May 5 is celebrated as World Password Day, an opportunity to remind us all that it’s time to change old passwords for new, and stronger ones. The timing couldn’t be better, as this week saw a massive breach where hackers accessed and sold hundreds of millions of user credentials to common online accounts including Gmail and Outlook. The day also serves as a reminder that “1234567890” and “qwertyuiop” simply do not count as strong passwords.
Anyone with online accounts is at risk of being hacked. And while account providers are obligated to proactively protect our accounts, it’s up to individual users to employ a strong password. To celebrate World Password Day, we look at the top tips and services for managing passwords.
Tips on securing online accounts
In time for World Password Day, Ryan Merchant, Senior Marketing Manager of Dashlane, Inc., a password and identity management app, shared some tips on how anyone can protect their online accounts from malicious characters on the web.
- Make sure the services you are using are secure: Even people who take every step possible to ensure their online security are no match for a website or app that seriously lacks in security protocols.
- Use strong passwords, and change them often: This might sound like a no-brainer, but password fatigue is real. Taking that extra step to change your passwords frequently and make sure they are secure can make all the difference.
- Don’t use the same password: It’s tempting to use your dog’s name for every password, but it makes you very vulnerable to cyber criminals. Not only do you need to change your passwords often, you should use different passwords for every site, service or app you use.
- Watch your public Wi-Fi use: These days, it’s not uncommon for people to login to public wifi everywhere, but what most don’t realize is that it can leave you vulnerable to a hack dubbed a man-in-the-middle attack.
- Delete old login emails: If you never delete the (probably hundreds) of login detail emails from your email account, you have created a gold mine for hackers. All they have to do is get into your email and then they have access to every service or website you’ve used.
Social media galore
According to a report from GlobalWebIndex, on the average, people have 5.54 social media accounts, and actively use 2.82 of these platforms. The report just deals with social media, which means a person can have at least 10 if you take into account emails, shopping, banking, and even account portals for services such as cable television or home utilities.
For some, remembering a single password is tricky enough. Imagine how daunting it could be to remember five, or even 10 different passwords?
These days, one can do without the burden of remembering different passwords for their online accounts, by using password lockers or managers.
If you’re not familiar with password lockers or managers, these are services that allows users to log into all their online accounts securely by just entering one master password.
Platform: Windows, Mac, iOS and Android; Internet Explorer, Chrome, Safari, and Firefox.
Dashlane features a password vault, password generator and security dashboard for at-a-glance activity summaries. The service also comes with security breach alerts, security monitoring, autofill forms, a digital wallet for securely storing payment data, AES-256 encryption, and local-only encryption, as well as storage.
The premium version costs $39.99 per year and adds features such as secure account backup, sync Dashlane accounts for an unlimited number of devices, along with unlimited secure sharing, web access to passwords and priority support.
Platform: Windows, Mac and Linux; premium version costs $12 and also supports Android, iOS, BlackBerry, Windows Phone and Symbian; Internet Explorer, Chrome, Safari, Opera, and Firefox.
LastPass (Marvasol, Inc.) implements AES 256-bit encryption with routinely-increased PBKDF2 iterations. Data is encrypted and decrypted on user’s device before it syncs with LastPass to add another layer of security. Users can add multifactor authentication to fortify online security.
To get started, download LastPass and create an account using a valid email address and a strong master password. LastPass then appears as an add-on to the user’s browser, allowing them to login to their online accounts by just clicking on it.
Price: Free to up to 10 saved logins
Platform: Windows, Mac, iOS, Android and Windows Phone; Internet Explorer, Chrome, Firefox, Safari, and Opera.
RoboForm (Siber Systems, Inc.) can be used on multiple computers and devices. It provides unlimited syncing across all devices and multifactor authentication. Data can be stored in the cloud, and users can access technical support 24/7/365 and use the RoboForm app on their mobile devices. If users want unlimited RoboForm access, they need to upgrade to RoboForm Everywhere, which costs $9.95 for the first year.
Platform: Windows, Mac, Linux and mobile systems; Internet Explorer, Firefox, Safari, Chrome, and Opera.
Intuitive Password (Intuitive Security Systems Pty. Ltd.) is built on AES-256 encryption and protects users from accidental data breaches by ensuring sensitive data is not accessible to anyone else unless given shared access. The free version allows users to store up to 10 logins, share data with up to three users and access basic security.
Aside from the Basic free version, there are three other paid versions: Express, Advanced and Pro, (AUD$ 2, 5, 15 respectively), which allow users to save more passwords, share with more people and access passwords even without an Internet connection. It also provides basic account security and two-factor authentication for an additional layer of security.
Platform: Windows, Mac, iOS and Android; Internet Explorer, Chrome, and Firefox.
True Key (Intel Corp.) uses AES-256 encryption to keep all of a user’s passwords secure. The program provides auto fill for payment methods, and users can easily share passwords with the people they trust, and in instances that passwords are changed, it is automatically synced with the trusted network.
The service also features a wallet that allows users to store credit cards, passports, memberships and other sensitive personal data, securely accessible across all the user’s devices.
Though password managers may make life easier, they aren’t without caveats as they, too can be compromised. One could go passwordless and rely on biometric scans, such as Nymi (Nymi, Inc.), a smartband that initially checks the wearer’s heart electrocardiogram to authenticate that the wearer is the wearer, and use the verified data to unlock or lock devices.