Why we need secure passwords

Creating a new password is a pain in the ass, right? Today we have different websites that we access every day most of which require a username and a password to gain access to. Different websites have slightly different rules and criteria to create new passwords. So to remove all confusion, we end up having the same password across all the platforms since we don’t want to memorize a bunch of different passwords. By doing this, we are making it easier for hackers to get hold of your personal information. If they get access to one of the social media platforms, it will be a child’s play for them to access your other platforms, and even your bank information. With recent developments and ‘mega’ breaches at Equifax and Uber, it is all the more important for us to be secure and not to sacrifice security over convenience.

This website gives you an idea how fast it will take a normal computer system with its limited computational power to crack your password.

What is the solution?

The solution to the above problem is using a Password Manager. It is a type of application that creates secure password for you which it saves in encrypted form. This way you do not need to remember the password for you. Since you do not need to remember them, you will be okay with having huge and difficult to crack passwords making it difficult for the hackers to gain access to your information.

How Password Managers work

A password manager is an application that remembers your passwords for you and stores them in an encrypted vault. One master password unlocks the vault when you need to retrieve a password or create a new one, and does it without anyone being able to read what you type over your shoulder or track the login with a keylogger.

In addition to that, when a website wants you to create a new password to create an account, password manager will create a long and secure password for you. These passwords are stored in the database of the password manager in an encrypted form. So in the event of a breach, only the master password is leaked and none of your internal passwords.

The only password that you need to remember is the master password. Without the master password, you will not be able to access any of your other passwords.

Are password managers safe?

Password Managers are not ‘hack-proof’.  Not long ago, a security researcher at Google found multiple flaws in LastPass, one of the leading password managers out there. But according to experts, they still are your best bet in protecting your information. In the event of a leak, only your master password will be exposed to the attacker. Since all your passwords are safely encrypted, they would not be at risk. You would only have to change your master password.

Popular web browsers like Chrome, Firefox, Internet Explorer and Safari already have an inbuilt password manager. The only problem with them is all of them save your passwords on your local machine unencrypted. Anyone who gets access your computer (does not even have to be a hacker) can view those passwords. The main reason of using password managers is that they encrypt your passwords and then store them.

Password managers also allow you to store other types of data in a secure form – everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.

Which Password Managers to use

There are plenty of Password Managers to choose from and different ways of implementing them as well. Most popular password managers currently are LastPass, Dashlane, 1Password and  Roboform.

LastPass: This is a cloud-based password manager with extensions, mobile apps, and even desktop apps for all the browsers and operating systems you could want. It’s extremely powerful and even offers a variety of two-factor authentication options so you can ensure no one else can log into your password vault.  LastPass stores your passwords on LastPass’s servers in an encrypted form – the LastPass extension or app locally decrypts and encrypts them when you log in, so LastPass couldn’t see your passwords if they wanted to.

Dashlane: This password manager is a little newer, but what they lack in name recognition they make up for with great features and slick apps for almost every platform — Windows, OS X, iPhone, iPad, and Android. They have extensions for every browser, features like a security dashboard that analyzes your passwords, and they even have an automatic password changer that can change your passwords for you without having to deal with it yourself.

1Password: 1Password is a password manager developed by AgileBits which is used to create secure passwords and stores them in vault under a  PBKDF2-guarded master password. It enables you to store those secure passwords locally as well as a 1Password hosted server. t can also be set up so that files are synchronized through Dropbox (all platforms), local Wi-Fi and iCloud and more recently, through 1Password.com, a subscription based server sync service maintained by the developers. Local Wi-Fi and iCloud sync are only available on the Mac and iOS.

Roboform: Roboform is similar to 1Password. Its key features are multi-platform compatibility, secure encryption and decryption of passwords locally. To protect against dictionary, brute force, or other attacks, they use AES256 bit encryption with PBKDF2 SHA256.

Password managers can even help against phishing, as they fill account information into websites based on their web address (URL). if you think you’re on your bank’s website and your password manager doesn’t automatically fill your login information, it’s possible that you’re on a phishing website with a different URL.