by Tony Rushin

Passwords 1 TT

We all know that using strong passwords is much more secure than using weak passwords.  We also know that exercising for 30 minutes every day is optimal for better health.  However, knowing something is good for you and doing it are two very different things (see “exercise” above).

The strength of a password is measured by how effective the password is to resisting guessing and/or brute-force (automated) attacks.  It’s a function of length, complexity (a mix of special characters, numerals, upper / lower case letters) and unpredictability.  Here’s a neat website to test the strength of a password by showing how much time it would take for a PC with a random generator to figure out a password using brute-force methods (note: do not enter your real password into this or any other site): www.howsecureismypassword.net. Here are some results:

  • stgpwbig                    simple, weak password                          52 seconds to crack
  • s2gpWb!g                  complex, stronger password                     72 hours to crack
  • s2gpWb!g*f/T7         very strong password                   465 million years to crack

With tricks for remembering a strong password that Richard shared in a tip from 2012 (https://network1consulting.com/tuesday-tip-how-to-come-up-with-a-stronger-password/), I can come up with – and more importantly, remember – one 13-character, strong password.  However, with my bank, HSA, 401(k), PayPal, etc., I can’t remember 10 different and long passwords.  Plus, some of those accounts force me to change passwords every 60-90 days.  What’s the solution?  That’s where applications to choose and safeguard your passwords come into play.

Passwords 2 TTBelow are three password manager applications along with a shortlist of pros and cons of each.  All of them share these important functions:

  • They are encrypted.
  • You can set your own password or let the program auto-generate passwords.

All three are also referenced in this article entitled: “How elite security ninjas choose and safeguard their passwords” (http://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-and-safeguard-their-passwords/).  With a password manager you need to remember one very strong password and let the application manage – and remember – all of the other passwords you need.

Passwords 3 TT

 

 

Pros
Free (open source).
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.

Cons
Only works on a computer (not on a smartphone or tablet).

Comments
I’ve been using this for 2+ years; it has worked fine.
Check it out at www.passwordsafe.sourceforge.net

 
Passwords 4 TT

 

Pros
Hosted.  Easy to access.
Both free and premium versions ($12 / year).
Premium runs on computers, smartphones and tablets.

Cons
Hosted.  Yes, this is both a pro and con.  What if their website / database gets hacked?

Comments
For what it’s worth, if I ever change from Password Safe I’ll move to LastPass because of the ability to access it from my iPad and iPhone.
Check it out at www.lastpass.com
Passwords 5 TT

 

Pros
30-day free trial.
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.
Can share across multiple devices via Dropbox.

Cons
Not free.  One-time purchase of $50.

Comments
You can Google “LastPass Criticism” and get perspective from people who have changed from LastPass to 1Password.
Check it out at www.agilebits.com/onepassword

No matter which one you choose, I suggest testing it first before making a final decision.  And, if you’re choosing a standard password manager for your law firm or medical practice, make sure several people are involved with the selection and testing process before making a selection and rolling it out to the rest of the firm or practice.

Tuesday Tip-5 New iPhones - Tony Rushin Network 1 ConsultingTony Rushin

Spending 25+ years in high-technology sales & marketing, from IBM to start-ups, Tony brings his broad experience in business development, marketing and IT business strategy to Network 1’s leadership team, clients and partners.  His passion is to help people achieve greatness, however they define it.   trushin@network1consulting.com or 404.997.7633

 

Network 1 Consulting is a 16-year-oldIT Support company in Atlanta, GA.  We become – or augment – the IT department for law firms and medical practices.  Our IT experts can fix computers – but what our clients really value are the industry-specific best practices we bring to their firms.  This is especially important with technology, along with regulations and cyber threats, changing so rapidly.  We take a proactive approach to helping our clients use technology to gain and keep their competitive advantage.

3 Comments

  1. Tuesday Tip – Passwords and USBs – Beware! on February 13, 2015 at 5:49 pm

    […] with so much information flying around cyberspace.  Here’s a great article from Tony about Managing Strong Passwords – a great reminder on how to choose a good password.  On the flip side of that, here is a list […]

  2. […] I know many people are concerned with internet security due to the recent online hacking scandals, so before you use one of these electronic transfer services, do your homework. Don’t make your password the same as your email password and make sure it is strong. For a reminder on passwords, be sure to re-read Tuesday Tip: Managing Strong Passwords. […]

  3. Tuesday Tip: Hackers Getting More Aggressive on March 28, 2017 at 2:42 pm

    […] passwords for various accounts. Use a password manager, as described in a previous Tip entitled Managing Strong Passwords, to create complex passwords and you’ll never forget a password, either. LastPass is free, easy […]

Leave a Comment