by Tony Rushin
We all know that using strong passwords is much more secure than using weak passwords. We also know that exercising for 30 minutes every day is optimal for better health. However, knowing something is good for you and doing it are two very different things (see “exercise” above).
The strength of a password is measured by how effective the password is to resisting guessing and/or brute-force (automated) attacks. It’s a function of length, complexity (a mix of special characters, numerals, upper / lower case letters) and unpredictability. Here’s a neat website to test the strength of a password by showing how much time it would take for a PC with a random generator to figure out a password using brute-force methods (note: do not enter your real password into this or any other site): www.howsecureismypassword.net. Here are some results:
- stgpwbig simple, weak password 52 seconds to crack
- s2gpWb!g complex, stronger password 72 hours to crack
- s2gpWb!g*f/T7 very strong password 465 million years to crack
With tricks for remembering a strong password that Richard shared in a tip from 2012 (https://network1consulting.com/tuesday-tip-how-to-come-up-with-a-stronger-password/), I can come up with – and more importantly, remember – one 13-character, strong password. However, with my bank, HSA, 401(k), PayPal, etc., I can’t remember 10 different and long passwords. Plus, some of those accounts force me to change passwords every 60-90 days. What’s the solution? That’s where applications to choose and safeguard your passwords come into play.
Below are three password manager applications along with a shortlist of pros and cons of each. All of them share these important functions:
- They are encrypted.
- You can set your own password or let the program auto-generate passwords.
All three are also referenced in this article entitled: “How elite security ninjas choose and safeguard their passwords” (https://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-and-safeguard-their-passwords/). With a password manager you need to remember one very strong password and let the application manage – and remember – all of the other passwords you need.
Pros
Free (open source).
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.
Cons
Only works on a computer (not on a smartphone or tablet).
Comments
I’ve been using this for 2+ years; it has worked fine.
Check it out at www.passwordsafe.sourceforge.net
Pros
Hosted. Easy to access.
Both free and premium versions ($12 / year).
Premium runs on computers, smartphones and tablets.
Cons
Hosted. Yes, this is both a pro and con. What if their website / database gets hacked?
Comments
For what it’s worth, if I ever change from Password Safe I’ll move to LastPass because of the ability to access it from my iPad and iPhone.
Check it out at www.lastpass.com
Pros
30-day free trial.
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.
Can share across multiple devices via Dropbox.
Cons
Not free. One-time purchase of $50.
Comments
You can Google “LastPass Criticism” and get perspective from people who have changed from LastPass to 1Password.
Check it out at www.agilebits.com/onepassword
No matter which one you choose, I suggest testing it first before making a final decision. And, if you’re choosing a standard password manager for your law firm or medical practice, make sure several people are involved with the selection and testing process before making a selection and rolling it out to the rest of the firm or practice.
[…] with so much information flying around cyberspace. Here’s a great article from Tony about Managing Strong Passwords – a great reminder on how to choose a good password. On the flip side of that, here is a list […]
[…] passwords for various accounts. Use a password manager, as described in a previous Tip entitled Managing Strong Passwords, to create complex passwords and you’ll never forget a password, either. LastPass is free, easy […]