Protecting Your Passwords

This Tech Tip was provided by John Leonard, Associate Dean of Administration and Finance, Georgia Institute of Technology.

This Tech Tip zeros in on a hush-hush, sometimes embarrassing topic – passwords.  How secure are your passwords? Do you use the same password for Amazon, Gmail, university logins, and bank accounts?

We’re asked to create new usernames and passwords almost daily.  Of course, we often take the easiest path – and reuse the same password over and over.  We dedicate entire teams of people at our universities to secure systems, monitor system security, and administer access to our systems, but ultimately, the system security is only as good as its weakest link.

Password best practices
The Privacy Rights Clearinghouse provides a list of 10 rules for creating hacker-resistant passwords.  Two of the rules caught my eye: It is better (1) to use longer passwords and (2) to use a password manager.

Why are longer passwords better?  Dave Gibson (of SpinRite fame for those of you older computer jockeys) says picking passwords is like hiding needles in haystacks – eventually your password will be found, but the goal is to make it take a long time.  His site provides a fun tool that tells you a bit about how easy or difficult it might be to find your password.

Password managers
I can’t stand to pull out my phone (or my wallet) to look up a password.  Password managers are actually really cool – they look over your shoulder as you browse the web.  When you use a username and password on a website, it automatically stores them for later use.

Password managers have evolved significantly over time, and the best tools offer the following features in pleasant user interfaces:

  • A password “vault” – a spreadsheet-like list protected by a single password.  Inside the vault is a list of websites, usernames, and passwords.
  • A tool for creating long and strong passwords for pasting into web forms.
  • A web browser add-in that watches you surf, then captures and stores the usernames and passwords as you use them.  When installed, a good password manager will purge all plain-text passwords from your browsers’ cache to immediately secure your browser.

Using a password manager allows you to use different (longer and stronger) passwords on all your online interactions, reducing the chances that a break-in or data leak on one site will impact your data on another.

Password managers adopt two different approaches to managing the password vault.  Some password managers store your vault “in the cloud” (at the vendor’s website) so that you have access to it from any computer and any browser. The other type stores the password vault on a local computer.  You can decide which method you prefer after reading the Ars technical article, which discusses the different approaches. I’ve found the convenience of a vault “in the cloud” very handy as I migrate between home to work, and use Macs, PCs and mobile devices.

Next steps
How do you get started? Just go for it!  The tools seem stable and convenient, and many allow the password vault to be shared between Macs, PCs, and Android mobile devices.  Here are few of the best password managers available: 1Password (all platforms), LastPass, KeePass, and RoboForm. How do you choose? Visit 40tech and PCMAG.com for articles that compare and contrast the different password managers.  After some reading, I selected LastPass. The tool has integrated smoothly with my workflow and my browser, and I’ve been pleased with the switch.

 

 

 Comments:

 
To add a comment, Sign In
Total Comments: 1
 
Gary posted on 9/3/2013 6:37 PM
This is a great summary - I wish I had noticed it earlier!