Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Three password apps to protect yourself from trouble like the Gawker database hack
One of the biggest lessons to be learned from the Gawker fiasco is this: don't use the same password everywhere.
But remembering all those different passwords is hard, yo!
Yes, it is -- but there are secure tools you can use which make it so you don't have to do the remembering yourself. Apps like LastPass, OnePassword, and KeePass make creating and utilizing complex, secure passwords a trivial task. All you need to do is pick an app, create an account, and set up one really good password you can remember to protect it. Your password manager will take care of the memorizing.
Take the jump to see how easy it can be to better protect your logins online!
Once your password has been created, you only need to enter it once. After that, you can simply use your app of choice to log in for you. Creating strong passwords is only part of the battle, of course. You log in to dozens of websites, and that means piles and piles of login credentials to remember.
Don't sweat it. Any good password management app can handle whatever you need to throw at it. Chuck two hundred sites into LastPass, KeePass, or OnePassword, and they'll beg for more. Since they can handle the workload, make sure you use a different password everywhere you create an account. If one of your logins should get compromised -- like your Gawker commenting account -- it's only one account. Since you've been generating strong, unique passwords for each site, a ne'er-do-well can't simply take that password and, say, jump on to your Flickr account and post pictures.
It's also worth noting that everything these apps do is encrypted. Passwords on your computer are stored in a heavily encrypted format, so even if someone stole your laptop they'd still have to break the one uber-hard-but-memorable password you used to lock it down. It's much safer than using your browser's built-in password storage -- a free app from NirSoft can reveal most of those in a heartbeat. You're also safe from keyloggers, since you don't actually press any keys to input your password into login forms -- the app does all the data entry for you.
The three apps I've mentioned are available on a number of platforms, so you can even access all your passwords on the go from your smartphone. You've got nothing to lose, and a whole lot of peace of mind to gain by securing your precious logins with one of these tools.
KeePass
LastPass
OnePassword
Got another favorite password management app? Share it with us in the comments!
It's also worth noting that everything these apps do is encrypted. Passwords on your computer are stored in a heavily encrypted format, so even if someone stole your laptop they'd still have to break the one uber-hard-but-memorable password you used to lock it down. It's much safer than using your browser's built-in password storage -- a free app from NirSoft can reveal most of those in a heartbeat. You're also safe from keyloggers, since you don't actually press any keys to input your password into login forms -- the app does all the data entry for you.
The three apps I've mentioned are available on a number of platforms, so you can even access all your passwords on the go from your smartphone. You've got nothing to lose, and a whole lot of peace of mind to gain by securing your precious logins with one of these tools.
KeePass
LastPass
OnePassword
Got another favorite password management app? Share it with us in the comments!
Comments
19
Subscribe to commentsbkj216Dec 13th 2010 8:41AM
Ah LastPass...a free app so great I actually purchased the premium version even though I have no use for the premium features.
lastriderDec 13th 2010 11:10AM
@bkj216
I did the exact same thing. Though the Android app is helpful though I hardly use it.
master811Dec 13th 2010 9:36AM
Not sure I agree with needing a separate password for every single site. That's not to say you shouldn't have different ones, but if someone gets access to your forum/commenting account somewhere, it's not really the end of the world as there's no real damage that can be done.
It's easier to simply use 1 password for all those sort of sites, and use more secure ones for email, banking and online shopping etc. Again keep all those separate, but group passwords by how secure they need to be, with email/banking at the top followed by online shopping with everything else below that etc.
NeoprimalDec 13th 2010 10:14AM
@master811
The problem is that if someone wants to be malicious the first thing they're going to do is try the password in some email addresses and from there on out it's trouble.
So, while your advice is not...wrong, per se - it would still be problematic to use one password on a bunch of similar sites because then someone can just try it in, say in the case of blogs/forums ... gizmo, disqus (which is used by a bunch of sites), aol sites like this, etc. They'll try it in email sites like gmail, live.com, etc. So the person who has 1 password for a bunch of forums/emails/etc. is in for trouble if any ONE of them get hacked.
It's safer AND better to plug your most frequent accounts with a few different pw you can def. remember, and the rest with generated ones from programs like Lastpass.
