Markus Jakobsson wrote an interesting article for Wired recently debunking some common myths about password security. He argues that longer passwords that are easy to remember are actually more secure than the shorter, more complex passwords that many systems enforce. It’s worth a read:
I think Jakobsson’s argument misses one point: even if passwords are memorable, most people have far too many to actually remember them.
Password managers are the answer to this situation. These are programs on your phone, desktop or web that remember usernames and passwords for you. You only need to remember one password, the one for your password manager.
Let me describe how this works. When I come to a login form on the web, I press a key combination to bring up my password manager. If I haven’t already unlocked my password manager it will ask for the master password. Afterwards it looks up the credentials for the site I’m on, fills in the username and password fields and logs me into the site. Once the password manager is unlocked then I can log into any site with a single key combination. (Don’t worry, it’s much faster than it sounds!)
Some password managers are applications that run on desktops, tablets or phones. These usually store usernames and passwords in encrypted files on disk so that the information is secure in case the device is stolen. Other password managers are web based, storing that same encrypted information out in the cloud. Either way these products offer a great combination of security and ease of use.
I’ve been using a password manager called 1Password for several years on my Macs, iPhones and iPads (it’s also available for Windows and Android.) The Mac version is fantastic and logging into websites really is as simple as pressing a key combination. On iOS the experience isn’t quite as smooth and requires a copy and paste of the password. 1Password also isn’t cheap, desktop licenses start around $50.
Another very popular password manager around the Matrix office is LastPass. LastPass is web based and should work on any device with intranet access. There is no cost to use LastPass, though a $1 per month subscription to the Premium service enables some additional features.
So take a look at the password managers that are out there, pick one and start using it. Not only will it make your online experience easier but more secure as well.
Have you used a password manager you love? Tell us about it.