InfoSec Blog - How I Learned to Stop Worrying and Love my Passwords

password manager

February 29th, 2016

How many user accounts do you have for sites online? If you're anything like me, it'll be a whole lot more than you realise. Do you use one password across all of them? Or do you perhaps have a hard time remembering what passwords you used where? Well listen up, because I'm here to tell you about the wonderful world of password managers, the best way to regain control of your online life and keep your accounts secure.

What are password managers?

Password managers are pieces of software that store your usernames and passwords for all your online accounts in a secure central location. Not only that but they can generate unique and very secure passwords for each of your accounts. Most password managers have other features as well and can store your other sensitive information, such as your SIN number, passport details, bank details and even your software licence keys. They work by storing everything in an encrypted database that only you have the key for. This is your master password; the last password you'll ever need.

Why use a Password Manager?

  • To generate a unique and strong password for each of your online accounts. This way, if one site gets hacked or you fall victim to a phishing scam, the hackers will only have access to the one site. All your other accounts will remain safe.
  • Most password managers come with browser plugins that can log you into your sites without even typing your password. This is a great way to protect yourself from falling for phishing scams as they won't enter your password into a fake site.
  • You only have to remember your master password. This should be a secure passphrase consisting of multiple words.
  • Your passwords will be organised into one central secure location that can be easily backed up, sometimes automatically.
  • Some password managers can notify you when a password on a certain account has not been changed in a while and is ready for a refresh. They can even tell you when a website has been hacked and you need to change your password.

Some Password Managers to Look Into

  • KeePass - free - Open source and multiplatform, KeePass is one of the older password managers out there. It's a downloadable application that sits on your computer and stores your passwords locally. Doesn't come with some of the more advanced features mentioned above.
  • LastPass - free to $12/year - This multiplatform online based password manager stores your encrypted passwords on their own servers, meaning you'll never have to worry about backups. Your password database is locked by your master password that only you know. LastPass say they cannot access your passwords. This allows you to sync across multiple devices so you always have your passwords with you no matter where you go. They also offer advanced features like warning of site breaches and full audits of your password strength and age.
  • 1Password - $49.99 - Compatible with both Windows and Mac, this password manager comes with premium features and a price to match. Stores passwords on your machine and syncs your vault to either iCloud or Dropbox so you are in charge of where your passwords are stored. Offers all the more advanced features discussed above.
  • Dashlane - free to $39.99/year - Another multiplatform application that stores your passwords locally. Premium subscribers get access to the sync feature which will let you backup your passwords to their servers and allows you to sync across multiple devices. Comes with premium features described above including automatically changing your passwords on compromised sites to keep your data secure.

As always, if you have any questions or concerns regarding your password security, please feel free to reach out to us. We are always glad to help you feel safe online.

 

Written by: Chris Sowley (Cyber Forensics Analyst, Information Security)