A lock on your front door doesn’t do you any good if you keep the key under the mat, just like the best security on the web won’t protect you if you have the same bad password on every site you visit.

There’s a good reason that passwords are still so often easily cracked; following best practices for password security is very, very hard. Here are some common password security guidelines:

  • Don’t use words that you can find in the dictionary, or words with common number-letter substitutions. That rules out things like “h3ll0”
  • Passwords should be at least eight characters long, although this number varies depending on where you hear it.
  • Use at least one number and symbol in your password. This common advice is actually somewhat misguided – while adding a “#!” at the end of your password may put off a human attacker, it won’t do much against a computer trying to guess your password. Adding length to your password is actually much more effective against computers.
  • Don’t use the same password, or close variations of it, across multiple sites. That puts things like “adobe123” and “gmail123” and “microsoft123” off the table.
  • Don’t use anything of personal significance in your password. Pet names, birthdays, social security numbers and other easily-discovered personal information is off the table.
  • Don’t write your passwords down anywhere (back to keeping the key under the mat).

Unless you’re willing to invest a significant amount of time committing unique, hard-to-remember passwords to memory every time you sign up for a new account online, following all these recommendations isn’t exactly easy. The problem of password security has led to the creation of a number of password management applications, such as LastPass, 1Password and Dashlane.

Here’s why you should use one of these applications.

They generate random passwords.

keyholes-3-3

(Photo: Tom Magliery via Flickr)

I switched to using Dashlane several months ago, and now most of my passwords look like this: ctjsHPafCeFxiOfB0fYd. I never set my own passwords anymore, instead letting the app generate a random, 20-character long random string. Then the app automatically remembers the password it just created, and logs me in to the site every time I visit.

I don’t think I’m particularly unusual in having over a hundred different accounts online. Having the same password on every one of them is a huge risk; if your account to your favorite shopping site gets hacked, suddenly you’ve lost access to your email, Facebook and online bank account, too. Using long, random strings on each site makes your online life much more secure.

It will save you time.

keyholes-3-5

(Photo: Tom Magliery via Flickr)

See what I just said about Dashlane automatically logging me in to web sites? These days, the only password I type in is the password to Dashlane, and it does the rest.

You can sync passwords across devices.

keyholes-3-4

(Photo: Tom Magliery via Flickr)

If you pick an app that has tablet and mobile versions, you can have it remember your passwords across all the different devices you use. This is particularly helpful with mobile banking applications.

It will remember your financial and contact information, as well.

keyholes-7-2

(Photo: Tom Magliery via Flickr)

Forget about filling out long forms with your credit card and shipping information every time you check out at a new store online. Password management apps typically come with auto-fill capabilities not only for login forms, but also for billing and shipping forms, making these take a fraction of the time that they would otherwise.

You will get a warning when a site you use has been breached.

keyholes-8-2

(Photo: Tom Magliery via Flickr)

Tumblr and Adobe have both been hacked in the last six months, spilling account information for hundreds of thousands of people. If you had an account with either of them and use a password management app, it would tell you – and help you reset the password to something new.

Just using a password management app isn’t the magic bullet, though.

keyholes-3-8

(Photo: Tom Magliery via Flickr)

You don’t get all these benefits for free, though. There is major drawback – if someone hacks into your password management app, all of that information is free for the taking. Most of these applications are fairly safe from remote hacking attempts, but that doesn’t account for a computer infected with malware (think key logger) or someone who has had their computer stolen.

If you’ve got malware, all bets are off. A virus-infected computer isn’t going to be safe, period. You can reduce the risk of your computer being physically hacked into, though, by using what is called a passphrase. Instead of a single word, you use a phrase as your password. While you shouldn’t use common phrases (“This is my password” wouldn’t be a good idea, for example), this is more secure than a single password for the obvious reason – length.

For busy, everyday people, using a password management app with a strong, secure passphrase may be the best balance between security and convenience available today.

key-in-chest-3

(Photo: Austens via Flickr)


Share this post on your blog or via social media

How (and Why) to Use a Password Management Application

24
How to Reduce the Odds of Being Hacked While Using Public Wifi

Getting in a solid work session at the local coffee shop may be a tempting idea, but it has its risks. Like getting your personal information stolen because you were careless on a public network.