Why you need a password manager

UPDATE 8/5/14:  I read over at Lifehacker (Hackers reportedly collect over a billion passwords) about how hackers from Russia have stolen a billion passwords.  In the above link they reference Lastpass and link to a few guides to getting started with Lastpass.  Nothing is for sure, of course, but a tool like Lastpass would certainly limit the damage.


I can't tell you how many teachers and educators I know that use simple passwords that are easy to break; I stopped counting.  I, myself, used to be guilty of poor passwords.  For a few years I helped in the management of user credentials for our school district and I realized that passwords generally fell into a combination of three categories.

Too short and limited character space

Most of the passwords that I previously used were all about 8 characters long and used a mixture of numbers and letters.  Back when I started using these passwords technology at the time would probably take years to guess them.  Advancements in technology have all but made that trivial.  Steve Gibson's Password Haystack highlights this fact perfectly.  The 8 character password that I previously used most often would take less than a second to find under ideal circumstances for a hacker.  Steve's site provides a very in depth and easily understandable explanation as to why that is.

Same password

I was guilty of this.  I had 5 passwords that I used over and over.  Here is the problem with using the same password for different sites.  A hacker only needs to find it once and then they will try it everywhere.  This is an issue of a hacker going for the lowest hanging fruit.  It is unlikely (although possible) that a hacker is going to get the password from a bank or other major database.  However, you might have used that password to try out that cool new online tool that also just happened to use OpenSSL to secure communications (i.e., lowest hanging fruit).  With the Heartbleed exploit, it is likely that password is now known and can be used to try at banks and other major databases.

Easily guessable

Thankfully I was not guilty of this.  If you have one of these as your password, you have big problems and need to change them immediately.

Password Manager and other tricks

The solution to my own password problem was Lastpass.  I manage and store unique and complex passwords for almost 200 sites.  My passwords all look something like this,

wMi6kI%A7KuAde*N0Hv40*

According to Steve Gibson's Password Haystack it would take "1.04 hundred million trillion centuries" under ideal conditions for a hacker to crack that password.

Yesterday, Lifehacker ran an article on the very subject of passwords that is very good.  In it they highlight four great methods to create better passwords.  It is definitely worth the quick read.

Do yourself a favor and strengthen your passwords so that they that are unique, lengthy, and complex.

  

Automating 2014

At the beginning of the year, I saw a Facebook post from a friend that mentioned putting little pieces of paper in a jar with thoughts and memories for each day of the year.  At the end of 2014 you would take them out and read them for a look back at your year.

I am not very interested in keeping little pieces of paper in a jar for a whole year so I thought about a different way of doing this project that was simpler and automated.  Enter Evernote (whose motto is Remember Everything) and IFTTT (If This Then That).

Since I tend to put random thoughts and events from my life on Facebook, I created IFTTT recipes that would  append a note to essentially create a Facebook history in Evernote.  Automatically.

If you have never used IFTTT you should give it a try.  It has connections to over a 100 services and it is easy to use.  All you do is create a recipe to get started:

You can see in the above example that this particular recipe has triggered 29 times.  All I have to do is make the post in Facebook and it is automatically sent to Evernote without any further actions on my part.  I have a similar recipe for photo posts and for links that I share with friends.  It has worked quite nicely and I will end up with a complete summary for the year.

On a side note, Facebook has "Year in Review" but it filters based on Facebook's criteria and I wasn't satisfied with what I got for 2013.  I am interested in getting a complete list of all things that I posted. I have been happy with the results so far and look forward to looking back at 2014.