SilverWaveDec 14th 2010 8:34PM
@master811
Wrong.
If they break in to one site you have compromised all the others.
Bite the bullet and make them contain long, upper, lower, number and special.
Like I say its a pain but its a one off.
You will need a pw manager of some kind but I couldn't recommend anything online.
master811Dec 13th 2010 1:06PM
@Neoprimal
Oh of course, always keep email/banking passwords separate, I hoped in no way implied you should use forum passwords the same as everything else, just keep all forum passwords the same, especially if you are registered on a lot of them.
dancinbojanglesDec 13th 2010 11:10AM
I use Keepass in conjunction with Dropbox to achieve veritable password nirvana. Even my android phone can get in on the action. Lastpass never really did it for me.
That said, I've been having a bit of a problem with it since switching to Chrome as my daily browser. Every time I use Keepass' auto-type, it pops up with my Google login as well as the one I want. Has this been happening to anyone else?
AndreDec 13th 2010 5:36PM
@dancinbojangles
try to set Google Account | Gmail as entry title... just Google conflicts with Chrome's title name
GriffDec 13th 2010 12:04PM
What if I have to log in to one of my password protected websites at work where I don't have these apps handy?
JamesDec 20th 2010 1:14AM
@Griff LastPass is available anywhere you have an Internet connection. $12 per year will give you access to the iPhone app.
OvenmittDec 13th 2010 7:17PM
Gawker uses a really outdated hashing algorithm known as DES (Data Encryption Standard). And in this case, a complex password means squat.
Because DES has a maximum of 8 chars using a password like "abcdefgh1234" only the
first 8 characters "abcdefgh" are encrypted and stored in the database. If your
password is longer than 8 characters you only need to enter the first 8 characters
to log in!
AanndDec 14th 2010 5:18AM
I follow these rules,
1. use website name with some prefix and suffix for general website login.
2. use complex name+number+symbol for bank, finance, email etc. login
Since there are numerous general website I login but few financial and email a/c, so I need to remember few passwords and the rest I decipher from the website name.
Anand
SilverWaveDec 14th 2010 9:25PM
@Aannd
>1. use website name with some prefix and suffix for general website login.
If they break in to one site you have compromised all the others.
That is they will know your naming scheme prefix and suffix. Also they now know you use the web name...
Patti FletcherDec 14th 2010 7:21AM
Are you kidding?
DeniDec 14th 2010 9:26AM
I make up nonsensical words mixed with numbers. Of course, I have to write them down and I keep them in my wallet.
SilverWaveDec 14th 2010 8:29PM
>a free app from NirSoft
Looks like it cant get at Firefox passwords protected by a "master password"?
By the way how are your pw's protected?
SilverWaveDec 14th 2010 8:58PM
@SilverWave
Quote:
How Secure are the Encrypted Passwords?
When Master Passwords are in use, the data is encrypted using 3DES in CBC mode by default. If you choose a good, strong master password, then this level of encryption should be fine. 3DES is rated to be good for general use through 2020.
You should be aware that there are programs out there designed to crack open the saved passwords. One such program is FireMaster. If you do not choose a strong Master Password, then your encrypted database may be susceptible to being broken into.
http://luxsci.com/blog/master-password-encryption-in-firefox-and-thunderbird.html
AnandDec 15th 2010 2:50AM
@SilverWave
The numerous website I have to make a login name, just to write a comment or to download something, are of no use to me in long run. So if they are compromised, no real harm done, but if I have to login again on these site I do not have to remember the login name and password, nor I need to have a password utility at hand.
If my login name is hacked or lost, I create a new one. Further the prefix and suffix too have there own logic and differ from site to site.
The sole purpose is to remember what I need too (most important ones) and not all silly ones.
Anand
AllenDec 14th 2010 11:06PM
Where's the PassPack love? No apps or extension installation required, works great with (or without) a simple bookmarklet. LastPass with its plugins is a bit more convenient as it can automate the password grabbing and using, but for web based, PassPack can't be beat. It is also beautifully designed.
At the end of the day, it doesn't matter which one you use -- using any of them, in conjunction with strong and varied passwords is the way to go.