Password Manager Roundup

Shawn Powers — Fri, 03 May 2019 11:00:00 +0000

If you can remember all of your passwords, they're not good passwords.

I used to teach people how to create "good" passwords. Those passwords needed to be lengthy, hard to guess and easy to remember. There were lots of tricks to make your passwords better, and for years, that was enough.

That's not enough anymore.

It seems that another data breach happens almost daily, exposing sensitive information for millions of users, which means you need to have separate, secure passwords for each site and service you use. If you use the same password for any two sites, you're making yourself vulnerable if any single database gets compromised.

There's a much bigger conversation to be had regarding the best way to protect data. Is the "password" outdated? Should we have something better by now? Granted, there is two-factor authentication, which is a great way to help increase the security on accounts. But although passwords remain the main method for protecting accounts and data, there needs to be a better way to handle them—that's where password managers come into play.

The Best Password Manager

No, I'm not burying the lede by skipping all the reviews. As Doc Searls, Katherine Druckman and myself discussed in Episode 8 of the Linux Journal Podcast, the best password manager is the one you use. It may seem like a cheesy thing to say, but it's a powerful truth. If it's more complicated to use a password manager than it is to re-use the same set of passwords on multiple sites, many people will just choose the easy way.

Sure, some people are geeky enough to use a password manager at any cost. They understand the value of privacy, understand security, and they take their data very seriously. But for the vast majority of people, the path of least resistance is the way to go. Heck, I'm guilty of that myself in many cases. I have a Keurig coffee machine, not because the coffee is better, but because it's more convenient. If you've ever eaten a Hot Pocket instead of cooking a healthy meal, you can understand the mindset that causes people to make poor password choices. If the goal is having smart passwords, it needs to be easier to use smart passwords than to type "password123" everywhere.

Go to Full Article

The Secret Password Is...

Shawn Powers — Fri, 19 Apr 2013 15:00:00 +0000

by Shawn Powers

If your password is as easy as 123, we need to talk.

The first password I ever remember using when I started in system administration was ".redruM" (no quotes). It was by far the craftiest, most-impossible-to-guess password ever conceived by a sentient being. Sadly, a mere 17 years later (wow, it's been a long time!) that password probably could be brute-force compromised in ten minutes—with a cell phone.

Since retinal scans still mainly are used in the movies to set the scene for gruesome eyeball-stealing, for the foreseeable future (pun intended), we're stuck with passwords. In this article, I want to take some time to discuss best practices and give some thoughts on cool software designed to help you keep your private affairs private. Before getting into the how-to section, let me openly discuss the how-not-to.

The Things You Shall Not Do

It's a bad idea to write your password on a sticky note and affix it to your monitor.

Yes, it sounds like a joke, but this happens every day—in almost every business. In fact, sometimes tech folks are guilty of this cardinal sin because they've changed passwords for users and need to let them know their new passwords. Seeing your password written or typed out should cause you physical pain and distress. Displaying it on your monitor is just wrong.

It's a bad idea to use any of the following as your password, or at least as your entire password:

Your pet's name, current or past.
Your child's name or nickname.
Your car's name, model or a car you want.
Birth dates of any people you know.
Name of your college/high-school mascot.
Anything related to your hobbies.
Your address in any form.
Your telephone number, past or present.
Your mother's maiden name (this is less secure than .redruM).
Any of the following: password, 123456, abc123, letmein, love, iloveyou, sex, god, trustno1, master, asdfjkl;, qwerty, password123, secret, jesus or ninja.

If I've just described your password or, heaven forbid, actually listed it in the last bullet point (some of the most common passwords), you need to keep reading. Don't change your password yet though, as I'm going to discuss best practices next, but even if you don't read another word, you can't leave your password like it is—really.

Go to Full Article

Passwords

Password Manager Roundup

The Secret Password Is...