for you and store them under one password-protected program, but even they can be cumbersome. LastPass 1.72 Premium is PCMag’s Editors’ Choice for password managers. It keeps your encrypted password collection online and works across Windows, Mac, and Linux machines. – PC Magazine June 2011

Occasionally I’m  bothered by the fact that I don’t know any of those passwords but trade off is the comfort that I get by knowing that I have taken the steps needed to prevent my accounts from being hacked more than makes up for it. There are a plethora of password keepers available, this is the one I chose and I am more than satisfied with my choice. 

Related articles