Tuesday Tip: Managing Strong Passwords

by Tony Rushin

Passwords 1 TT

We all know that using strong passwords is much more secure than using weak passwords.  We also know that exercising for 30 minutes every day is optimal for better health.  However, knowing something is good for you and doing it are two very different things (see “exercise” above).

The strength of a password is measured by how effective the password is to resisting guessing and/or brute-force (automated) attacks.  It’s a function of length, complexity (a mix of special characters, numerals, upper / lower case letters) and unpredictability.  Here’s a neat website to test the strength of a password by showing how much time it would take for a PC with a random generator to figure out a password using brute-force methods (note: do not enter your real password into this or any other site): www.howsecureismypassword.net. Here are some results:

  • stgpwbig                    simple, weak password                          52 seconds to crack
  • s2gpWb!g                  complex, stronger password                     72 hours to crack
  • s2gpWb!g*f/T7         very strong password                   465 million years to crack

With tricks for remembering a strong password that Richard shared in a tip from 2012 (https://network1consulting.com/tuesday-tip-how-to-come-up-with-a-stronger-password/), I can come up with – and more importantly, remember – one 13-character, strong password.  However, with my bank, HSA, 401(k), PayPal, etc., I can’t remember 10 different and long passwords.  Plus, some of those accounts force me to change passwords every 60-90 days.  What’s the solution?  That’s where applications to choose and safeguard your passwords come into play.

Passwords 2 TTBelow are three password manager applications along with a shortlist of pros and cons of each.  All of them share these important functions:

  • They are encrypted.
  • You can set your own password or let the program auto-generate passwords.

All three are also referenced in this article entitled: “How elite security ninjas choose and safeguard their passwords” (https://arstechnica.com/security/2013/07/how-elite-security-ninjas-choose-and-safeguard-their-passwords/).  With a password manager you need to remember one very strong password and let the application manage – and remember – all of the other passwords you need.

Passwords 3 TT

 

 

Pros
Free (open source).
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.

Cons
Only works on a computer (not on a smartphone or tablet).

Comments
I’ve been using this for 2+ years; it has worked fine.
Check it out at www.passwordsafe.sourceforge.net

 
Passwords 4 TT

 

Pros
Hosted.  Easy to access.
Both free and premium versions ($12 / year).
Premium runs on computers, smartphones and tablets.

Cons
Hosted.  Yes, this is both a pro and con.  What if their website / database gets hacked?

Comments
For what it’s worth, if I ever change from Password Safe I’ll move to LastPass because of the ability to access it from my iPad and iPhone.
Check it out at www.lastpass.com
Passwords 5 TT

 

Pros
30-day free trial.
Can back it up to a shared file (good for businesses).
Can move it off onto a USB drive.
Can share across multiple devices via Dropbox.

Cons
Not free.  One-time purchase of $50.

Comments
You can Google “LastPass Criticism” and get perspective from people who have changed from LastPass to 1Password.
Check it out at www.agilebits.com/onepassword

No matter which one you choose, I suggest testing it first before making a final decision.  And, if you’re choosing a standard password manager for your law firm or medical practice, make sure several people are involved with the selection and testing process before making a selection and rolling it out to the rest of the firm or practice.

Tony Rushin Headshot

Tony Rushin: In his role as VP of sales & marketing, he is responsible for hiring, managing and coaching the sales team and always staying on top of (and meeting) the needs of clients. Under his leadership, the company has steadily grown each year.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

2 Comments

  1. Tuesday Tip – Passwords and USBs – Beware! on February 13, 2015 at 5:49 pm

    […] with so much information flying around cyberspace.  Here’s a great article from Tony about Managing Strong Passwords – a great reminder on how to choose a good password.  On the flip side of that, here is a list […]

  2. Tuesday Tip: Hackers Getting More Aggressive on March 28, 2017 at 2:42 pm

    […] passwords for various accounts. Use a password manager, as described in a previous Tip entitled Managing Strong Passwords, to create complex passwords and you’ll never forget a password, either. LastPass is free, easy […]

Leave a Comment





Related Posts