Wednesday, July 9, 2014

Why you need a password manager

UPDATE 8/5/14:  I read over at Lifehacker (Hackers reportedly collect over a billion passwords) about how hackers from Russia have stolen a billion passwords.  In the above link they reference Lastpass and link to a few guides to getting started with Lastpass.  Nothing is for sure, of course, but a tool like Lastpass would certainly limit the damage.


I can't tell you how many teachers and educators I know that use simple passwords that are easy to break; I stopped counting.  I, myself, used to be guilty of poor passwords.  For a few years I helped in the management of user credentials for our school district and I realized that passwords generally fell into a combination of three categories.


Once They Unlocked So Many Doors

Too short and limited character space

Most of the passwords that I previously used were all about 8 characters long and used a mixture of numbers and letters.  Back when I started using these passwords technology at the time would probably take years to guess them.  Advancements in technology have all but made that trivial.  Steve Gibson's Password Haystack highlights this fact perfectly.  The 8 character password that I previously used most often would take less than a second to find under ideal circumstances for a hacker.  Steve's site provides a very in depth and easily understandable explanation as to why that is.


Same password

I was guilty of this.  I had 5 passwords that I used over and over.  Here is the problem with using the same password for different sites.  A hacker only needs to find it once and then they will try it everywhere.  This is an issue of a hacker going for the lowest hanging fruit.  It is unlikely (although possible) that a hacker is going to get the password from a bank or other major database.  However, you might have used that password to try out that cool new online tool that also just happened to use OpenSSL to secure communications (i.e., lowest hanging fruit).  With the Heartbleed exploit, it is likely that password is now known and can be used to try at banks and other major databases.


Easily guessable

Thankfully I was not guilty of this.  If you have one of these as your password, you have big problems and need to change them immediately.

Password Manager and other tricks

The solution to my own password problem was Lastpass.  I manage and store unique and complex passwords for almost 200 sites.  My passwords all look something like this,

wMi6kI%A7KuAde*N0Hv40*


According to Steve Gibson's Password Haystack it would take "1.04 hundred million trillion centuries" under ideal conditions for a hacker to crack that password.

Yesterday, Lifehacker ran an article on the very subject of passwords that is very good.  In it they highlight four great methods to create better passwords.  It is definitely worth the quick read.

Do yourself a favor and strengthen your passwords so that they that are unique, lengthy, and complex.

Photo Credit:  Once They Unlocked So Many Doors by Viewminder used under Creative Commons