In this extract from their new book, 101 Ways to Supercharge Your Productivity, Monica Seeley and Melissa Esquibel discuss the best password management options
The Challenge
In June, over 26 million passwords were stolen in what is one of the biggest password heists so far. The worrying part about this heist is that the data was drawn from a variety of sources including Gmail, Amazon, Netflix and Facebook. Usually, a data breach is from a single source – BA, LinkedIn, Adobe, MyFitnessPal and Marriott Hotels, to name but a few of the more recent ones.
Sellers of stolen financial data expect to earn between £89,000 and £355,000 (per set of stolen data). ~ Understanding the Cost of Cyber Crime, UK Home Office Report, January 2018
Apple has a security app which alerts you if your email address has been compromised; you can find this under Settings/Passwords/Security Recommendations. After this recent theft, one of us had 20+ warnings that a password used on a particular site had appeared in a recent data leak. Yes, it took several hours to change the passwords without using duplicates!
If you either are not an Apple user or want to double check if your email address has been compromised, you could use https://haveibeenpwned.com/. Simply enter your email address and the system will advise you if it is compromised.
Sadly, this form of cybercrime has become part of our lives. Studies have shown that having your personal data stolen is now considered as stressful as either being dismissed from your job or being told you have a serious illness.
So, how can we reduce the personal risks given the ingenuity of today’s cybercriminals?
The Solution
The two main solutions revolve around password management through either creating strong passwords or using a password management app.
1. Creating Strong Passwords
Despite all the high-profile data thefts, did you know that these are the 10 most frequently used passwords?
- 123456
- password
- 123456789
- 12345678
- 12345
- 111111
- 1234567
- sunshine
- qwerty
- iloveyou
They are weak and can easily be guessed by even the most inexperienced cybercriminal! And of course, there is always your partner’s name, pets’ names, parents’ names, last place you visited on holiday, etc. Again, a cybercriminal can easily guess these by doing a little homework on social media.
How do you create strong passwords which you can remember?
A strong password should be at least eight characters and contain upper- and lowercase letters, some numbers and at least one special character (e.g., *, +, !). The longer and more complex the password, the better: 20 characters is the recommendation for real strength.
The simplest way is to create a sentence which means something to you, use the first letter of each word and add in a mix of the above.
Here is an example: I am writing this new book with Jane for Book Publishing.
Converted to a password, it might be: 1@WtnBwJ4bP
How strong is this password?
Increasingly, websites now tell you the strength of your password as you create it. If they don’t, you can use LastPass to check the password strength. The password above is rated as very strong and would take 400 years for someone to crack, as measured by one of the other online password security checkers, https://howsecureismypassword.net/.
Can you use just this one password for everything?
No. You need a separate password for each site. In addition to the sentence method, you can also take a name and convert it to a mix of upper- and lowercase letters, numbers and special symbols.
For example: Samantha Brown might become 3@ManTh@Br0wn.
This is rated as ‘very strong ‘and will potentially take 3 million years to crack.
How do I remember all these different passwords?
You can create a list and store it safely or, alternatively, you could use a specialist password management app.
2. Password Management Apps
Nothing is perfect, and there is no such thing as a free lunch. These apps, whilst all offering free trials, generally come with a monthly subscription cost.
Pros of password management apps
There are five main factors in favour of using such apps:
- Provide increased security and reduce the risk of having your personal identity and hence passwords stolen.
- Strong passwords should be at least 8 characters with 20 as the recommended norm. This can be hard to type on a mobile device. Password managers take care of this aspect, as they automatically recall and insert the password.
- Overcome the danger associated with using the same password for each site, as they generate a different one for each site.
- Alert you if either your account or a site you use has been hacked.
- Allow you to share a password securely with another trusted person (who will not be able to see the characters).
Cons of password management apps
There are five central arguments for not using such apps:
- They are a single point for the hacker to access all your passwords, and there have been some high-profile attacks. However, most apps now encrypt your data to reduce this risk.
- They do not all synchronise across all devices, and therefore you have to install the app on each device.
- If you lose your master password and/or key identity data, you may lose all your passwords.
- They do not all work with all browsers, although that is becoming less of a concern.
- Although many offer a free version, most have a subscription fee.
Overall, the pros of enhanced security outweigh the cons, first and most importantly in terms of the cost, both financial and emotional, of being hacked. Second, there is a wide choice of apps from which to choose to meet your needs.
Key criteria in choosing a password management app
It is crucial to decide what you need, rather like moving to a new house or buying a new car.
Here are the 10 most important features to consider:
- Two-factor authentication (2FA)
- Ease of use: Generally, the more sophisticated the software, the more difficult it is to use until you really understand it.
- Encrypts saved passwords: Thus, if the hacker did obtain access to your device and your master password, they would not be able to access the passwords held within the password management app.
- Cross-platform and device compatibility and synchronisation
- Works on your favourite browser
- Flags duplicate and weak passwords
- Automatically generates strong passwords if needed
- Rates the strength of those you create yourself
- Auto-form filling (although some would say this is to be avoided): This is helpful and saves you time, and reduces the chance of making an error when re-typing the same data each time.
- Can manage multiple logins to the same site and offers you a choice as to which one you want to use
Examples of available apps
It’s hard to prioritise one app over another because what is number one today might have changed even by the time this article is published. Therefore, check that you can export data from the chosen app should you decide to change apps.
The 10 most popular password management apps are:
- LastPass
- Dashlane
- 1Password
- Bitwarden
- Keeper
- Zoho Vault
- RoboForm
- LogMeOnce
- NordPass
- PassBoss
- Sticky Password Premium
- True Key
- mSecure
At the time of writing, the five most popular are LastPass, Dashlane, 1Password, Bitwarden, and Keeper.
- LastPass is perhaps the top pick because it is easy to use and offers a free version which has all the basic security functions, although currently it does not alert you to security breaches.
- DashLane includes security alerts and scans the dark web for compromised accounts.
- 1Password is thought to be the best for multiple users.
- Bitwarden has a very sophisticated two-factor identification system and appeals to those more technically minded.
- Keeper is rated for those for whom encrypted file sharing is critical.
It’s Your Choice
At the end of the day, it is about which of the key criteria are important to you and, to some extent when two apps are similar, the cost.
